ManagedServices - Cornerstone.IT

IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations (April 2022)

Security Advisory: VMware ESXi, Workstation and Fusion –Multiple vulnerabilities

Security Advisory: Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

Microsoft Exchange Y2K22 email delivery failure

“The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself,” according to the Microsoft Exchange Team.

iManage Security Vulnerability due to third-party Apache component Log4j

If not mitigated, potential remote exploits to an Apache component called Log4J can be executed by a malicious attacker. This vulnerability is known worldwide as CVE-2021-44228. Check this iManage Security Advisory.

Alert: Third-party Security Vulnerability Affects On-Premises versions of iManage Systems (Apache)

The iManage Security team identified a vulnerability affecting on-premises versions of iManage products.
It is an exploit targeting the Apache HTTP Server which if not mitigated, can be exploited under certain conditions.

Alert: VMware vCenter Server Privilege Escalation Vulnerability

VMware has investigated and confirmed possible exploits that can be performed by a malicious attacker using “privileged account escalation” method. Learn how to mitigate with the provided remediation tasks.

Microsoft Exchange Server Vulnerabilities On-Premises & Hybrid

Microsoft released patches and fixes during this week’s November Patch Tuesday. The report identified 55 vulnerabilities on Microsoft Windows, including on-premises (locally installed) products such as Microsoft Office (Microsoft Excel), Microsoft Edge browser and – most importantly – Microsoft Exchange.

Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition – Unauthenticated Denial of Service

Nobelium – Targeting CSPs, MSPs, & Other IT Service Providers

You may recall Nobelium from the infamous software supply chain attack on SolarWinds in 2020 that enabled bad actors access to various US government computers. Nobelium has been busy replicating its success on new prey: CSPs (Cloud Service Providers), MSPs (Managed Services Providers), and other IT service providers.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tag: ManagedServices

IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations (April 2022)

Security Advisory: VMware ESXi, Workstation and Fusion –Multiple vulnerabilities

Microsoft Exchange Y2K22 email delivery failure

iManage Security Vulnerability due to third-party Apache component Log4j

Alert: Third-party Security Vulnerability Affects On-Premises versions of iManage Systems (Apache)

Alert: VMware vCenter Server Privilege Escalation Vulnerability

Microsoft Exchange Server Vulnerabilities On-Premises & Hybrid

Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition – Unauthenticated Denial of Service

Nobelium – Targeting CSPs, MSPs, & Other IT Service Providers

Services

Partners

Company

The Corner View

CISCO IOS and IOS XE Software Vulnerabilities

Google Chrome (Desktop) Multiple Security Vulnerabilities

Mozilla Firefox Desktop – Critical Security Vulnerabilities

Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26162)

VMWare ESXi 7.0 and 8.0 Multiple Vulnerabilities

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-26192)

Critical Connectwise ScreenConnect Vulnerabilities (CVE-2024-1709 & CVE-2024-1708)

More Posts →