Microsoft’s March 2021 Patch Tuesday Addresses 82 CVEs (CVE-2021-26411) https://ift.tt/3l0UlJ3 In its March release, Microsoft addressed 82 CVEs, including a zero-day vulnerability in Internet Explorer that has been exploited in the wild and linked to a nation-state campaign targeting security researchers. 10Critical 72Important 0Moderate 0Low Microsoft patched 82 CVEs in the March 2021 Patch Tuesday […]

Fortinet Addresses Latest Microsoft Exchange Server Exploits https://ift.tt/3sVwXzs As many as 30,000 businesses and government agencies across the US have been targeted by an aggressive hacking campaign that exploits vulnerabilities in versions of Microsoft Exchange Server, with some experts claiming that “hundreds of thousands” of Exchange Servers have been exploited worldwide. Microsoft is attributing these exploits to a cyber […]

Microsoft Exchange attacks cause panic as criminals go shell collecting https://ift.tt/3vcjp4q Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies […]

SophosLabs Offensive Security releases post-exploitation tool for Exchange https://ift.tt/3t4kGJg A new tool demonstrates how attackers might take advantage of a set of built-in PowerShell scripts Security via Sophos News https://ift.tt/2rvzMHS March 9, 2021 at 09:24PM Andrew Brandt

Welcoming the Portuguese Government to Have I Been Pwned https://ift.tt/2MFJEiA Presently sponsored by: The world’s first company to bring privacy to the internet with zero-knowledge encrypted cloud storage. Try MEGA free and protect your data! I’m pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT, […]

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know https://ift.tt/3dKcglW This blog post was co-authored by Bob Rudis and Caitlin Condon. What’s up? On Feb. 23, 2021, VMware published an advisory (VMSA-2021-0002) describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. Before digging into the individual vulnerabilities, […]

Seven Common Microsoft Active Directory Misconfigurations https://ift.tt/3tBGPQa   The modern IT association has a wide assortment of responsibilities and competing priorities. Therefore, cybersecurity is regularly ignored for projects that quickly affect business operations. Sadly, this working model unavoidably prompts unaddressed vulnerabilities and security misconfigurations in services and Active Directory. Seven of the most common system […]

The February 2021 Security Update Review https://ift.tt/3pbP6XK CVE Title Severity CVSS Public Exploited Type CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2021-26701 .NET Core and Visual Studio Remote Code Execution Vulnerability Critical 8.1 Yes No RCE CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability Important 6.5 Yes No […]

Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086) https://ift.tt/3a65Qex Despite addressing only 56 CVEs, Microsoft’s February 2021 Patch Tuesday release contains fixes for a number of significant security threats, as well as an elevation of privilege vulnerability disclosed by Tenable’s Zero Day Research team. Microsoft patched 56 CVEs in the February 2021 […]

Patch Tuesday – February 2021 https://ift.tt/3q88d5Z The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family Family Vulnerability Count Windows 28 ESU 14 Microsoft Office 11 […]