IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

 In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

 Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

 Original release date: December 2, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305. 

Pages

Subscribe to RSS - Jay Ferron's blog