Author: DEFENDEDGE
-
Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472. Read more
-
NSA Releases Guidance on Encrypted DNS in Enterprise Environments
Original release date: January 15, 2021 The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command… Read more
-
Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls
Security researchers lambasted the controversial macOS Big Sur feature for exposing users’ sensitive data. Read more
-
Apache Releases Security Advisory for Tomcat
Original release date: January 15, 2021 The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122 and upgrade to the appropriate version.… Read more
-
Cloud Attacks Are Bypassing MFA, Feds Warn
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted. Read more
-
RCE Vulnerability Affecting Microsoft Defender
Original release date: January 14, 2021 Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages users and administrators to review Microsoft Advisory… Read more
-
Ring Adds End-to-End Encryption to Quell Security Uproar
The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns. Read more
-
High-Severity Cisco Flaw Found in CMX Software For Retailers
Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers. Read more
-
Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover
Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs. Read more
-
Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments
Original release date: January 13, 2021 CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices. In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to… Read more