As we build out our networks, we should start thinking about how to properly segment users and assets. Segmenting networks has been best practice for a long time now, but is rarely implemented. With the new normal of malware, we can greatly reduce our attack surface by limiting exposure to our critical systems. This also allows us to focus monitoring efforts where they will be most effective.
Flat networks are simple and have little management overhead, but this comes at a cost. Flat networks offer little protection as well.
The Lenovo Accelerator Application software package which is meant to speed up the launch of some Lenovo applications, has been found to be vulnerable to a man in the middle attack. The vulnerability lies within the “update mechanism where a Lenovo server is queried to identify if application updates are available.” Lenovo recommends removing this software immediately.
The full list of machines that are impacted is vast but include Lenovo Notebook 305, Edge 15, Flex2 Pro and Yoga product lines. Additionally, IdeaCenter and Yoga Home 500 are amongst the 39 desktop models impacted.
A full list of machines can be found here:
A Microsoft Windows zero-day exploit has hit the market with a $90,000 price tag. This unpatched vulnerability is being sold with claims that it works against all versions of Windows from Windows 2000 to the current Windows 10 OS. The purchase gets you all the source code and two proof of concept videos that show the exploit working. There is big money in malware, from finding the exploits on down to using them. Let ContentCatcher NSM help protect your network.
Compare Huntress vs Blackpoint MDR for MSPs: coverage, SOC response authority, alert quality, integrations, and…
Choose Huntress or CrowdStrike by operating model, not hype: compare managed EDR, Falcon platform depth,…
Reduce risk without overloading IT: compare SOC monitoring, alert triage, threat hunting, and MDR response…
Compare SOC costs from $60K SOCaaS to $5M+ internal 24x7 teams, with hidden staffing, tooling,…
Protect CUI and win defense contracts with practical NIST 800-171 steps for manufacturers, from scoping…
Secure DoD contracts with CMMC support for manufacturers: map CUI, close NIST 800-171 gaps, monitor…