CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem https://ift.tt/3dEjIyr In June 2020, we received a Linux kernel submission detailing a reference-counting bug in the recently introduced io_uring subsystem. The bug leads to a use-after-free on any file structure, which can be leveraged for privilege escalation in the kernel. This bug was submitted by […]
Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild https://ift.tt/32yRE98 Pulse Secure has alerted customers to the existence of an exploitable chain of attack against its Pulse Connect Secure (PCS) appliances. PCS provides Virtual Private Network (VPN) facilities to businesses, which use them to prevent unauthorized access to their networks and services. Cybersecurity […]
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day https://ift.tt/32udA5z Executive Summary Mandiant recently responded to multiple security incidents involving compromises of Pulse Secure VPN appliances. This blog post examines multiple, related techniques for bypassing single and multifactor authentication on Pulse Secure VPN devices, persisting across upgrades, and maintaining access […]
HOWTO: Get an overview of the Privileged roles assigned within an Azure AD tenant https://ift.tt/3anx9Rl Unless you’re using the Azure AD Privileged Identity Management (PIM) portal features from your tenant’s Azure AD Premium P2 licenses, you might have a hard time to get an overview of the Privileged roles assigned within an Azure AD tenant. […]
Agile In IT Support and IT Operation Teams https://ift.tt/3gAO8Dx Introduction A few colleagues and I had a discussion and we tried to capture our experience in the article below. During our engagement we devoted some time to understanding IT Operations and IT support teams, to discover their world, and how different their world was from […]
Serverless Guide for Everyone https://ift.tt/3xiKNij Introduction With the increasing popularity and adoption of services like AWS Lambda and Fargate, serverless technologies are gaining more attention in every company’s technology stack. Serverless adoption has become a boon and desirable option to meet DevOps firms’ unique needs. Serverless technology helps companies scale their cloud-based architecture. According to […]
KnowledgeBase: You cannot manage the Desktop SSO feature with the Hybrid Identity Administrator role https://ift.tt/3gudYsN On March 19th, 2021, Microsoft introduced Azure AD Connect version 1.6.2.4 to incorporate the lessons learned and distribute the fixes Microsoft made to the larger public. As part of its version release history, Microsoft added the following line to the […]
New Exchange Online Feature Supports Sending Email from Proxy Addresses https://ift.tt/3nfKsZ9 A new Exchange Online feature allows users to send email using any of the SMTP proxy addresses assigned to their mailbox. An Outlook update will make the task easier, but for now it’s reasonably straightforward to insert a proxy address into the From field […]
Hotpatch for Azure VM https://ift.tt/2QPSnA9 Hotpatching in Azure is a preview feature that enables to apply updates without restarting Windows Server Azure VM. This new feature relies on Windows Server Azure Edition VM which is a new Windows Server image. This feature is available in preview for all Azure regions. Some providers need to be […]
You Might Want to Audit Your LAPS Permissions…. https://ift.tt/2Qq13h1 Deploy LAPS, Check! You’re all set, right? Maybe… Hi team, Eric Jansen here again; I’m back after being reminded by a friend and reader that I’ve been away for too long. I’m trying to be better about it since I have a ton of content that I’d like to share and talk about, but these days it all comes down to […]
Stack IT News 