Смотрите также связанные темы
15.08.2018 Protecting Endpoints is the Key to Security Control
Companies today realize that they need more than just good security controls. They must also address compliance with internal security policies and industry regulations. A combination of good security functions and compliance management improves security operations efficiency and maturity. Enterprises can simplify compliance by using a single management console to audit, verify and report on [...]
21.06.2018 Protecting Against Application-Specific Attacks
We’ve seen an evolution from mass-mailing viruses to more targeted attacks and threats targeting OS vulnerabilities moving to attacks against applications. We’ve seen growth in attacks targeting systems that contain valuable data, including mission-critical enterprise applications sitting in virtual environments, SAP solution-based environments and storage systems. Companies must take these threats seriously and look for [...]
12.06.2018 Think you’re compliant? Can you prove it?
For years, enterprises have stretched their budgets and their IT staffs to comply with government regulations and created internal policies designed to protect customers and employees. Myriad point products and proprietary standards have sprung up, prolonging and complicating the audit process. The question these companies must now ask themselves now is “how can we prove [...]
18.08.2018 CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create"snapshots schedules"registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
23.09.2018 The Lesser Known Component of the FDCC Requirements
As many of us have seen, several companies have invested time and development cycles to provide products to the US government to meet the OMB requirements for FDCC implementation compliance. There are now nine vendors, including McAfee’s Policy Auditor, that are certified within the SCAP program.
The one item that has not received the same press [...]
05.11.2018 Companies Spend $250M on Microsoft Vulnerability…Unless They’re with McAfee
As most of you now know, on 10/23, Microsoft announced a critical out-of-cycle patch (MS08-067) to fix a flaw being exploited by hackers. The vulnerability affects all major versions of Microsoft Windows. In just a matter of moments, attackers can gain total remote control of a system and install malware, keyloggers, and Trojans. A successful [...]
04.12.2018 Faking Face Recognition
This week CNET news reported on some interesting, new ways of bypassing facial recognition technology built into newer laptops. The reporter (Dong Ngo) published an interesting article which shows an easy way of bypassing the software from companies such as Lenovo, Toshiba and Asus that are shipped on popular laptops. By using a slightly modified [...]
04.12.2018 Virtualization Security — Cut Costs, Not Corners
As economic conditions worsen, and companies seek new ways to cut costs, technologies like virtualization become more attractive. Virtualization can reduce costs in multiple ways, through hardware consolidation, power reduction, decreased space and cooling requirements and reduced IT staff time. However, when considering a move to virtualization — especially when the move is accelerated to [...]
16.12.2018 The Hidden Cost of Data Protection
Companies today realize the threats and consequences of data loss, and by now most have some sort of data protection in place. But businesses that rushed into data protection for fear of losing precious information may have been too quick to throw together a patchwork quilt of security software that is now proving costly.
In the [...]
23.01.2018 The Internet Safety Technical Task Force releases results of year long study
On January 14, the Internet Safety Technical Task Force (ISTTF), a group of 29 leading Internet businesses, non-profit organizations, academics, and technology companies, released its final report after joining together for a year-long investigation of tools and technologies to create a safer environment on the Internet for youth.
I was appointed, in my role as head [...]
|
