Daily Archives: March 16, 2022

News

CISA: Fix MFA and Patch Promptly to Stop Russian Attackers

Read Time:3 Second

Alert explains how misconfigured authentication allowed hackers in

Read More

News

Top tools and best practices for WordPress security

Read Time:39 Second

If you run a WordPress website, you need to get serious about keeping it as secure as possible. WordPress continues to be a widespread target for hackers. Last November, more than a million GoDaddy-managed WordPress customers were part of a breach that could have exposed their email addresses, private SSL keys, and admin passwords. The attacker was apparently able to operate undetected inside the company’s networks for two months.

In February, Ukrainian university WordPress websites were attacked as the Russian invasion began. Another attack on a WordPress server redirected traffic to malicious websites where visitors would receive malware. Going back in time, a botnet used compromised WordPress servers to attack others in 2018 and another series of attacks in 2019.

To read this article in full, please click here

Read More

News

Preparing Microsoft cloud networks for regional disruptions

Read Time:1 Minute, 0 Second

We live in an always-on world of 24/7 websites, servers, help desks and internet connectivity—that is, until it’s not connected. The Ukrainian crisis shows that IT and security admins of Microsoft environments need to be aware of geographic and other risks they might not have considered yet.

As we move servers to the cloud, have we considered the impact of geographic and geopolitical issues and boundaries? Cases in point:

Microsoft’s Brad Smith recently announced it would shut down new sales of Microsoft services to Russia.
Apple and Google announced similar positions halting product and advertising sales, respectively.
VMWare has announced an immediate suspension of all business operations in Russia and Belarus.

Any international business must think about local security and privacy policies and regulations they must follow to be compliant everywhere they operate. If you do business in Germany, you must abide by the European Union’s General Data Protection Regulation (GDPR), which governs how personal data of individuals in the EU may be processed and transferred. Have customers in California? You are subject to security and privacy laws of both the United States and California.

To read this article in full, please click here

Read More

Advisories

Post Title

Read Time:31 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Read More

Advisories

CVE-2020-36519

Read Time:14 Second

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)

Read More