Do you know if you have open SMTP servers on your network? In May, Qualys released 21 vulnerabilities to Exim (see Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim). Exim is a popular Mail Transfer Agent (MTA) available on Unix operating systems and comes pre-installed on Linux distributions. The easy access and wide SMTP/Exim MTAs use Read More
Tag: vulnerabilities
7 Critical Security Conversations
There are 7 Critical Security Conversations everyone needs to have with your vendors, your supply chain partners, and other organizations who help with your security & resiliency posture. The wave of supply chain security conversations that was sparked by the Bloomberg articles has people talking (see The Big Hack: How China Used a Tiny Chip Read More
Filtering Exploitable Ports and Minimizing Risk from the Internet and from Your Customers
What are you doing to prepare for the next “scanning malware” and “Internet Worm?” Barry Greene @ bgreene@senki.org Version 1.2 TLP: WHITE Recommendation: Operators (CSPs, ISPs, Cloud Companies, and Hosting Companies) are strongly encouraged to deploy Port Filtering on the known Exploitable ports and Source Address Validation (SAV) on their customer edge of the network
Demand Security from your Vendors
Demande Security from your Vendors. Ask the right “Security Questions.” This provides a list of questions that anyone can use with their vendors to get a better understanding of their security capabilities. Start meaningful “Security Conversations.” Read More
Weekend Read – Lessons from Heartbleed
Every vulnerability is a security lesson that will either be repeated or used to improve the organization. Lessons from Heartbleed is no different. IMHO “The Matter of Heartbleed” is a mandatory paper for all security professionals! It points out the dynamics of a critical Internet vulnerability and how organizations respond. As a minimum, read the Read More