RSS_Virtulization

In my previous post, I disclosed that SonicWall had quietly released vulnerability fixes over the course of several days before vulnerability advisories were published for CVE-2020-5135. Rather than properly fixing CVE-2020-5135, SonicWall’s fix introduced a new vulnerability in the same code. SonicWall was aware of the new vulnerability but deferred the small fix until the next release, more than 6 months later. These disclosures, more than most, touched into a couple of interesting topics with…

Today’s VERT Alert addresses Microsoft’s July 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-954 on Wednesday, July 14th. In-The-Wild & Disclosed CVEs CVE-2021-34527 The vulnerability dubbed PrintNightmare was patched prior to the Tuesday patch drop, but it is still worth including here. This vulnerability also generated a bit of confusion. There is confusion around the CVE associated with the vulnerability. CVE-2021-1675 was patched in June and…

In the latest VMware multi-cloud podcast, Eric Nielsen (@ericnpro) and I (@djasso7494) sat down with Mandy Storbakken to discuss DevOps and its relationship to Cloud Management.  Mandy is a Senior Technical Manager leading VMware’s Emerging Business Solution Architects.   She is also a core member of the VMware Cloud Management Center of Excellence team and in her most recent role before this one, Mandy was a VMware Cloud Technologist with a primary focus on Multi-Cloud Management….

It’s widely accepted that people are the weakest part of any organisation’s security defences. You can spend months designing flawless processes and you can invest in state-of-the-art technology to detect threats, but these both only work if the people using them know what they’re doing. That’s why information security policies are arguably the most important part of an organisation’s defence. They are a list of instructions for staff to follow in various scenarios, covering a…

Small business owners are getting a special deal on their online protection through a partnership between McAfee and Visa. With new ways of working creating online opportunities and risks for small business owners, McAfee and Visa have come together to offer comprehensive protection for a changed business landscape.  Designed to help you minimize costs and unexpected interruptions to your business, McAfee® Security for Visa cardholders provides award-winning antivirus, ransomware, and malware protection for all your company devices including PCs, smartphones, and tablets on all major platforms. Visa Small Business cardholders automatically save up to 40%…

Small business owners are getting a special deal on their online protection through a partnership between McAfee and Visa. With new ways of working creating online opportunities and risks for small business owners, McAfee and Visa have come together to offer comprehensive protection for a changed business landscape.  Designed to help you minimize costs and unexpected interruptions to your business, McAfee® Security for Visa cardholders provides award-winning antivirus, ransomware, and malware protection for all your company devices including PCs, smartphones, and tablets on all major platforms. Visa Small Business cardholders automatically save up to 40%…

CVE-2021-34464 and CVE-2021-34522 | Microsoft Defender Remote Code Execution Vulnerability CVE-2021-34464 and CVE-2021-34522 are RCE vulnerabilities in the Microsoft Malware Protection Engine. Both of these vulnerabilities received CVSSv3 scores of 7.8 and are rated as “Exploitation Less Likely,” but we chose to highlight them due to in-the-wild exploitation of a similar flaw, CVE-2021-1647, in January. While CVE-2021-1647 was a zero-day, the ubiquity of Microsoft Defender makes this a noteworthy vulnerability. Fortunately, Microsoft Defender…