windows

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware'

Posted on April 9, 2025April 9, 2025 by Admin

Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel driver. It allows an attacker who already has standard user access to a system to…

Patch Tuesday: Four Critical Vulnerabilities Paved Over

Posted on November 13, 2024November 13, 2024 by Admin

On Patch Tuesday, Windows systems will be updated with a flood of security fixes. In November, Windows patched four zero-day vulnerabilities, two of which have been exploited. Patch Tuesdays are a good time for admin teams to remind employees of the importance of keeping operating systems and applications up to date. In the meantime, software makers like Microsoft and Adobe will have caught problems and closed backdoors. In addition, as XDA pointed out, sharp-eyed Windows…

Patch Tuesday: Microsoft Catches Four Zero-Day Vulnerabilities

Posted on September 10, 2024September 11, 2024 by Admin

Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe. On Patch Tuesday, which Microsoft calls “Update Tuesday,” other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the…

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Posted on August 14, 2024August 14, 2024 by Admin

Patch Tuesday, Microsoft’s monthly report of security updates, brought 90 CVEs, including some vulnerabilities that were being actively exploited. Some vulnerabilities originated in Chromium, meaning both Microsoft Edge and Google Chrome may have been affected. Here are the most critical flaws and patches disclosed by Microsoft on Aug. 13. Six zero-day flaws had been exploited Threat actors had already taken advantage of six zero-day exploits in particular: CVE-2024-38106: an elevation of privilege vulnerability in the…

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

Posted on June 18, 2024June 19, 2024 by Admin

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, according to a new report. The Software Vulnerability Ratings Report 2024 from patch management software company Action1 also found that Microsoft Office programs are becoming more exploitable, while attackers are targeting load balancers like NGINX and Citrix at a record rate. Action1 analysts used data from the National Vulnerability Database and CVEdetails.com to draw five insights into how the threat landscape changed…

What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature

Posted on May 30, 2024May 30, 2024 by Admin

A new strain of ransomware dubbed ShrinkLocker is being used by cyberattackers to target enterprise computers. It exploits the Microsoft BitLocker encryption feature to encrypt the entire local drive and remove the recovery options before shutting down the PC. ShrinkLocker was discovered by cybersecurity firm Kaspersky, and analysts have observed variants in Mexico, Indonesia and Jordan. BitLocker has been used to stage ransomware attacks in the past, but this strain has “previously unreported features to…

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

Posted on December 8, 2023December 8, 2023 by Admin

Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack. The security researchers named the attack LogoFAIL because of its origins in image parsing libraries. Binarly announced its discovery on Nov. 29 and held a coordinated mass disclosure at the Black Hat Security Conference in…

Microsoft Improves Windows Security with a Path to Move Off NTLM

Posted on November 22, 2023November 23, 2023 by Admin

NTLM is a simple and straightforward authentication method for connecting to applications on enterprise servers, but it’s also outdated and insecure. Despite that, NTLM is still widely used, partly because of inertia but also because the preferred replacement Kerberos doesn’t currently cope with some important scenarios. Now Microsoft plans to extend Kerberos in the versions of Windows and Windows Server that will ship in the next two years to help organizations move off NTLM. Here’s…

Get a Lifetime of Secure VPN Protection for Just $28.97 Until 10/31

Posted on October 30, 2023October 30, 2023 by Admin

Keep your most sensitive data safe and access your favorite content no matter where you are with a lifetime VPN subscription offered at an exclusive price drop. Image: StackCommerce There are few things more important to your business than keeping your most confidential data safe – both yours and your client’s or customer’s. And now you can get affordable lifetime access to a powerful VPN. A lifetime subscription to BulletVPN offers a leading service with…

windows

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware'

Patch Tuesday: Four Critical Vulnerabilities Paved Over

Patch Tuesday: Microsoft Catches Four Zero-Day Vulnerabilities

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

Microsoft Improves Windows Security with a Path to Move Off NTLM

Get a Lifetime of Secure VPN Protection for Just $28.97 Until 10/31

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)