Cisco DNA Center Certificate Validation Vulnerability https://ift.tt/3qcjCTv Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the […]

CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability https://ift.tt/34kHfyV On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes details on CVE-2021-21985, a critical remote code execution vulnerability in the vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and VMware Cloud Foundation (3.x and 4.x). […]

Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities https://ift.tt/3xOHDmR The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities. […]

CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://ift.tt/33c9EGX In March 2021, Microsoft released a patch to correct a vulnerability in the Windows kernel. The bug could allow an attacker to execute code with escalated privileges. This vulnerability was reported to the ZDI program by security researcher JeongOh Kyea (@kkokkokye) of THEORI. […]

Securing Active Directory: How to Prevent the SDProp and adminSDHolder Attack https://ift.tt/3vpMU2k Attackers can get into your Active Directory by leveraging the SDProp process and gaining privileges through the adminSDHolder object. Here’s how to stop them. Attackers use every possible trick and process they can to get into your Active Directory environment by moving laterally […]

How to Migrate to Office 365 the Secure Way https://ift.tt/3uaEQC0 Looking to extend your Active Directory to the cloud? This guide explores options for securely migrating your on-prem identities and access controls to Office 365.  Cloud computing offers lower costs, better flexibility and greater capacity beyond the limited resources most organizations have in their data […]

Hackers targeting VPN vulnerabilities in ongoing attacks https://ift.tt/3gEpguL Nation-state actors are exploiting known vulnerabilities in several VPN and remote access products, indicating a troubling trend for enterprises. Multiple advisories and reports have been published over the past few weeks addressing vulnerabilities found in VPNs, the use of which skyrocketed in the rush to remote work […]

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks https://ift.tt/32Y7zhs Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in […]

4 attributes key to network-as-a-service model https://ift.tt/32FiEEh Network as a service, or NaaS, represents the most important potential service development in networking, even though enterprises can’t yet consistently define what it is. In this era of anything as a service, a network-as-a-service model certainly dovetails with modern thinking, but is it a networking revolution that […]

Explaining Threats, Threat Actors, Vulnerabilities, and Risk Using a Real-World Scenario https://ift.tt/32LwDIN Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security terminology. Casey also added that Acceptable Risk would be being willing to get punched in the face. threat actor = someone who wants to punch you in the facethreat […]