VMware has released new security updates to address a critical authentication bypass vulnerability present in its multiple products. The company warned that the bug could enable threat actors to gain administrative privileges on target systems. Tracked as CVE-2022-31656, the flaw was discovered by the security researcher Petrus Viet. VMware assigned the authentication bypass vulnerability a…
Microsoft has announced two new security services to enhance the threat intelligence capabilities of its Microsoft Defender platform. The new Defender Threat Intelligence and Defender External Attack Surface Management tools are a result of Microsoft’s acquisition of the cybersecurity company RiskIQ in July 2021. First up, the Microsoft Defender Threat Intelligence (MDTI) service provides enterprise…
Microsoft has published a security advisory about a new wave of malware attacks that target Exchange Servers. The company has warned IT admins that threat actors are increasingly using malicious Internet Information Services (IIS) modules to install backdoors and steal credentials. For those unfamiliar, Internet Information Services (IIS) is a web server that lets developers…
In this article, we are going to take a brief look at what Azure Sphere is and how it is helping to protect Internet of Things (IoT) devices with additional security overlay. In today’s world, we are surrounded by billions of devices – all with microcontrollers embedded in them for control and to add logic….
Last Update: Jul 25, 2022
Security researchers have uncovered five critical vulnerabilities in Microsoft Azure Defender for IoT. The Redmond giant has already released new security patches to address these exploits, and it recommends all enterprise customers to install them as soon as possible. According to a report from SentinelOne‘s SentinelLabs, these security vulnerabilities were first discovered by researchers Kasif…
Last Update: Jul 23, 2022
Missy Januszko provides an overview of PowerShell remoting and explains the use of different cmdlets for managing multiple machines at once.
Microsoft has announced its plans to retire the built-in Windows Information Protection (WIP) feature in its client operating system. The software giant has decided to sunset the data leak prevention capability in favor of its paid subscription service, Microsoft Purview. Windows Information Protection (previously known as enterprise data protection (EDP) is a useful feature that…
Atlassian has disclosed a new critical flaw in its Confluence Server and Data Center products. The company explained in its security advisory that the vulnerability (CVE-2022-26138) lets unauthorized users use hardcoded credentials to get full access to Confluence. According to Atlassian, the flaw exists in its Questions for Confluence app. It is designed to help…
Microsoft is launching today Microsoft Cloud for Sovereignty, a new cloud offering for the government sector. The new cloud solution is meant to help government and public sector customers build, move, and operate sensitive data and workloads in the cloud while supporting the highest security and compliance standards. A sovereign cloud is a cloud infrastructure…
The US Department of Homeland Security has issued a security advisory about the risks associated with Log4j vulnerabilities. The DHS’ Cyber Safety Review Board (CSRB) warned that the security flaw is expected to affect federal agencies and organizations until at least 2032. For those unfamiliar, Apache Log4j is a popular open-source Java-based logging framework. It…