There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You'd think that this … [Read more...] about Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?
Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done. Yes, in some instances, you can just run a … [Read more...] about Why Database Patching Best Practice Just Doesn’t Work and How to Fix It
Threat Research By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response (CSIRS) recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-based malware relied heavily on … [Read more...] about Watchbog and the Importance of Patching
Having appropriate security configurations requires your applications, servers and databases to be hardened in accordance with best practices. Source link … [Read more...] about Top 5 Configuration Mistakes That Create Field Days for Hackers
A new binding directive gives U.S. agencies just 15 days - as opposed to 30 days - to remediate critical flaws on their systems. Source link … [Read more...] about DHS Shortens Deadline For Gov Agencies to Fix Critical Flaws