Search results for: SharePoint

Microsoft Exchange

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About the vulnerabilities (CVE-2022-41040, CVE-2022-41082) CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 allows remote code execution when PowerShell … More

Patch Tuesday

Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)

September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day (CVE-2022-37969) exploited by attackers. About CVE-2022-37969 CVE-2022-37969 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver, and an attacker must already have access and the ability to run code on the target system (e.g., by exploiting another vulnerability or through social engineering) before trying to trigger it. “Post-exploitation flaws such … More

Appointments

Nintex appoints Jeff Teper as board member

Nintex has appointed Jeff Teper as its newest board member. Teper is the President of Collaborative Apps and Platforms at Microsoft which includes Teams, SharePoint, and OneDrive. With more than 30 years of product leadership experience at Microsoft, he brings the right combination of leadership, product advocacy and customer insight to help Nintex build products and services that will help define the process automation market. “Jeff’s depth of experience building and scaling businesses at Microsoft … More

security platform

CyberRes Voltage FAS SmartScan offers data discovery and protection capabilities in one solution

CyberRes has released a new version of Voltage File Analysis Suite (FAS), a cloud platform that combines data discovery and data protection. Among the new features in Voltage FAS is SmartScan, a tool for sampling and dynamic tagging for petabyte scale data discovery, enabling data analysts to find the areas of higher data risk faster. “The new CyberRes Voltage File Analysis Suite takes data security to the next level with its data discovery and protection … More

patch

August 2022 Patch Tuesday forecast: Printers again?

July 2022 Patch Tuesday came and went quietly as expected. Microsoft addressed 40 CVEs in Windows 11 and 46 CVEs in the Windows 10 set of updates. It was a little unusual because there were no Microsoft SharePoint Server updates for the first time in several years. Don’t forget that Oracle released their Critical Patch Updates (CPU) last month as well. Java gets the most attention and last month there were only 5 CVEs addressed … More

Microsoft

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication (MFA) protection to hijack enterprise Microsoft accounts. Post compromise, the attackers have … More

user

Why firms need to harness identity management before it spirals into an identity crisis

Digital transformation is at the top of every organization’s agenda today. But while it is easy to make bold, forward-looking plans on paper, the reality of implementing digitalization can be slow and frustrating work. Many organizations are deeply entrenched in legacy infrastructure that has formed the basis of their operations for decades. Unpacking all these processes to either move them entirely to the cloud or create a hybrid setup involves a vast number of moving … More

security platform

Cato DLP secures and optimizes access to all applications

Cato Networks introduced Cato DLP, a Data Loss Prevention (DLP) engine to protect data across all enterprise applications without complex, cumbersome DLP rules. Cato DLP is part of Cato SSE 360, the only Security Service Edge (SSE) architecture to provide total visibility, optimization, and control of all traffic while providing a seamless migration path to full SASE transformation. Cato has also added Cato SSE Expert Certification, an extension of the industry-leading Cato SASE Expert certification, … More

Patch Tuesday

Microsoft fixes Follina and 55 other CVEs

June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina (CVE-2022-30190), the Microsoft Windows Support Diagnostic Tool (MSDT) RCE that is being widely exploited by attackers. “The update for [CVE-2022-30190] is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to … More

patch

June 2022 Patch Tuesday forecast: Internet Explorer fades into the sunset

May 2022 Patch Tuesday provided the final releases for several Windows 10 operating systems and this month we’ll see the final update for Internet Explorer 11. But don’t go on that family vacation thinking there will be less work to do when you come back with fewer products to support, we have an actively exploited vulnerability to deal with and an anticipated normal release of updates. The hot topic this month has been around CVE-2022-30190, … More

Hornetsecurity 365 Total Protection Enterprise Backup

Review: Hornetsecurity 365 Total Protection Enterprise Backup

Hornetsecurity 365 Total Protection Enterprise Backup is a cloud-based data protection and security solution that provides protection against spam, malware, and other advanced threats, combined with backup and recovery features. The solution is specifically designed for and fully integrated with Microsoft 365, offering email and data protection to customers. Its main objective is to create a simple, secure, and hassle-free environment. Installation It all starts with the onboarding wizard, where you, as the IT admin, … More