New SEO Poisoning Campaign Targeting IT Admins With Malware

Varonis reveals attackers are using SEO poisoning to trick IT admins into downloading malware, alongside a critical root…...

AMD Management Plugin for SCCM Incorrect Default Permissions Vulnerability

Bulletin ID: AMD-SB-9005 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary An incorrect default permissions vulnerability is identified within the AMD Management Plugin for the Microsoft® System Center Configuration Manager SCCM. The plugin is...

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband i.e., modem refers to a processor on the device that's responsible for handling all connectivity, su...

Malvertisers zoom in on cryptocurrencies and initial access

During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have been alternating between different keywords for software downloads such as "Advanced IP Scanner" or "WinSCP"...

IT administrators’ passwords are awful too

The key is under the doormat by the front door. The administrator password is "admin". These are easy to remember clues when you are providing entrance to someone you trust. The problem is that they are also enormously easy to guess. It’s where we would expect an unwanted visitor to check first,...

Arresting IT Administrators

This is one way of ensuring that IT keeps up with patches: Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public...

Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers

FileWave's mobile device management MDM system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass...

Microsoft recognized as a Leader in UEM Software 2022 IDC MarketScape reports

Competition for talent has increased pressure to lead in the digital space, and business decisions now weigh user experience for employees heavily among costs and benefits. Workers insist on experiences that mirror their personal experiences, often on their own devices. As enterprise computing ha...

The Hidden Harm of Silent Patches

Hey all. I'm about to head off to RSAC 2022, but I wanted to jot down some thoughts I've had lately on a particularly squirrelly issue that comes up occasionally in coordinated vulnerability disclosure CVD — the issue of silent patches, and how they tend to help focused attackers and harm IT...

Dell EMC iDRAC9 improper authentication vulnerability

Dell EMC iDRAC9 is an integrated Dell Remote Access Controller that helps IT administrators deploy, update, monitor and maintain servers without installing any additional software.Dell EMC iDRAC9 has an improper authentication vulnerability. An attacker could use this vulnerability to gain...

DELL EMC Repository Manager has an unspecified vulnerability

DELL EMC Repository Manager is an application within the Dell OpenManage product portfolio from Dell USA that allows IT administrators to easily manage system updates.Dell Repository Manager provides a searchable interface for creating custom software collections that are A security vulnerability...

June Patch Tuesday: Internet Explorer Finally Laid to Rest

The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators...

Receiver Clean-Up Utility

Important Notes Please note: You can download the required file from the Citrix downloads website by visiting the following link: https://www.citrix.com/downloads/citrix-tools --- Receiver cleanup utility is not required while upgrading to the Receiver forWindows 4.4 or newer. Receiver for Window...

Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability (ADV200006)

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a use...

Type 1 Font Parsing Remote Code Execution Vulnerability

Microsoft has become aware of limited targeted Windows 7 based attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. We appreciate the efforts of our...

Maze Ransomware Behind Pensacola Attack, Data Breach Looms

The Maze ransomware is likely the culprit behind the recently reported cyberattack on Pensacola, Fla. that occurred earlier this week, which downed systems citywide. In an email sent to county commissioners, IT administrators said that the Florida Department of Law Enforcement said that the...

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB4514604)

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Server 2012 R2 KB4514604 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft...

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB4507422)

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Server 2012 R2 KB4507422 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft...

Microsoft Offers Pro-Tips on Avoiding Credential Theft

With the scourge of digital credential theft on the rise Microsoft is urging IT admin to button-up their networks and get serious about passwords and account security. The IT behemoth posted on Tuesday a best practices cheat sheet for administrators along with updating customers on some of the...

March 2015 Adobe Flash Player Security Update APSB15-05

Adobe this afternoon pushed out a Flash Player update patching 11 critical security vulnerabilities, most of which lead to remote code execution. None are being publicly exploited, Adobe said. Versions 16.0.0.305 and earlier of the Flash Player Desktop and Flash Player for Google Chrome are...