Tuesday, March 14, 2017

Application Security Key findings from the 2016 SANS Report:

Application Security Key findings from the 2016 SANS Report:
  • 38% of organizations have a "maturing" AppSec program
  • 40% have documented approaches and policies to which third-party software vendors must adhere
  • 41% name public-facing web apps as the leading cause of breaches
  • 23% report applications are the source of breaches, attacks on others, or sensitive data leaks


Monday, October 17, 2016

9 Out Of 10 Windows Security Flaws Could Be Avoided By Just Removing Admin Rights

Almost 9-out-of-10 Windows operating system vulnerabilities could have been mitigated by removing the admin rights, according to a report released by security firm Avecto. Released on Thursday, the security report mentions that about 85 percent of critical Windows flaws could’ve been stopped before they entered your PC and affected the system files. The firm has compared the annual trends and reported 52% rise in the number of vulnerabilities reported. The 2015 report explores the vulnerabilities affecting Windows, Office, Windows Server, Internet Explorer, and more. The trends observed are: 85% of all Critical vulnerabilities documented in the report can be mitigated by removing admin rights 99.5% of all vulnerabilities reported in Internet Explorer in 2015 could be mitigated by removing admin rights 82% of all vulnerabilities affecting Microsoft Office in 2015 could be mitigated by removing admin rights As many people don’t know the meaning of administrator accounts, they are very common in household PCs. These accounts give the user an access to everything and the same privileges are invaded by a malware that strikes your system. So, a hacker can access your private data and modify Windows system files. Due to the same reason, many businesses tend to provide lower permissions to their users to mitigate the malware risks. In its report, the company also scanned the entire vulnerability patch in Microsoft’s monthly security updates and saw the impact of these flaws on systems with fewer rights. The firm came to a conclusion that about 63 percent of the entire batch of vulnerabilities could be mitigated if user rights are toned down. https://fossbytes.com/9-out-of-10-windows-security-flaws-can-be-solved-by-just-one-simple-step/ WWW.MSPKART.COM

Thursday, July 14, 2016

MSPKART.COM launched for SMB customers to buy easy IT Services online

MSPKART is an Online platform for customer's IT Managed Services requirement in Infrastructure, CyberSecurity, Cloud Computing Management Services. We evaluate the RIGHT Solution for customers in this space and save Time, Cost and Effort. https://www.youtube.com/watch?v=DPtuxQxP39c&feature=youtu.be

Friday, March 25, 2016

7 reasons why you should be using CoreOS with Docker

Finally, here are the top reasons to try out CoreOS: Reason #1 to go with CoreOS is etcd which was mentioned above. As the CoreOS website says: "Configuration values are distributed within the cluster for your applications to read. Values can be changed programatically and smart applications can reconfigure automatically. You'll never have to run Chef on every machine in order to change a single config value ever again." Reason #2 If you care about high availability at all, deploying using CoreOS is one of the best ways to achieve that with a relatively low price point. Reason #3 It lets you serve different versions of software on different machines and update machines without any downtime Reason #4 Though Docker helps you provide similar environments in production and development, CoreOS goes one step further by replicating cluster and network settings between dev and prod as well. As discussed before it also makes sure that the infrastructure always has the right configuration and everything has the right versioning. Reason #5 New developers can get up and running quickly rather than waste time installing all the required software and versions on their machine and making sure that nothing conflicts. Reason #6 It can drastically reduce cost by replicating software services like Heroku. Even though you need multiple machines to truly take advantage of CoreOS, CoreOS is now supported by every major cloud storage provider, including AWS and Digital Ocean, the latter of which provides machines for only $5/month. Reason #7 It has a very active open source community with (at the time of this writing) 6764 stars, 172 contributors, and over 40 pull requests merged in within the last two weeks for etcd. This may potentially be a problem, as one of the central tenets of the security that CoreOS offers out of the box is automatic updates on all your machines. Though you cannot turn this feature off, you can select an update strategy to control when and how your machines will update.

New feature in Microsoft Office blocks macro-based malware

Microsoft on Tuesday released a new feature in its Office 2016 software that it claimed can help "enterprise administrators prevent the risk from macros in certain high risk scenarios," according to a Microsoft blog. Macros are used to load dynamic content in the popular Word, Excel and Powerpoint programs. Criminals deliver macro malware through spam messages, which – via social engineering – trick users into downloading docs. Then they are instructed to exit Protected View and Enable Macros to view the content in its entirety. Malicious scripts in the document's macro are executed, and the malware is loaded from a remote server, downloaded onto the computer and launched. Microsoft said the update lets an enterprise selectively scope macro use to a set of trusted workflows and provide end-users with a different and stricter notification

Tuesday, January 26, 2016

Amazon Web Services Now Offers Free SSL/TLS

The new AWS Certificate Manager (ACM) is designed to simplify and automate many of the tasks traditionally associated with management of SSL/TLS certificates. ACM takes care of the complexity surrounding the provisioning, deployment, and renewal of digital certificates! Certificates provided by ACM are verified by Amazon’s certificate authority (CA), Amazon Trust Services (ATS). Even better, you can do all of this at no extra cost. SSL/TLS certificates provisioned through AWS Certificate Manager are free!