What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Security News

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Following Microsoft’s release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of “active exploitation” of the vulnerabilities. The alert comes on the heels of Microsoft’s disclosure that China-based hackers . . . Read more

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

Okta to Buy Rival Auth0

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-27940PUBLISHED: 2021-03-03 resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter. CVE-2021-21312PUBLISHED: 2021-03-03 GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison . . . Read more

More Details Emerge on the Microsoft Exchange Server Attacks

The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous. Security researchers believe attacks exploiting four critical Microsoft Exchange Server vulnerabilities extend beyond the “limited and targeted” incidents reported by Microsoft this week when . . . Read more

CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-21312PUBLISHED: 2021-03-03 GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > . . . Read more