Patch/Configuration Management

In response to Tenable CEO Amit Yoran calling it “grossly irresponsible” for taking over four months to fully address the issue, Microsoft said it needed to balance speed and safety.

Ubuntu patched the high-severity vulnerabilities on July 24 and recommends that users update their Ubuntu kernels.

PTC sunset Axeda in 2019, but the industrial IoT remote monitoring and management agent is still in use in several systems. Based on Forescout telemetry, it is particularly popular in active use within the medical sector, particularly lab testing and imaging.

Palo Alto Networks Unit 42 data shows the majority of infusion pumps are operating with known security vulnerabilities. As disclosures increase, the need for faster medical device security remediation follows.

Karma and Conti simultaneously hacked into a healthcare network via a known Microsoft Exchange vulnerability, Sophos research shows. The attack shares lessons learned for other providers.

News of the Log4j vulnerability first emerged two months ago, and many organizations still struggle to identify and mitigate the risk. Now, amid threats of Russian cyberattacks resulting from the Ukraine standoff, the universal message is to patch all vulnerabilities. So how exposed does Log4j leave the United States’ most critical industries? SC Media spoke to Jon France, the new chief information security officer for cyber training and certification organization (ISC)², to get his perspective.

Cisco says the SSL certificates for Talos security updates for the Firepower firewalls will be decommissioned and replaced on March 6, 2022.