Microsoft is back at it with a fairly large release today, including 12 security bulletins which patch a total of 22 vulnerabilities. Six of the bulletins address zero-day vulnerabilities (MS11-003, MS11-004, MS11-005, MS11-006, MS11-011, and MS11-013) including two (MS11-003, MS11-006) that have public exploit code circulating. MS11-013 (Kerberos) is most likely similar to vulnerabilities that…
Those that follow this blog have probably seen us write on Wikileaks before. We covered it here and eWeek invited us to cover the topic for their knowledge center here. Our message is that Wikileaks isn’t just for government or military organizations. Half of the leaked information on Wikileaks is on private organizations and Julian has suggested that corporations are next on the chopping block.
At the start of every year employees of eEye gather for our yearly company kick-off. We discuss what we did right in the previous year and ways that we can improve in this New Year. We talk about our product roadmap and the sales and marketing strategies for the year. We also answer the question that is probably more important than anything: “What type of company do we want to be?”
There’s an old wives’ tale that explains “an apple a day keeps the doctor away.” While this advice may not always be the case in the medical industry, it is absolutely accurate when it comes to the world of IT compliance. When you regularly incorporate apples (compliance) into your daily enterprise diet, the doctors (auditors) that come won’t find ailments that need to be fixed.
There was a big story in Network World about an IT staffer who sold his own company pirated software, used corporate servers for his own purposes and even downloaded credit card information.
I have responded to a number of RFPs (Request For Proposal) in my day and recently I have seen a trend in some of the questions. While the question varies between requests, there seems to be a growing trend that users want vulnerability assessment tools to not only identify vulnerabilities, but to also track changes to…
I’m sure you’ve heard the saying, “stolen fruit is the sweetest.” It’s a phrase that gets thrown around lightly, but it’s time to take it to heart. In a day when information and sensitive data are being stolen, manipulated, and blasted for the world to read, this is a saying we all need to look at twice. Hackers, inside security leakers, and thieves all agree: that which is stolen is the sweetest. You don’t want to find out how sweet the information in your enterprise will be to them. Steps should to be taken to secure the sensitive information and data in enterprises across the world.
This week we report the conclusions of our recent survey of 185 IT Administrators and Help Desk Operatives, in a report Legacy Applications and Least Privilege Access Management’ – which reveals the way legacy apps leave Windows desktop environments unnecessarily exposed to attack from malware, as well as providing an open door to insider threats.
How many times have you heard the old proverb, “after the storm comes the calm?” And how many times have you just accepted “storms” as part of life? From my point of view, these downpours aren’t actually necessary.
Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 1
New users to vulnerability assessment often ask the same question: “How do I get started”? While this may sound incredibly generic for a security engineer, many companies have never had a vulnerability management process in place and are trying to comprehend the problems of missing patches, remediation prioritization, and risk acceptance. As a basic recommendation,…