Check your SPF records: Wide IP ranges undo email security and make for tasty phishes https://ift.tt/3Fjy5mc Image: Can I Phish/Sebastian Salla You’ve done the right thing by your organisation and made sure that DMARC and SPF (sender policy framework) records are set in an effort to reduce email spoofing, but all that good work could […]
Wireshark creator joins Sysdig to extend it to cloud security https://ift.tt/3FpM61V If you’re a real network administrator, you know and love open source Wireshark. For over 15-years, it’s been the tool that professionals use for network traffic protocol analysis. Nothing else even comes close. Now, Sysdig, the container and cloud security company, has hired Gerald […]
Emergency Windows Server update fixes Remote Desktop issues https://ift.tt/3eSJ2AA Microsoft has released an emergency out-of-band update to address a Windows Server bug leading to Remote Desktop connection and performance issues. “Microsoft is releasing Out-of-band (OOB) updates today, January 4, 2022, to resolve issues in which Windows Server might experience a black screen, slow sign in, […]
Threat actors target HPE iLO hardware with rootkit attack https://ift.tt/3eQHDKO Experts have uncovered a new rootkit malware package that targets a low-level remote management component in Hewlett Packard Enterprise servers. Researchers with cybersecurity vendor Amnpardaz Soft say that the malware, dubbed Implant.Arm.ilobleed, specifically targets the firmware level of HPE technology known as iLO, or Integrated […]
Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server 2016, and Office 2016. https://ift.tt/342Y1pg
Multiple Apache Vulnerabilities fixed in 2.4.52 https://ift.tt/3myVxFB The Apache project released an advisory, describing the following vulnerabilities:1) CVE-2021-44790A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft […]
Security firm Blumira discovers major new Log4j attack vector https://ift.tt/3GVGL3k It doesn’t rain, but it pours. Previously, one assumption about the 10 out of 10 Log4j security vulnerability was that it was limited to exposed vulnerable servers. We were wrong. The security company Blumira claims to have found a new, exciting Log4j attack vector. You […]
Check your patches – public exploit now out for critical Exchange bug https://ift.tt/3cGzgAr It was a zero-day bug until Patch Tuesday, now there’s an anyone-can-use-it exploit. Don’t be the one who hasn’t patched. Security via Naked Security https://ift.tt/1pHdTOi November 23, 2021 at 02:41PM Paul Ducklin
Introducing the Microsoft Defender for Office 365 Migration Guide https://ift.tt/30g2hAu Today, we’re pleased to announce the release of the Microsoft Defender for Office 365 Migration Guide. If you’re thinking of switching your MX record from another filtering service or on-premises Security Email Gateway, then we hope you’ll find this helpful. Our goal with this guide […]
Let’s Encrypt explains last month’s outages caused by certificate expiration https://ift.tt/3BuwmIZ Dozens of websites and services reported issues late last month thanks to the expiration of a root certificate provided by Let’s Encrypt, one of the largest providers of HTTPS certificates. Let’s Encrypt and other researchers had long warned that the IdentTrust DST Root CA […]
Stack IT News 