Tuesday July 10th patch Tuesday #7 of 2018

53 vulnerabilities in today’s Patch Tuesday There is a Dashboard set up by Morphus Labs 3 publicly disclosed and 17 critical. It is always important to keep up on your patching regimen, as today’s vulnerabilities become more and more dangerous in the future. But one has to assess the current and older vulnerabilities with what … Read more

Patch Tuesday: Keep in Mind X, Y, and Z

Jan 9th was patch Tuesday: the day Microsoft designed to accumulate patches and release them on a regular basis with some kind of schedule. Otherwise patches would be released whenever problems are solved. So this would be good in some ways(why not resolve problems as soon as practical) but the problem is this release schedule … Read more

Passwords in Compliance Standards

Compliance standards have similar goals (PCI – HIPAA – SOX  – e-discovery)  and  the question is what should your password policy be to fulfill compliance and your own security risk profile. images from PCI standards doc, Adobe images site(HIPAA), Forbes (SOX), and aos.com (ediscovery) How many characters? Should there be special characters besides alphanumeric? Capital … Read more

Zero-Day Attacks And Why Patching Means Catching Up

Another day another Zero-Day Attack:  From Sucuri Blog¹ which found a remote Code Execution attack on Joomla a CMS(Content Management System) software The hackers are interested in these all the time: Because a Zero-day attack means that an attack on susceptible software can be easily taken over. Zero day exploits are sought after in the darknet. … Read more