RSS_Virtulization

Tag CVE Count CVEs Windows WalletService 2 CVE-2021-26871, CVE-2021-26885 Windows Error Reporting 1 CVE-2021-24090 Windows Media 1 CVE-2021-26881 Windows Installer 1 CVE-2021-26862 Visual Studio 2 CVE-2021-21300, CVE-2021-27084 Windows Storage Spaces Controller 1 CVE-2021-26880 Windows DirectX 1 CVE-2021-24095 Internet Explorer 2 CVE-2021-26411, CVE-2021-27085 Microsoft Office SharePoint 3 CVE-2021-24104, CVE-2021-27052, CVE-2021-27076 Windows Projected File System Filter Driver 1 CVE-2021-26870 Microsoft Office PowerPoint 1 CVE-2021-27056 Microsoft Windows Codecs Library 11 CVE-2021-24089, CVE-2021-24110, CVE-2021-26884, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050,…

In its March release, Microsoft addressed 82 CVEs, including a zero-day vulnerability in Internet Explorer that has been exploited in the wild and linked to a nation-state campaign targeting security researchers. 10Critical 72Important 0Moderate 0Low Microsoft patched 82 CVEs in the March 2021 Patch Tuesday release, including 10 CVEs rated as critical and 72 rated as important. This month’s Patch Tuesday release includes fixes for Application Virtualization, Azure, Azure DevOps,…

The Natural State is considering a new piece of legislation that would hold social media companies accountable for “unfairly censoring or banning someone.” The Arkansas Unfair Social Media Censorship Act would make sites like Twitter, YouTube, Instagram, and Facebook liable for damages if they remove content for “dubious or pretextual” reasons that are inconsistent with their own terms of service.  Arkansas attorney general Leslie Rutledge said: “This legislation would allow everyone, no matter the circumstances, to have…

MITRE ATT&CK enterprise is a “knowledge base of adversarial techniques”.   In a Security Operations Center (SOC) this resource is serving as a progressive framework for practitioners to make sense of the behaviors (techniques) leading to system intrusions on enterprise networks. This resource is centered at how SOC practitioners of all levels can craft purposeful defense strategies to assess the efficacy of their security investments against that knowledge base. To enable practitioners in operationalizing these strategies,…

Telecommunications giant Vodafone is calling for the introduction of new cybersecurity policies to help small businesses in the UK recover from the impact of the global health pandemic. In a statement released today, the company asked Boris Johnson’s government to protect small and medium-sized businesses by providing more support to the National Cyber Security Centre and making cybersecurity protections more accessible. Vodafone proposed that the value-added tax (VAT) on cybersecurity products should be reduced to 5% to ensure that…

Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution (RCE) with critical CVSS (Common Vulnerability Scoring Standard) scores of 9.8, while the remaining two are denial of service (DoS). Microsoft shared detection guidance and proofs of concept with MAPP members for two of the RCE vulnerabilities, CVE-2021-26877 and CVE-2021-26897, which we have confirmed to be within the DNS Dynamic Zone Update…

The latest Docker Desktop release, 3.2, includes support for iTerm2 which is a terminal emulator that is highly popular with macOS fans. From the Containers/Apps Dashboard, for a running container, you can click `CLI` to open a terminal and run commands on the container. With this latest release of Docker Desktop, if you have installed iTerm2 on your Mac, the CLI option opens an iTerm2 terminal. Otherwise, it opens the Terminal app on Mac or…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China Chopper, Gozi, Hafnium, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News…

WhatsApp, Messenger and Telegram are just a few messaging app options to consider. Tom Merritt lists five things you need to know about messaging apps. You can’t spell “messaging” without “mess.” There are dozens of apps and protocols with varying levels of security and protection. How do you choose? Mostly, you choose based on who you’re trying to reach, since everybody seems to use a different one. If you want to try to get your…

English Premier League football club West Ham United appears to have accidently leaked personal data of supporters on its official website, potentially leaving fans exposed to phishing attacks. As reported today by Forbes, multiple details of fans including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into their accounts on the club’s ticketing website. The article stated that the official club website showed several error messages earlier…