Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

The .NET patch failure that wasn’t

The .NET patch failure that wasn’t

This month’s patch updates from Microsoft have caused few problems, and though there were some issues related to .NET, even those have been scattered.

How to defend against OAuth-enabled cloud-based attacks

How to defend against OAuth-enabled cloud-based attacks

Use these settings in Microsoft Azure Active Directory to take control of user-requested OAuth access permissions.

How to harden Microsoft Edge against cyberattacks

How to harden Microsoft Edge against cyberattacks

Chromium-based Edge gives enterprises the opportunity to standardize on one browser. Here are the key security settings you need to know.

What you need to know about changes to Microsoft's Security Update Guide

What you need to know about changes to Microsoft's Security Update Guide

The Security Update Guide now aligns more closely with the CVSS, but sometimes lacks information needed to properly respond to a vulnerability report.

Tips to harden Active Directory against SolarWinds-type attacks

Tips to harden Active Directory against SolarWinds-type attacks

The SolarWinds attackers took advantage of Active Directory to gain a foothold. Here's what configurations and policies to check to better protect your network.

How to prepare for an effective phishing attack simulation

How to prepare for an effective phishing attack simulation

Here's what users need to know about phishing attacks before you send out a test email.

Top SolarWinds risk assessment resources for Microsoft 365 and Azure

Top SolarWinds risk assessment resources for Microsoft 365 and Azure

Government and private organizations, including Microsoft, have released a wealth of information and tools to assess risk from SolarWinds-like attacks.

How to prepare for and respond to a SolarWinds-type attack

How to prepare for and respond to a SolarWinds-type attack

If you can perform these tasks on your Windows network, then you are properly prepared to respond to a nation-state attack like SolarWinds.

How to block malicious JavaScript files in Windows environments

How to block malicious JavaScript files in Windows environments

Attackers frequently send malicious JavaScript files through bogus emails. It's easy to block these files from reaching a hapless user. Here's how.

How to avoid subdomain takeover in Azure environments

How to avoid subdomain takeover in Azure environments

Active but unused subdomains in Microsoft Azure give attackers the opportunity to use them for malicious purposes. Here's how to identify and delete vulnerable subdomains before attackers do.

14 tips to prevent business email compromise

14 tips to prevent business email compromise

Criminals fool victims into clicking on malicious links or assisting in financial theft by sending emails that mimic real senders and real companies. Here's how to stop BEC.

4 Windows 10 settings to prevent credential theft

4 Windows 10 settings to prevent credential theft

Review these Windows settings to make sure you're not making it easy for attackers to steal login credentials.

How attackers exploit Windows Active Directory and Group Policy

How attackers exploit Windows Active Directory and Group Policy

Attackers have learned to use Active Directory and Group Policy to find weaknesses in Windows networks and identify targets. Here's what you can do to prevent that.

How to use Windows Defender Attack Surface Reduction rules

How to use Windows Defender Attack Surface Reduction rules

With Microsoft's Attack Surface Reduction, you can set rules to block risky actions for each workstation on your network.

7 dumb ways to be a ransomware victim, and how to avoid them

7 dumb ways to be a ransomware victim, and how to avoid them

Don't make it easy for ransomware attackers. Review your Windows network for these weaknesses now. You might be surprised by what you find.

How to take better control of applications running on your network

How to take better control of applications running on your network

Unneeded or forgotten software on your Windows network could be a gateway for attackers into your system. Follow this advice to identify and restrict problem programs.

How network segmentation mitigates unauthorized access risk

How network segmentation mitigates unauthorized access risk

Two recent Microsoft vulnerabilities underscore the importance of segmenting your Windows network.

Best new Windows 10 security features: Biometric authentication, Edge browser
Updated

Best new Windows 10 security features: Biometric authentication, Edge browser

Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 20H2 feature release.

Windows 10 security: Are you on the right version?

Windows 10 security: Are you on the right version?

If you're running an older version of Windows 10, It's time to review security enhancements that later versions offer to see if you need to update.

The 4 pillars of Windows network security

The 4 pillars of Windows network security

Microsoft's CISO breaks down which four key areas to focus on to secure Windows networks: passwordless identity management, patch management, device control and benchmarks.

Load More