Microsoft released patches for over 100 flaws for the first time this year yesterday, including one being actively exploited in the wild and four new critical Exchange Server bugs reported by the NSA. The haul of 110 CVEs will keep sysadmins busy, with experts highlighting the zero-day elevation of privilege flaw in Win32k (CVE-2021-28310) as worthy of attention. Although only rated as important, it may have been exploited in attacks for over a month already,…

The US authorities sought a court order to remove web shells running on hundreds of Microsoft Exchange servers, following mass exploitation of vulnerabilities patched in March, it has emerged. The Department of Justice (DoJ) announced the move yesterday, explaining that although system owners managed to remove thousands of malicious scripts from their infected servers, hundreds persisted. Although the attacks started as early as January, one report claimed that as many as 30,000 US Exchange Server…

Let’s Make Security Easy I’ve been hearing a lot lately about tech and information overload, which is understandable given that the average U.S. household now has access to more than ten devices. (No wonder we are all spending more time online!) While technology allows us to be incredibly productive and connected, it can make our lives more complicated, especially if we are concerned about our privacy. We know that with each new digital capability or…

After a year of lockdown, or nearly full lockdown, due to the ongoing health crisis, we learned a lot from how our organizations responded when we all had to change our work habits to a home-office setup. Many companies that had only a casual relationship with Virtual Private Network (VPN) technology had to quickly reach expert-level proficiency in how to connect their entire population in order to save, or hang onto, whatever profit margin they…

Docker Captains are select members of the community that are both experts in their field and are passionate about sharing their Docker knowledge with others. “Docker Captains Take 5” is a regular blog series where we get a closer look at our Captains and ask them the same broad set of questions ranging from what their best Docker tip is to whether they prefer cats or dogs (personally, we like whales and turtles over here)….

Tag CVE Count CVEs Visual Studio Code – Kubernetes Tools 1 CVE-2021-28448 Microsoft NTFS 2 CVE-2021-27096, CVE-2021-28312 Open Source Software 1 CVE-2021-28458 Microsoft Office Word 1 CVE-2021-28453 Microsoft Windows Speech 3 CVE-2021-28347, CVE-2021-28351, CVE-2021-28436 Windows Resource Manager 1 CVE-2021-28320 Windows Installer 4 CVE-2021-26413, CVE-2021-26415, CVE-2021-28437, CVE-2021-28440 Visual Studio 1 CVE-2021-27064 Visual Studio Code – GitHub Pull Requests and Issues Extension 1 CVE-2021-28470 Windows Network File System 1 CVE-2021-28445 Microsoft Office SharePoint 1 CVE-2021-28450 Microsoft Windows…

One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA). Background On April 13, as part of its April 2021 Patch Tuesday release, Microsoft addressed four critical vulnerabilities in Microsoft Exchange Server. The disclosure follows last month’s out-of-band (OOB) security update which addressed four zero-day vulnerabilities in Exchange Server that were exploited in the wild by an advanced persistent threat group known as…