Have Meltdown or Spectre made you change ANY of your cyber security strategies?

1*TQewK00duGbvgqHIiK3U0Q

Both of these vulnerabilities have been upon us for just under a week now and yet I’ve only really heard cyber hygiene (patch your systems and monitor for trouble) discussed as viable approaches to this problem. Cyber hygiene is indeed very important, but there are many strategic and tactical issues that should be on the table for discussion in response to these vulnerabilities — and vulnerabilities like them we will face in the future. In this blog, I will look at this from a cyber practitioner’s point of view and recommend some strategies you’ve looked at in the past but perhaps your organization hasn’t adopted yet.

Read More…

What is your reason for not patching MS17–010 — the main vulnerability behind WannaCry?

0*UvcKlP7mpNCZORDZ
In April 14 2017, Shadow Brokers released information about an exploit tool written by the NSA called Eternal Blue. This tool exploited a zero day in Microsoft Windows covered by their MS17–010 update. The patch proceeded the disclosure as Microsoft issued MS17–010 on March 14, 2017. The WannaCry worm first got heavily noticed on Friday, May 12, 2017.
Read More…

Patching Systems with AutoMox

0*SOZQ2QrqLhFvAAwD
I’ve heard almost every excuse there is for not patching a system. While at Tenable Network Security, I got to focus on helping organizations identify their biggest cyber risks which usually meant patching vulnerabilities.
Read More…