The Federal Trade Commission (FTC) has released an announcement about its new website devoted to protecting small businesses. This resource aims to help business owners avoid scams, protect their computers and networks, and keep their customers' and employees' data safe.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
Cisco Systems has patched a critical flaw that even novice hackers could exploit using Central Intelligence Agency attack tools that were recently leaked to the Internet.
As previously reported, the zero-day exploit allowed attackers to issue commands that remotely execute malicious code on 318 models of Cisco switches. The attack code was published in early March by WikiLeaks as part of its Vault7 series of leaks, which the site is billing as the largest publication of intelligence documents ever.
The bug resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on internal networks. It stems from a failure to restrict telnet options to local communications and the incorrect processing of malformed CMP-only telnet options.
There was a time when automation was a dirty word in security. Now, it is a necessity. A new Enterprise Strategy Group (ESG) survey, sponsored by McAfee and other technology vendors, shows that 3 out of 5 organizations see manual processes as holding them back from better organizational effectiveness when it comes to security analytics and operations. My rule of thumb is: The third time you do the same thing, automate it. That doesn’t mean automating actions like wiping a system or rebooting, but it does mean you get the machines to do the easy work. Automation can mean setting a policy, defining an alarm or quarantine based on a trigger, defining a correlation rule to make the same review decision you had been doing and then setting an alarm or creating a watchlist, or using a script to package and forward data. Any of these approaches is easily implemented with today’s technology.
A case in point – the findings also show that the #1 priority for automation and/or orchestration is integrating external threat intelligence with internal security data collection and analysis. That capability is entirely automated today with the McAfee Enterprise Security Manager. You can consume IOCs and mine your database to see if they are already part of your environment, generating alarms for any matches, and also set a watch in case these IOCs enter your infrastructure in the future. The watchlist can also implement an action you define – from simple alarm to active quarantine. Check out this video to see for yourself.