• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH

Vulnerability

XorDdos, Linux DDoS Trojan

Microsoft Temporarily Disables Exploited MSIX Protocol Handler

February 7, 2022 Zachary Comeau Leave a Comment

Microsoft says that it has disabled the MSIX ms-appinstaller protocol and is working on a fix after a security bug was discovered that allows an attacker to spoof App Installer. According to a Microsoft Tech Community blog, an attacker could spoof App Installer to install a package that a user did not intend to install. […]

Read More

MIcrosoft Okta Lapsus$

Patch Now: RCE Vulnerability Found in Samba

February 2, 2022 Zachary Comeau Leave a Comment

Researchers have discovered an Out-of-Bounds Heap Read/Write vulnerability in Samba that could allow unauthenticated remote attackers to execute arbitrary code on affected installations of the free software. The bug, tracked as CVE-2021-44142, was initially discovered at the Pwn2Own event in Austin, and researchers with Trend Micro’s Zero Day Initiative discovered additional variants of the bug […]

Read More

Log4Shell, Log4j, CVE-2021-44228

Use These Free, Publicly Available Log4j Scanning Tools

December 29, 2021 Zachary Comeau Leave a Comment

Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic earlier this month. The Apache Foundation has since fixed the bugs and issued patches, so the onus is now on software developers and administrators to patch software and apply the fixes. Since Log4j is a hugely popular Java […]

Read More

Log4j, Older Vulnerabilities

Which Products Are Impacted By the Log4j Vulnerability?

December 15, 2021 Zachary Comeau Leave a Comment

Multiple governments have released a long list of IT vendors and their products that are impacted by the Log4j vulnerability, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Dutch National Cyber Security Centrum (NCSC) The two agencies are maintaining running lists of vendors impacted by the vulnerability on their respective GitHub repositories, […]

Read More

December Microsoft Patches

Prioritize These December Microsoft Patches

December 14, 2021 Zachary Comeau Leave a Comment

As system administrators, cybersecurity experts and other IT professionals work around the clock to address the Log4j vulnerability, Microsoft, Google, Apple, Adobe released a slew of security patches this week that address significant software flaws. Microsoft and Adobe followed the typical patch Tuesday cycle, releasing a total of 78 patches across products from the two […]

Read More

Tenable Cyber Insurance Report, Vulnerability Management, Cyber, Cybersecurity insurance

Critical Vulnerability in Java Logging Library Log4j Is Being Actively Exploited

December 10, 2021 Zachary Comeau Leave a Comment

Security researchers have discovered a new easy-to-exploit zero-day vulnerability in the ubiquitous Java logging library Apache Log4j 2 that could give attackers the ability to execute unauthenticated remote code execution. The U.S. Cybersecurity and Infrastructure Security Agency, along with dozens of cybersecurity providers, have issued alerts and advisories of the vulnerability, CVE-2021-44228, which they warn […]

Read More

Microsoft January Patch Tuesday

Microsoft Introduces Emergency Mitigation Tool For Exchange Server

September 27, 2021 Zachary Comeau Leave a Comment

Microsoft is introducing a new security feature in Exchange Server designed to protect against security threats that have known mitigations. According to the company, the Emergency Mitigation feature is a built-in version of the Exchange On-premises Mitigation Tool (EOMT) that works with the cloud-based Office Config Service (OCS) to provide protection against known threats. It’s […]

Read More

Microsoft January Patch Tuesday

What You Need To Know About The MSHTML Vulnerability

September 9, 2021 Zachary Comeau Leave a Comment

Microsoft is warning of a new zero-day vulnerability in Windows MSHTML that allows attackers to perform remote code execution via a malicious ActiveX control and a Microsoft Office document. Microsoft and CISA issued warnings about the vulnerability this week, with both saying the vulnerability has been exploited in the wild. It has been assigned to […]

Read More

Azure AD Unmanaged Accounts

What IT Admins Need To Know About the Azure Cosmos DB Vuln

August 31, 2021 Zachary Comeau Leave a Comment

Microsoft has released additional guidance to mitigate the cloud vulnerability in the Azure Cosmos DB Jupyter Notebook feature, but reaffirms that only a “subset” of customers who had the feature enabled were vulnerable. Further, no customer data was accessed because of this vulnerability, and impacted customers who’s primary read-write keys may have been impacted were […]

Read More

Windows Linux Vulnerabilities

Windows, Linux Users Have New Local Privilege’s Elevation Vulns To Mitigate

July 21, 2021 Zachary Comeau Leave a Comment

As if the list of software vulnerabilities and cybersecurity threats to mitigate isn’t long enough already, IT professionals now need to be aware of newly disclosed vulnerabilities in Windows and Linux operating systems that could give local attackers elevated privileges. Both vulnerabilities were disclosed Tuesday and come as IT professionals grapple with keeping systems up […]

Read More

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Primary Sidebar

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial Integrator Security Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.