A couple of weeks ago a new case exploded around Azure virtual machines, and on-premises as well, and specifically those Linux with Open Management Infrastructures on board. In deep there are three Elevation of Privilege (EoP) vulnerabilities (CVE-2021-38645, CVE-2021-38649, CVE-2021-38648) and one unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2021-38647). Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise […]
Questo articolo è disponibile anche in lingua italiana al seguente link: Attack Surface Reduction: cos’è e come configurarlo al meglio | WindowServer.it Attack Surface Reduction (ASR) are rules that are part of Windows Defender Exploit Guard that block certain processes and activities, with the aim of limiting risks and helping to protect your organization. Attacks […]
Questo articolo è disponibile anche in lingua italiana al seguente link: Microsoft Endpoint Manager: configurare il Windows Firewall | WindowServer.it The Cloud-Only scenario is becoming stronger in the client environment, especially for SMEs where many of the services are delegated outside the corporate infrastructure. However, there remains the age-old compliance issue that, in the absence […]
There seems to be no peace for IT administrators who have faced a new attack on their infrastructure these days. The QNAP storage are the target which, due to a vulnerability, CVE-2020-2509 and CVE-2020-36195, can allow malicious users to encrypt all user data with consequent ransom demand. The attack, called Qlocker, starts from a 7-zip […]
Questo articolo è disponibile anche in lingua italiana al seguente link: Microsoft Defender for Identity: implementazione e gestione | WindowServer.it The protection of your IT infrastructure must pass strictly by the Domain Controllers, because they are the ones who authenticate the various objects but also because they are the first to be under attack by […]
Questo articolo è disponibile anche in lingua italiana al seguente link: Microsoft Defender for Endpoint: prevenire Egregor Ransomware | WindowServer.it The 2020 ended with the arrival of a new protagonist in the already vast panorama of ransomware, which has affected hundreds of companies, from SMB to Enterprise. Egregor, this is its name, combines techniques of […]
Questo articolo è disponibile anche in lingua italiana al seguente link: Microsoft Local Administrator Password Solution: implementazione e gestione | WindowServer.it Computer security goes through every single detail and clients are perhaps the aspect on which to focus the major forces, because they are more exposed and because they are used by users who ignore […]
In a previous article I’m talked about security and how to disable legacy protocols like TLS 1.0 and TLS 1.1, in order to make our servers / clients more resistant to potential attacks. Clearly, the elimination of old standards calls for new ones and in fact in 2018, the Internet Engineering Task Force (IETF) formalized […]
As you probably know, the PCI Council into one of their Data Security Standard (DSS) has banned all the legacy security protocol about HTTPS, like: TLS 1.0 TLS 1.1 SSL 2.0 SSL 3.0 Well TLS 1.0 and 1.1 was largely based on SSLv3. But these protocols are out-of-date that do not support modern cryptographic algorithms, […]
October will be an important period for all Office 365 admin because, to provide more security and stability, Microsoft will end the support of legacy technologies. First of all, after 13 October Office 2013 client will not be supported to connect to Office 365 services and this means that your users can have issues or […]