Here’s why infosec needs to quit yelling “if you didn’t patch it’s your fault” about WannaCrypt: Cisco has announced it’s investigating which of its products can’t be patched against the ransomware.
The Register congratulates Cisco for going public, because it’s certain that an innumerable number of third-party systems embed the bug, but there have been precious few announcements to date.
On Monday afternoon, the company said its Cisco Product Security Incident Response Team (PSIRT) has started its review.
永安林业:2017年第一季度报告正文

The investigation will focus on identifying vulnerable products that don’t support either manual or automated updates to fix the underlying MS17-010 bug – in other words, products that will need to go on customers’ kill lists because they can’t be fixed.
The Register has asked Cisco whether it knows how many and what kinds of systems are likely to fall into this category.
Promising updates as PSIRT discovers vulnerable system the advisory says: “Currently no additional guidance other than to apply the Microsoft patches or disable SMBv1 is applicable.”
The company’s published Snort rules and a Cisco IPS (Intrusion Prevention System) signature pack to block WannaCrypt traffic.
黑客事件催生数据安全管理系统,黑客获取用户的数据会给被攻击者造成金钱和信誉的损失,加强关键数据的安全保护也让第三方数据管理系统有了用武之地。
To any other vendors who shipped Windows as the underlying OS for management or client software, or as the embedded operating system, we ask: where are your responses? ®
Sponsored:
Continuous lifecycle London 2017 event. DevOps, continuous delivery and containerisation. Register now
虽然信息安全控制措施的建立和完善是一项持续改进的过程,可是大部分移动应用在进行最初的设计开发时,并未充分考虑到基本的足够的信息安全保障,这让后续工作变得困难,且提高了后期运维成本。

猜您喜欢

腾讯安全招聘
信息安全知识测试
网络安全法 宣传片 002 国家网络安全的现状与重要性概述
治国理政进行时
ERD IRISCORPORATE
信息安全知识检测