In our experience, the roll-out of Skybox Security Firewall and Network Assurance modules greatly improves not only visibility of the network design, compliance with security policies, but also risks associated with unpatched network devices. As it is not uncommon for organisations to run unpatches network devices and firewalls, the focus of operations security managers should be offloading vulnerability management of network devices to their owners - managers of network teams.Read More
All owners and admin of Drupal 8 sites: please read:
According to Shodan.io, there are over 85000 active Drupal sites. Perhaps not all of them are version 8, but could be a significant number. And we can only assume many would have enabled API access or installed modules that make them vulnerable to the latest vulnerability ‘Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003’, as explained on the Drupal Security Advisory: https://www.drupal.org/sa-core-2019-003.
The vulnerability has been fixed in Drupal 8.6.10 and 8.6.11.
We advise all to patch as soon as possible to prevent losing your Drupal site.
As expected, and appreciated, Microsoft has released patches to their products (plus Adobe’s). The full list can be a bit daunting: looking at the Security Update portal, there are 1455 items in the patch table. https://portal.msrc.microsoft.com/en-us/security-guidance
All out clients subscribed to vulnerability management - Advanced SOC - services should receive notification of the applicability of these in their environments. For the rest, I want to highlight the most critical patches and actions needed.Read More
We are proud to announce our CTO Lukas Macura achieved has gained a cerification in Elasticsearch last month. Elasticsearch platform plays a key role in our Foresight Cyber Platform and underpins all managed services we provide.Read More
We are excited to announce a new strategic partnership for foresight Cyber: Hardenize. We have been working with Hardenize for few months now to fully understand their product and be able not just resell but also configure and manage as a service for our clients.Read More
We have all tested this postulate: ‘One needs to first walk before running ’. This applies in life as well as in cyber-security. I have seen many companies buying shiny & blinking boxes without first addressing fundamental controls, then failing to receive the promised value from these investments.Read More