Even in times like these, the need for proper security never stops. If anything, we are seeing dramatic increases in security threats as bad actors try to capitalize on the chaos and people’s quest for any information on COVID-19. That, along with the nature of our work being different now put us in a spot where organizations need to re-evaluate their security.
Microsoft recently identified a new critical security vulnerability in its Internet Explorer (IE) web browser. Microsoft has confirmed that the vulnerability is being targeted and exploited in the wild, so it is critical that IE users are aware of the issue and how to mitigate it. This vulnerability (CVE-2020-0674) can be exploited by an attacker hosting a crafted website, and grants access to the system with the same privileges as the current user.
Cisco issued guidance on how to identify and remediate the effects of five vulnerabilities in the Cisco Discovery Protocol implementation on some Cisco NX-OS devices. The vulnerabilities could, in certain situations, enable an attacker to trigger a memory overflow and gain control of a vulnerable device or cause it to shut down or reload.
“Patch Tuesday” is the day when Microsoft typically announces and releases all of the security updates for their software products. While every Patch Tuesday can be impactful from a workload standpoint, some announcements from Microsoft carry more weight than others. On Tuesday, January 14th, 2020, we saw another example of that.
A new security vulnerability was discovered in the popular web browser, Firefox. If exploited, the vulnerability would allow an attacker to take control of a user’s operating system – allowing full access to the victim’s computer.
Earlier this month, we published a blog on Microsoft’s planned end of life date for Windows 7, scheduled for January 14, 2020 (see our original post here). Originally, extended security updates to keep the software current were only available for high-volume licenses and larger organizations and options for small to midsized businesses were limited. Now, Microsoft has announced that paid extended security updates (ESUs) will be available for all businesses, regardless of size. Should the latest announcement change your upgrade plans?
As a CEO in the IT industry, I feel a deep responsibility to ensure that our organization knows the risks and takes every step possible to protect the clients trusting us with their business. That’s why we decided to put ADNET through one of the most rigorous third-party audits available in our field – SOC 2 Type II.
The good news is, there are things you can do to protect yourself and your company from today’s evolving cybersecurity threats, and all of them involve making yourself a more difficult target. Remember that for hackers, cybercrime is a business.
On July 19th 2019, SonicWall disclosed a newly discovered critical vulnerability in a number of their physical firewall appliances. ADNET strongly advises that companies take steps to apply an update patch as soon as possible.
Dwell time, in the context of IT security, is the number of days a threat remains undetected within a given environment. Why does this matter as a metric? The amount of time that a system has been compromised can impact the overall severity of the security event in several ways.