dcsimg

New 0-Day Vulnerability in Windows Adobe Type Manager Library Exploited in the Wild

Generally, Microsoft announces vulnerabilities when they release patches on their (in)famous Patch Tuesday releases. That usually means bad actors only have a chance to investigate and exploit a vulnerability after the patch is released, leaving a small window of opportunity to use the vulnerability in attacks before systems have the patch applied. Read More … [Read more...]

New 0-Day Vulnerability in Windows Adobe Type Manager Library Exploited in the Wild

Generally, Microsoft announces vulnerabilities when they release patches on their (in)famous Patch Tuesday releases. That usually means bad actors only have a chance to investigate and exploit a vulnerability after the patch is released, leaving a small window of opportunity to use the vulnerability in attacks before systems have the patch applied. Read More … [Read more...]

Coronavirus Scams: Staying Safe in Times of Elevated Risk

Email phishing campaigns and malware through emails are nothing new, but when combined with something like a global coronavirus spread, the risk can be even higher—adding significant digital risk on top of the physical risk of infection. It’s common for phishing email and malware creators to capitalize on a current issue. After all, their job is to pique the interest of an end user enough to get … [Read more...]

Coronavirus Scams: Staying Safe in Times of Elevated Risk

<p>Email phishing campaigns and malware through emails are nothing new, but when combined with something like a global coronavirus spread, the risk can be even higher—adding significant digital risk on top of the physical risk of infection.</p> <p>It’s common for phishing email and malware creators to capitalize on a current issue. After all, their job is to pique the interest of … [Read more...]

March 2020 Patch Tuesday Update: 115 individual CVEs

Last month I commented on the sheer size of the fixed vulnerabilities in Microsoft’s February Patch Tuesday release. Well, leave it to Microsoft to one-up me on that number. The March release contains fixes for 115 individual CVEs—26 of which are rated “Critical” and 88 “Important”—with a spread across operating systems, browsers, applications, and a few interesting ones we’ll review … [Read more...]

March 2020 Patch Tuesday Update: 115 individual CVEs

<p>Last month I commented on the sheer size of the fixed vulnerabilities in Microsoft’s February Patch Tuesday release. Well, leave it to Microsoft to one-up me on that number. The March release contains fixes for 115 individual CVEs—26 of which are rated “Critical” and 88 “Important”—with a spread across operating systems, browsers, applications, and a few interesting ones we’ll review … [Read more...]

February 2020 Patch Tuesday Update:  One of the Largest by Vulnerability Count

While January 2020’s “Patch Tuesday” release from Microsoft wasn’t large in size, it had a few “high profile” vulnerabilities that demanded immediate attention. February is a different story.  At the time the patches were released, Microsoft reported only one of the vulnerabilities had an active exploit against it. There are a whopping 99 individual vulnerabilities fixed across operating … [Read more...]

MSPs and the Risk to the Supply Chain—Protecting Yourself and Your Customers

<p>It started with reports from <a href="https://www.us-cert.gov/ncas/alerts/TA17-117A&quot; target="_blank">Department of Homeland Security</a> about a few managed services providers (MSPs) who were compromised, allowing threat actors to use their remote access as a pathway to multiple customers. At first, these appeared to be sophisticated, state-sponsored … [Read more...]

Department of Homeland Security Issues Emergency Directive for Microsoft Critical Vulnerabilities

<p>Today Microsoft released several patches to address critical vulnerabilities. Several were of enough concern to prompt the Department of Homeland Security to issue an <a href=" https://cyber.dhs.gov/ed/20-02/">Emergency Directive</a> ordering all Federal agencies to patch these vulnerabilities within the next ten days.</p> Read More … [Read more...]