You are viewing 'patch'

Prevention Blog Series

Patch Your Network: A Third Step in Security

Loren Paquette

April 21, 2016 - Posted by Loren Paquette to Security Insight

Ounce of Prevention

This blog is a continuation of the Prevention blog series. The first blog, "Four Tips to Secure Your Network," discussed prevention and four tips to use to immediately help secure your network. The second blog, "Scan Your Network: A First Step in Security," was the first of four steps to assist with security, and discussed ways to scan your network. The third blog, "Secure Your Network: A Second Step in Security," covered the second step with ways to secure your network. This fourth blog will discuss the third step and how to patch your network. Links to the other blogs will be provided as they are... read more >

Patched Vulnerability in FireEye Appliances

FireEye acted quickly to close a serious vulnerability in some appliances

Terrance DeJesus

December 16, 2015 - Posted by Terrance DeJesus to Security News

Firewall

On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.

Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.

Affected... read more >

Another Day, Another Flash Zero Day

Flash continues to pose a significant threat

Jon-Louis Heimerl

July 21, 2015 - Posted by Jon-Louis Heimerl to Security Insight

Adobe Flash Player “Alas, poor Flash. I knew it, Horatio, a tool of infinite vulnerabilities, of most excellent fancy.”

Flash.

Again with the Flash.

It seems like only yesterday I wrote a blog about a critical patch for Adobe Flash Player. And suddenly this week we have more. Yeah, not only is it yet another Flash vulnerability, it is multiple CVEs, with CVSS scores of 10 – with a high impact (execute arbitrary code or DoS), and simple to exploit. Actually, given the way Flash has been doing so far this year, it seems like that is more like “about every 35.5 hours” we would see a new Flash vulnerability.

Think about that.

“Every 35.5 hours.”

According to www.cvedetails.com, there have been 132 Vulnerabilities assigned CVEs in Flash during 2015. At the time I write this, we are 197 days into the year. In... read more >

Patch Like You Mean It

Actively patching can help remove active, known vulnerabilities

Jon-Louis Heimerl

July 06, 2015 - Posted by Jon-Louis Heimerl to Security Insight

Solutionary Minds Blog

There is no “silver bullet” to security. No single, one security control which will answer all of our security woes.

But, time and time again, we hear of vulnerabilities which are affecting organizations, right now. A good example is the Adobe Flash Player vulnerability (CVE-2015-3113). If you check the details for the vulnerability, you can see that it has a CVSS score of 10. You can also see that it has been actively exploited in the wild; meaning attackers have been using it, and are using it right now.

This is a client system vulnerability. Adobe Flash Player runs on the user workstation. We all know that it can be difficult to keep all systems current, especially in a heterogeneous, geographically distributed environment.

But, Adobe has released a patch for this vulnerability, and applying that patch can remove a current, known threat from your environment. For more... read more >

OpenSSL Update Release or: How I Learned to Stop Worrying and Love The Patch

Chad Kahl

March 19, 2015 - Posted by Chad Kahl to Security Insight

Here's the Cliff's Notes version of this week's announcement from the OpenSSL Project:

  1. Information that OpenSSL is releasing patches for high severity vulnerability
  2. The Internet "OH NO THE INTERNET IS COMING TO AN END!"
  3. Patches released
  4. It wasn't a big deal

Here's the extended version:

Early this week, information came out that the OpenSSL Project was going to release patches for a "high severity" vulnerability, along with multiple others. Of course, at the time, there were no additional details. Cue the Internet, in usual form, expounding how this was going to be the next Heartbleed.

"Well, I've been to one world fair, a picnic, and a rodeo, and that's the stupidest thing I ever heard come over a set of earphones. You sure you got today's codes?" Major T.J. "King" Kong

The logical side, on the other hand, figured out that there isn't much we could do until there was actual information available.... read more >

1 | 2 | 3 | 4 | 5 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS