Microsoft Outlook Privilege Elevation Vulnerability (CVE-2023-23397)

CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.

Microsoft Outlook Privilege Elevation Vulnerability (CVE-2023-23397)2023-03-20T04:23:02-04:00

Veeam Backup & Replication Vulnerability (CVE-2023-27532)

A vulnerability been found in Veeam Backup & Replication that enables an unauthenticated user to request encrypted credentials, which can give them access to server hosts used for backup infrastructure.

Veeam Backup & Replication Vulnerability (CVE-2023-27532)2023-03-20T05:00:40-04:00

Citrix Gateway & Citrix ADC remote code exploit (CVE-2022-27518)

Apply latest patch to mitigate zero-day vulnerability CVE-2022-27518 — A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.

Citrix Gateway & Citrix ADC remote code exploit (CVE-2022-27518)2022-12-16T15:07:16-05:00

Microsoft Making Hybrid Work More Secure with New Windows 11 Security Features

Microsoft is stepping up its game to protect Hybrid Workers from cyber threats. The new Windows 11 security features aim to address the ever-growing security concerns of hybrid workers. — What do these new features help with? Read more.

Microsoft Making Hybrid Work More Secure with New Windows 11 Security Features2022-10-06T07:33:21-04:00

IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations (April 2022)

Managing your IT has become complex – contact Cornerstone.IT and learn how our Managed Services can help support the health of your network. IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations April 13, 2022 Contact Cornerstone The following alerts were issued — (click or tap to expand) Spring4Shell Spring4Shell critical security alert – targeting Java Script FrameworkSome products being affected: CitrixCiscoVMware Citrix Security Advisory – Multiple CVE Citrix StoreFront [...]

IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations (April 2022)2022-04-13T08:16:59-04:00

Increase Cyber Vigilance as the Ukraine Conflict Escalates

Increase Cyber Vigilance as the Ukraine Conflict Escalates By Patrick Boyd, CSA With the current conflict and state actors targeting firms, enterprises, and governments, we need to be more aware and careful about our online interactions. Sophisticated attacks are well vetted and can be personal in nature; they have psychological and social aspects that make them appealing and/or disarming. Here at Cornerstone, we always want everyone to stay safe. Cyber-attacks are a constant threat and [...]

Increase Cyber Vigilance as the Ukraine Conflict Escalates2022-02-24T12:16:21-05:00

iManage Security Vulnerability due to third-party Apache component Log4j

If not mitigated, potential remote exploits to an Apache component called Log4J can be executed by a malicious attacker. This vulnerability is known worldwide as CVE-2021-44228. Check this iManage Security Advisory.

iManage Security Vulnerability due to third-party Apache component Log4j2022-12-13T14:54:40-05:00

Going Beyond Passwords

Passwordless Authentication simply means MFA without a password: authenticating with other methods other than a password, such as biometrics, one-off email, or phone verification. MFA is often thought of as a second factor -in addition to a password- typically tied to a phone and approved with a phone call, push, or temporary numerical code. But MFA is more than that.

Going Beyond Passwords2021-11-15T06:35:42-05:00

Security Alert: New Malware called “FoggyWeb” enables hackers to steal Admin Credentials

Alert: New Malware called “FoggyWeb” enables hackers to steal Admin Credentials September 30, 2021 Urgency/Severity: CRITICAL Issue / Vulnerability Digitaltrends.com summarizes the issue as follows: Microsoft has recently discovered another type of malware, named FoggyWeb by Microsoft, that hackers are currently using to remotely steal network admin credentials. The credentials allow the attacker group, which the company has called Nobelium, to hack into admin accounts of the Active Directory Federation Services’ (AD FS) servers and [...]

Security Alert: New Malware called “FoggyWeb” enables hackers to steal Admin Credentials2022-12-13T16:15:36-05:00