CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities

CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities https://ift.tt/3jSjUed U.S. Government agencies issue joint cybersecurity advisory cautioning that advanced threat groups are chaining vulnerabilities together to gain entry into government networks and elevate privileges. Background On October 9, the Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of […]

Microsoft Zero Trust deployment guide for your applications

Microsoft Zero Trust deployment guide for your applications https://ift.tt/2QIxhAN Introduction More likely than not, your organization is in the middle of a digital transformation characterized by increased adoption of cloud apps and increased demand for mobility. In the age of remote work, users expect to be able to connect to any resource, on any device, from anywhere in the world. IT admins, […]

How do I implement a Zero Trust security model for my Microsoft remote workforce?

How do I implement a Zero Trust security model for my Microsoft remote workforce? https://ift.tt/34oKQNI Digital empathy should guide your Zero Trust implementation Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations […]

Five regular checks for SMBs

Five regular checks for SMBs https://ift.tt/2CPFsaQ It is not always economically viable for small and medium-size businesses to maintain a dedicated IT security team, so it often happens that one person is in charge of monitoring the entire infrastructure. Sometimes he or she is not even a permanent, full-time employee. Sure, a good administrator can […]

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices https://ift.tt/3jTf3tJ Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP’s network-attached storage (NAS) appliances. Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, […]

CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS Server Disclosed (SIGRed)

CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS Server Disclosed (SIGRed) https://ift.tt/2OvInYp Researchers disclose a 17-year-old wormable flaw in Windows DNS servers. Organizations are strongly encouraged to apply patches as soon as possible. Background On July 14, Microsoft patched a critical vulnerability in Windows Domain Name System (DNS) Server as part of Patch Tuesday […]

Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers

Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers https://ift.tt/2ZBIuab Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5’s BIG-IP networking devices running application security servers. The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS […]

Why should you worry about DNS attacks?

Why should you worry about DNS attacks? https://ift.tt/3imhFPU Domain Name System (DNS) is a very basic protocol and service that enables Internet users and network devices to discover websites using human-readable hostnames instead of numeric IP addresses. This article provides a detailed explanation of how DNS works. If the DNS service is attacked or doesn’t […]