Whistleblower alert results in security fixes

 

I have to admit that this is a rare occurrence…a whistleblower complaint that was brought to the attention of the company’s Board of Directors which actually resulted in significant change to address the issue.  It definitely should not have to come down this and management should get its fair share of blame and be held accountable.  IMHO, this may actually have more to do with the health provider not wanting to lose customers more than anything else.  Funny how when the financial health of a company is on the line, they more often than not take immediate action to address the problem at hand!

Check out the article here for more info and let me know what you think…

HP Enterprise hard drives failing!

 

An alarming bulletin courtesy of HP detailing the almost certain guarantee of SAS hard drive failure right as it approaches the four year mark…

Bulletin: HPE SAS Solid State Drives – Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us

HPE was notified by a Solid State Drive (SSD) manufacturer of a firmware defect affecting certain SAS SSD models (see article) used in a number of HPE server and storage products (i.e., HPE ProLiant, Synergy, Apollo, JBOD D3xxx, D6xxx, D8xxx, MSA, StoreVirtual 4335 and StoreVirtual 3200 are affected. 3PAR, Nimble, Simplivity, XP and Primera are not affected.)

The issue affects SSDs with an HPE firmware version prior to HPD8 that results in SSD failure at 32,768 hours of operation (i.e., 3 years, 270 days 8 hours). After the SSD failure occurs, neither the SSD nor the data can be recovered. In addition, SSDs which were put into service at the same time will likely fail nearly simultaneously.

So I guess this means I’m going with Dell…haha!

Two excellent posts by “The Patch Lady”

Kudos to Susan Bradley aka “The Patch Lady” who gave us some interesting insight here as to how Microsoft plans to handle extended updates for Windows 7 (apparently the service plans are not available! Yuck!) and also sheds some light here on an FBI precinct’s recommendation to place all IOT (Internet Of Things) devices on a different network segment for security purposes.

Chrome 0 Day Halloween Exploit

For the second time this year, Google has released information urging everyone to update to the latest version of Google Chrome to combat a 0 Day vulnerability found in previous versions.

Most configurations of Chrome should be auto updating but it is suggested to push out the updated version which is 78.0.3904.87

As stated in the ZDNet.com article here

Per Kaspersky, the zero-day was found being deployed on user devices via a Korean-language news portal. The Russian antivirus company said it couldn’t link the zero-day’s use to a specific hacking group, although there are some code similarities with past North Korean malware. The company is tracking the current attacks using this zero-day under a codename of “Operation WizardOpium.”

Bottom line, the odds of being affected by this are very slim but nevertheless its worth the due diligence and ensuring you are all patched up!

 

Big update release out of nowhere

So AskWoody.com is reporting that Microsoft has released over 50 security updates out of the blue aimed that fixing the numerous issues stemming from the previous update cycles.  Needless to say that the last couple of months has been disastrous from a patching perspective.

Check out the details here and let us know what you have been experiencing in the environments you’re managing.

National Cybersecurity Awareness Month is here!

The theme for this year as stated on the official website

NCSAM 2019 emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.

A bonus for this year includes a custom “toolkit” aimed at making things easier for users to properly lockdown their PC.  Check it out here and let us know what you think!

Internet Explorer Zero Day & Defender bug Exploit

For those of you that may not be aware of this, Microsoft has released an out-of-band (OOB) update aimed at fixing vulnerabilities in Internet Explorer and Windows Defender.  According to ZDNet.com, the IE update will have to be applied manually whereas Windows Defender will receive it automatically.

My takeaway from this article (found here) is whether this truly warranted Microsoft going out of their way to publish this separately and not as a part of Patch Tuesday.  After all, Internet Explorer has an approximate market share of less than 2% worldwide as cited in the article but then again I wonder what percentage of those utilizing the legacy browser are machines currently being used by governments or other high level entities across the world…food for thought!

Voting Machines running Windows 7?!?!

Great news everyone!  Microsoft has decided that they will ensure whatever voting machines running the soon to be obsolete Windows 7 will receive security updates about a year after it reaches end of life status.

If you can “read” the sarcasm in the previous paragraph , I promise that I really tried to hide it.  Please tell me how the fuck the richest country in the world can allow for an operating system on the verge of obsolescence is to be trusted to run on voting machines that are spread throughout the country.  Oh yeah, Microsoft and the US government will try to spin this as a positive but the reality is that they should have been replaced, removed, burned, torched, annihilated, etc. a long time ago.

Let’s wake up America…there is absolutely no reason why we cannot take care of this like RIGHT NOW!!!

Read more about this here!