So, CVE-2017-0144 https://nvd.nist.gov/vuln/detail/CVE-2017-0144, a vulnerability that was identified about two months ago (published Mar 16 2017), is now being widely exploited in the wild, most visibly impacting hospitals in the UK’s National Health Service to the point that they’ve had to redirect incoming patients to other facilities. This … [Read more...]
SecOps IT Security & Compliance Blog
Delivering effective IT security and compliance means enabling Security and Operations teams to work effectively together. This is how IT can deliver what the business needs: secure and reliable IT services.
Learn about IT Security and Compliance in BMC's complete guide.
Understanding and managing risk Security teams often use a variety of vulnerability management and response tools to assess and address the vulnerability situation across the organization, frequently using different sets of tools for different environment types. This often makes getting a single picture of the current risk profile difficult as … [Read more...]
An accelerating vulnerability landscape As organizations work to accelerate their digital transformations and infrastructure becomes increasingly more dynamic, security vulnerabilities continue to be a major concern. Taking into account the sheer number of known vulnerabilities, it is becoming increasingly difficult to effectively manage the … [Read more...]
Every company is a target for malicious actors who are seeking to gain access to valuable data, or to damage critical systems. With the average price of a data breach now standing at $4 million, security is everyone’s responsibility. ITSM has an important role to play, and can bring significant value to the Security Operations process. According to … [Read more...]
A steady increase in the number of vulnerabilities each year has put a fresh focus on the discipline of vulnerability management. Although the Verizon 2016 Breach Investigations Report found that the top 10 vulnerabilities made up 85% of the successful exploit traffic, the remaining 15% were attributed to over 900 CVEs. This shows that we can … [Read more...]
In the midst of the digital revolution that is currently underway, bad guys are trying to take advantage and exploit individuals and business alike. No one is immune to cybercrime. In a recent study, out of 1,100 Chief Information Security Officers (CISOs) polled, 68% have experienced a breach, with 26% of those experiencing a breach during the … [Read more...]
Remote shell attacks against password-less systems date back to before the modern Internet era, and allowing root (administrative) users to connect directly using SSH (PermitRootLogon) still catches my attention. We went through similar security challenges with MySQL, which in some default configurations also didn’t require a password for local … [Read more...]
2017 just kicked-off and is expected by many to achieve new records in technology adoption, driven by the transformation of traditional businesses into digital enterprises. While this presents huge opportunities, the threat level has never been so high with cybercrime getting more organized, and derailing the power of new technology. I wanted to … [Read more...]
In the Art of War, legendary strategist Sun Tzu speaks of the necessity of understanding your enemy – not just at a superficial level, but also to know how they think. If you had the chance to pick the brain of a hacker to learn more about how hackers work and what you can do about it, here’s what you would find. This individual – let’s call him … [Read more...]
2016 was a year of surprises. The continued growth of hacking incidents with their devastating trail of destruction was among the more shocking developments. It brought cybersecurity concerns to the center of every conversation. Many an IT executive has suffered sleepless nights as they tried to figure out how they could protect their … [Read more...]