Category: Security | Vulnerability Scans and Assessment

Comprehensive vulnerability scans and security assessments to identify and mitigate risks, protecting your network and systems from potential threats

New Windows 11 encryption features and security enhancements for Hybrid Work

Posted on Christian By Christian No Comments on New Windows 11 encryption features and security enhancements for Hybrid Work
New Windows 11 encryption features and security enhancements for Hybrid Work

Experience the future of enhanced security with New Windows 11 encryption features. Windows 11 not only keeps you connected to the news and information you care about through Widgets, but it also introduces a personalized feed driven by AI and delivers top-notch browsing performance with Microsoft Edge. In this article, we shall discuss “New Windows…

Read More “New Windows 11 encryption features and security enhancements for Hybrid Work” »

Security | Vulnerability Scans and Assessment, Windows

CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability 

Posted on Christian By Christian No Comments on CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability 
CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability 

VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling vSphere environments for visibility across hybrid clouds. You can quickly deploy vCenter Server as a pre-packaged, optimized, and easy-to-maintain virtual appliance. This article discusses “CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability”. Please see How to schedule and…

Read More “CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability ” »

Security | Vulnerability Scans and Assessment

How to determine why an MBAM-protected device is non-compliant

Posted on Christian By Christian No Comments on How to determine why an MBAM-protected device is non-compliant
How to determine why an MBAM-protected device is non-compliant

In this article, we shall discuss why an MBAM-protected device is non-compliant. MBAM includes log information for server installation, client installation, and events. This log should be referred to for troubleshooting. MBAM has separate event-logging channels. The Admin, Analytical, and Operational log files are located in Event Viewer, under Application and Services Logs > Microsoft…

Read More “How to determine why an MBAM-protected device is non-compliant” »

Security | Vulnerability Scans and Assessment, Windows Server

Fix WDAC vulnerabilities by updating PowerShell

Posted on Christian By Christian No Comments on Fix WDAC vulnerabilities by updating PowerShell
Fix WDAC vulnerabilities by updating PowerShell

Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11 by setting policies that specify whether a driver or application is trusted. A policy includes policy rules that control options such as audit mode and file rules (or file rule levels) that specify how applications are identified and trusted. . Please see Configure Multiple IP…

Read More “Fix WDAC vulnerabilities by updating PowerShell” »

Security | Vulnerability Scans and Assessment

How to secure access to your Virtual Machine with Just-in-Time (JIT) VM Access

Posted on Imoh Etuk By Imoh Etuk No Comments on How to secure access to your Virtual Machine with Just-in-Time (JIT) VM Access
How to secure access to your Virtual Machine with Just-in-Time (JIT) VM Access

Just-in-Time (JIT) Access is one of the features of Azure Security Center. Azure Security Center by Microsoft is a solution that gives unified security management across hybrid cloud workloads. It offers threat protection for data centers within both cloud workloads and on-premises. The platform also works with hybrid clouds that aren’t a part of Azure….

Read More “How to secure access to your Virtual Machine with Just-in-Time (JIT) VM Access” »

AWS/Azure/OpenShift, Security | Vulnerability Scans and Assessment

Administrative rights gained through Razer devices on Windows 10

Posted on Christian By Christian No Comments on Administrative rights gained through Razer devices on Windows 10
Administrative rights gained through Razer devices on Windows 10

A Razer Synapse is a software that allows users to configure their hardware devices, set up macros, or map buttons. Recently, security researchers uncovered a zero-day vulnerability in Razer devices. This vulnerability allowed attackers to gain Windows administrative rights gained through Razer devices like mouse or keyboard when plugged in. Razer, a popular computer peripheral…

Read More “Administrative rights gained through Razer devices on Windows 10” »

Security | Vulnerability Scans and Assessment

Mitigate Windows Print Spooler Remote Code Execution Vulnerability

Posted on Christian By Christian No Comments on Mitigate Windows Print Spooler Remote Code Execution Vulnerability
Mitigate Windows Print Spooler Remote Code Execution Vulnerability

Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. As stated by Microsoft, a “remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could…

Read More “Mitigate Windows Print Spooler Remote Code Execution Vulnerability” »

Security | Vulnerability Scans and Assessment

Synology NAS brute-force attack: Employ Synology Best Practice to remediate StealthWorker Botnet attack

Posted on Christian By Christian No Comments on Synology NAS brute-force attack: Employ Synology Best Practice to remediate StealthWorker Botnet attack
Synology NAS brute-force attack: Employ Synology Best Practice to remediate StealthWorker Botnet attack

Synology NAS is a multi-functional Network-Attached Storage server, that serves as a file-sharing centre within an organization’s intranet. Moreover, it is specially designed for a variety of purposes, allowing users to perform the following tasks with the web-based Synology DiskStation Manager (DSM). In this guide, we shall discuss “Synology Best Practice to remediate StealthWorker Botnet…

Read More “Synology NAS brute-force attack: Employ Synology Best Practice to remediate StealthWorker Botnet attack” »

Security | Vulnerability Scans and Assessment

BitLocker Back Door: Stolen laptop to inside the company network

Posted on Christian By Christian No Comments on BitLocker Back Door: Stolen laptop to inside the company network
BitLocker Back Door: Stolen laptop to inside the company network

In this article, we shall discuss “BitLocker Back Door: Stolen laptop to inside the company network”. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. See the following guide on enabling FileVault disk encryption on a…

Read More “BitLocker Back Door: Stolen laptop to inside the company network” »

Security | Vulnerability Scans and Assessment

PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attack on AD CS

Posted on Christian By Christian No Comments on PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attack on AD CS
PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attack on AD CS

In this guide, we will discuss “PetitPotam attack on AD Certificate Services: mitigate NTLM”. Recently, Lionel Gilles, a French-based Offensive Computer Security researcher based in Paris, France published a PoC tool on NTLM Relay Attacks known as PetitPotam that exploits the MS-EFSRPC (Encrypting File Services Remote Protocol). Here is an example of such documents: NT LAN Manager:…

Read More “PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attack on AD CS” »

Security | Vulnerability Scans and Assessment

Workaround for “SeriousSAM or HiveNightmare” registry vulnerability for Windows 10 and 11

Posted on Christian By Christian 2 Comments on Workaround for “SeriousSAM or HiveNightmare” registry vulnerability for Windows 10 and 11
Workaround for “SeriousSAM or HiveNightmare” registry vulnerability for Windows 10 and 11

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files. Including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data. Or create new accounts with…

Read More “Workaround for “SeriousSAM or HiveNightmare” registry vulnerability for Windows 10 and 11” »

Security | Vulnerability Scans and Assessment

PrintNightmare security update for Windows Server and Windows 10

Posted on Christian By Christian No Comments on PrintNightmare security update for Windows Server and Windows 10
PrintNightmare security update for Windows Server and Windows 10

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The “PrintNightmare patch” is now…

Read More “PrintNightmare security update for Windows Server and Windows 10” »

Security | Vulnerability Scans and Assessment

Out-of-Band Security Update for PrintNightmare: Patch released for Windows Print Spooler Remote Code Execution Vulnerability

Posted on Christian By Christian No Comments on Out-of-Band Security Update for PrintNightmare: Patch released for Windows Print Spooler Remote Code Execution Vulnerability
Out-of-Band Security Update for PrintNightmare: Patch released for Windows Print Spooler Remote Code Execution Vulnerability

Microsoft has released an Out-of-Band (OOB) security update for CVE-2021-34527, which is also referred to as PrintNightmare. This is a cumulative update release. Therefore, it contains all previous security fixes and should be applied immediately to fully protect your systems.  This fix addresses the public known Print Spooler vulnerability (PrintNightmare). It also includes a new feature that allows customers to implement stronger protections. See this…

Read More “Out-of-Band Security Update for PrintNightmare: Patch released for Windows Print Spooler Remote Code Execution Vulnerability” »

Security | Vulnerability Scans and Assessment