John E Dunn
March 12th, 2014
The simple elevation of user and application privileges lies at the heart of many breaches.
We must hope that January’s huge data breach at Target will be a turning point in the history of data breaches. For the first time, businesses are starting to ask difficult questions – might the fact that one of the US retail sector’s most respected retailers can be breached with such ease not be telling us that something is profoundly wrong with enterprise security?
- March 9th, 2017
With news breaking on the CIA’s ability to listen in via Smart TVs, many will be alarmed by the breadth of the exploits WikiLeaks has uncovered. The security industry has been warning of the dangers of Internet of Things devices for a long time and just last week, a hack on internet-connected teddy bears was making the headlines.
- February 27th, 2017
- February 3rd, 2016
“We’ve done it!” – The majority of your users have admin rights removed, meaning your environment is far more secure than it was before and you’ve successfully mitigated 85% of critical vulnerabilities in Windows. But are you as secure as you think? A surprisingly common pitfall that we come across in the support team are those who, either intentionally or unwittingly, elevate everything. Everything.
- February 2nd, 2016
Now in its third year, the 2015 Microsoft Vulnerabilities Report analyses the data from Security Bulletins issued by Microsoft throughout 2015. Typically issued on the second Tuesday of each month, these “Patch Tuesday” bulletins contain fixes for vulnerabilities affecting Microsoft products. With the launch of Windows 10, this approach changed slightly, with patches being released as soon as they are available.
- November 20th, 2015
A potential privilege escalation around unquoted service paths has been around for over fifteen years now, but it still continues to catch people out.