Our news
-
Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)
Original release date: February 10, 2021 Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC)…
-
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications.
-
Intel Squashes High-Severity Graphics Driver Flaws
Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.
-
Actively Exploited Windows Kernel EoP Bug Allows Takeover
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday — including 11 critical and six publicly known. And, it continued to address the Zerologon bug.
-
Attackers Exploit Critical Adobe Flaw to Target Windows Users
A critical vulnerability in Adobe Reader has been exploited in “limited attacks.”
-
Microsoft Releases February 2021 Security Updates
Original release date: February 9, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and Deployment Information and apply the necessary updates. This…
-
Microsoft Warns of Windows Win32k Privilege Escalation
Original release date: February 9, 2021 Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages users and administrators to review Microsoft Advisory…
-
What happens when your SIEM deployment has stalled?
As we discussed in a previous blog post, there are several reasons why SIEM deployments fail. When choosing a new solution there are many things to keep in mind before you choose the right fit for your company. Unfortunately, many of us have run into situations where a SIEM solution was purchased and the deployment…
-
Critical WordPress Plugin Flaw Allows Site Takeover
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.
-
Mozilla Releases Security Updates for Firefox and Firefox ESR
Original release date: February 8, 2021 Mozilla has released security updates addressing a vulnerability affecting Firefox and Firefox ESR. An attacker can take advantage of this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Firefox 85.0.1 and Firefox ESR 78.7.1 and apply…