Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th. In-The-Wild & Disclosed CVEs CVE-2021-42292 Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features. This vulnerability has seen active exploitation. It is important to note that there may be multiple patches to apply to ensure you are fully…

Dr. Peter Stephenson It’s been a bit over a year since I published my review of Attivo BOTSink and today the company’s product suite does not look at all the same. Of course, one would expect that from a company selected as one of ten Black Unicorns by “Cyber Defense Magazine”, but the differences, while perhaps surprising in some ways, are intuitively logical if one examines the problem Attivo is solving. A year ago my…

Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. He also shows you how. Image: rafapress/Shutterstock I’m going to be honest here, I don’t use a web browser very often on Android. Most often I stick with specific applications. Now, I get that some of those applications are Single Page Web apps that are probably using bits of Chrome under the hood. But as far as using a…

Microsoft patched 55 CVEs in the November 2021 Patch Tuesday release, including six rated as critical, and 49 rated as important. Elevation of privilege (EoP) vulnerabilities accounted for 36.4% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 27.3%. CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-42321 is a RCE vulnerability in Microsoft Exchange Server. The flaw exists due to the improper validation of command-let (cmdlet)…

A full 95% of professionals surveyed by Tripwire believe the government should play a bigger role in securing non-governmental companies. Image: istock/BCFC In response to the recent wave of high-profile ransomware attacks, the U.S. government has been taking a more active role in the battle against cybercrime. Beyond going after ransomware gangs and recovering money stolen from victims, the feds have been announcing new initiatives and pushing federal agencies to better secure themselves. But is…

Small and mid-sized businesses (SMBs) were today granted free access to a virtual security awareness training program. The program was put together by six-year-old security awareness training company Curricula, which is based in Atlanta, Georgia. In a statement released Tuesday, Curricula said: “Our team at Curricula is proud to announce a free security awareness training program designed to help protect organizations with up to 1,000 employees build a security culture at no cost.” Under the training project, any…

  Amandeep Kaur was given a life-changing opportunity to leave her small village and move to the United Kingdom to stay with her aunt and uncle and study Information Security and Computer Forensics at a university of her choice. She followed her passion and, as a result, was able to start a new career in cybersecurity. But, for many women, opportunities like these are hard to find. In this edition of our blog, Amandeep explains…