Patch/Configuration Management

This month’s batch of more than 70 vulnerabilities includes three critical RCEs and a fourth privilege elevation vulnerability found in the Win32k process.

Developers are advised not to use hardcoded passwords on platforms such as Airflow.

Nearly 43% of all websites use WordPress, one of the main reasons the Cybersecurity Infrastructure and Security Agency (CISA) posted a notice for WordPress users to move quickly and update.

Security monitoring and threat hunting will be essential, especially considering "the impact is likely to extend beyond MS Office," warned one tech executive.

Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors. As OWASP (Open Web Application Security Project) notes on its API Security Project homepage: “By nature, APIs expose application logic and sensitive data […]

Microsoft released a workaround for a print spooler vulnerability one day after releasing an actual patch for another print spooler vulnerability.  When exploited, the print spooler remote code execution (RCE) vulnerability lets attackers gain system-level privileges on the Windows device.

For many enterprises, incident response is an exercise in chaos. Security teams scramble to figure out how a data breach happened and crash into brick walls as they try to collect information from different departments that are often siloed from everyone else. It doesn’t have to be that way. Advanced security teams have learned that […]

While there is no silver bullet, Black Hills Information Security owner John Strand says there are steps companies and users can take to minimize the risk of being infected with ransomware.