Comprehensive vulnerability scans and security assessments to identify and mitigate risks, protecting your network and systems from potential threats
I recently encountered the error message “The Group Policy settings for BitLocker startup options are in conflict and cannot be applied. Contact your system administrator for more information” during a BitLocker Encryption setup. The issue occurred while attempting to turn on BitLocker encryption through the Control Panel. The group policy setting for BitLocker may cause…
Experience the future of enhanced security with New Windows 11 encryption features. Windows 11 not only keeps you connected to the news and information you care about through Widgets, but it also introduces a personalized feed driven by AI and delivers top-notch browsing performance with Microsoft Edge. In this article, we shall discuss “New Windows…
Read More “New Windows 11 encryption features and security enhancements for Hybrid Work” »
VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling vSphere environments for visibility across hybrid clouds. You can quickly deploy vCenter Server as a pre-packaged, optimized, and easy-to-maintain virtual appliance. This article discusses “CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability”. Please see How to schedule and…
In this article, we shall discuss why an MBAM-protected device is non-compliant. MBAM includes log information for server installation, client installation, and events. This log should be referred to for troubleshooting. MBAM has separate event-logging channels. The Admin, Analytical, and Operational log files are located in Event Viewer, under Application and Services Logs > Microsoft…
Read More “How to determine why an MBAM-protected device is non-compliant” »
In this guide we shall discuss how to fix WDAC vulnerabilities by updating PowerShell. Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11 by setting policies that specify whether a driver or application is trusted. A policy includes policy rules that control options such as audit mode and file rules (or file rule levels)…
Read More “Fix WDAC vulnerabilities by updating PowerShell” »
Just-in-Time (JIT) Access is one of the features of Azure Security Center. Azure Security Center by Microsoft is a solution that gives unified security management across hybrid cloud workloads. It offers threat protection for data centers within both cloud workloads and on-premises. The platform also works with hybrid clouds that aren’t a part of Azure….
Read More “How to secure access to your Virtual Machine with Just-in-Time (JIT) VM Access” »
A Razer Synapse is a software that allows users to configure their hardware devices, set up macros, or map buttons. Recently, security researchers uncovered a zero-day vulnerability in Razer devices. This vulnerability allowed attackers to gain Windows administrative rights gained through Razer devices like mouse or keyboard when plugged in. Razer, a popular computer peripheral…
Read More “Administrative rights gained through Razer devices on Windows 10” »
Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. As stated by Microsoft, a “remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could…
Read More “Mitigate Windows Print Spooler Remote Code Execution Vulnerability” »
Synology NAS is a multi-functional Network-Attached Storage server, that serves as a file-sharing centre within an organization’s intranet. Moreover, it is specially designed for a variety of purposes, allowing users to perform the following tasks with the web-based Synology DiskStation Manager (DSM). In this guide, we shall discuss “Synology Best Practice to remediate StealthWorker Botnet…
In this article, we shall discuss “BitLocker Back Door: Stolen laptop to inside the company network”. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. See the following guide on enabling FileVault disk encryption on a…
Read More “BitLocker Back Door: Stolen laptop to inside the company network” »
In this guide, we will discuss “PetitPotam attack on AD Certificate Services: mitigate NTLM”. Recently, Lionel Gilles, a French-based Offensive Computer Security researcher based in Paris, France published a PoC tool on NTLM Relay Attacks known as PetitPotam that exploits the MS-EFSRPC (Encrypting File Services Remote Protocol). Here is an example of such documents: NT LAN Manager:…
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files. Including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data. Or create new accounts with…
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The “PrintNightmare patch” is now…
Read More “PrintNightmare security update for Windows Server and Windows 10” »
