<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

Protecting Systems During Patching Gaps

Posted by Tom Bain on January 22, 2018 at 12:18 PM

The recent Meltdown and Spectre CPU vulnerabilities took almost everyone by surprise.  Widespread panic was staved off only by the promise of a nearly-ready OS patching fix, which it turned out, excluded a large swath of systems and created its own set of problems. 

Users are still scrambling to patch systems with an extremely complex mixture of OS, firmware and application updates. Organizations are encountering slowdowns, blue screens and reboot problems in their rush to avoid security problems. The entire stack of Spectre and Meltdown fixes has not yet been properly tested and will take time to reach anything resembling stability. 

Read More

Topics: Patching, 0-day exploits, Moving Target Defense, Endpoint Security, Exploits

Tor/FireFox Zero-Day prevented by Morphisec

Posted by Ursula Ron on December 7, 2016 at 6:37 AM

The FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or another governmental agency, especially as the attack resembled past investigations used to identify Tor users.

Read More

Topics: Exploits, Patching, Zero-day, Cyber Attacks

Microsoft Patch Tuesday: All or Nothing Patching

Posted by Netta Schmeidler on October 12, 2016 at 1:09 AM

Microsoft released its October patching update today and, as announced, it introduces a major change that has many system administrators wondering just what to do.

Read More

Topics: Industry News, Patching, Cyber Security

Socrates and Cyber Security

Posted by Arthur Braunstein on May 25, 2016 at 4:40 PM

The ancients’ experience of modern computing was limited to say the least, but they gave us a nice framework, the Socratic Method , that moderns can use for dealing with the problem of cyber security. The Socratic Method is a process of question and response, designed to challenge and eliminate bad ideas, refine good ideas, and arrive at sound conclusions. If it worked for Socrates, maybe it will work for us. Here is dialogue that unfolds between Socrates and the Security Architect of, for the purposes of this exercise, the Bank of The Peloponnese.

Read More

Topics: Patching, Endpoint Security, Cyber Security

Badlock – the Burst of a Bug Bubble

Posted by Michael Gorelik on April 13, 2016 at 6:37 AM

After the burst of the bug bubble, I’m left wondering who at SerNet decided the Badlock marketing campaign was a good idea and why.  It certainly was not, as claimed, to raise awareness for a critical bug that needed immediate patching.

Read More

Topics: Moving Target Defense, Patching

The Pain of Patching

Posted by Ronen Yehoshua on February 2, 2016 at 4:46 AM

The pain of patching - how to achieve a strategic balance between security, compliance and business goals

Modern cyber attacks are targeted, stealthy and evasive. Cybercriminals commonly attempt to penetrate enterprise networks by exploiting vulnerabilities in applications, web browsers and operating systems. The best defense available to enterprises is to rapidly patch these vulnerabilities -- or is it?

Read More

Topics: Patching

Patch Me if You Can

Posted by Mordechai Guri, Ph.D. on December 7, 2015 at 1:50 AM

Earlier this year, Microsoft announced its Windows updates for business, which was proclaimed as a way to "empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows features." If there is one thing most IT Pros agree on, it is that patching is a pain – it is something that must be done for the long-term security of the organization, but it is disruptive so it gets delayed (and the new Microsoft service will attempt to shorten these delays). And even worse than the business interruption patching causes, on its own, patching is never sufficient.

Read More

Topics: 0-day exploits, Zero-day, Patching

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts