Authentication, Azure and SMB

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

Tenable

NOVEMBER 12, 2024

Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate. It was assigned a CVSSv3 score of 9.8

Windows

Windows Software Review Azure Systems Review

Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)

Tenable

SEPTEMBER 10, 2024

Active Directory Lightweight Directory Services Administrative Tools Internet Explorer 11 Internet Information ServicesWorld Wide Web Services LPD Print Service Microsoft Message Queue (MSMQ) Server Core MSMQ HTTP Support MultiPoint Connector SMB 1.0/CIFS Advanced Services ASP.NET 4.6 This vulnerability was assigned a CVSSv3 score of 7.3

Windows

Windows Azure Authentication SMB

Running the OpenTelemetry Collector in Azure Container Apps

Honeycomb

SEPTEMBER 14, 2022

In this post, we’ll look at how to host the OpenTelemetry Collector in Azure Container Apps. What are Azure Container Apps? Azure Container Apps are the latest offering of a Managed Container Runtime in Azure. For this post, we won’t be using Authentication. Step 1: Create a Storage Account and Azure File Share.

Azure

Azure Storage SMB Authentication

Webinars

Prepare Now: 2025s Must-Know Trends For Product And Data Leaders

From Start to Scale: Driving Growth Through Seamless Payments Implementation

MORE WEBINARS

Running the OpenTelemetry Collector in Azure Container Apps

Honeycomb

SEPTEMBER 14, 2022

In this post, we’ll look at how to host the OpenTelemetry Collector in Azure Container Apps. What are Azure Container Apps? Azure Container Apps are the latest offering of a Managed Container Runtime in Azure. For this post, we won’t be using Authentication. Step 1: Create a Storage Account and Azure File Share.

Azure

Azure Storage SMB Authentication

CISA and NSA Cloud Security Best Practices: Deep Dive

Tenable

OCTOBER 8, 2024

The content in the CSIs underscores the importance of concepts such as least privilege, limiting attack surface area and centralizing logs for auditing purposes, as well as the use of tools like key management services (KMS), multi-factor authentication (MFA), and modern encryption protocols. 0 to remote server administration ports.

Cloud

Cloud Google Cloud Storage Data Center

Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713)

Tenable

AUGUST 9, 2022

Azure Batch Node Agent. Azure Real Time Operating System. Azure Site Recovery. Azure Sphere. All three vulnerabilities require authentication and user interaction to exploit — an attacker would need to entice a target to visit a specially crafted Exchange server, likely through phishing. Microsoft ATA Port Driver.

SMB

SMB Azure Windows Disaster Recovery

Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)

Tenable

JUNE 9, 2020

The updates this month include patches for Microsoft Windows, Microsoft Edge, ChakraCore, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps and Adobe Flash Player. This flaw can be exploited on an authenticated server or against an SMB client.

SMB

SMB Software Review Systems Review Windows

Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190)

Tenable

JUNE 14, 2022

Azure Real Time Operating System. Azure Service Fabric Container. Windows SMB. this vulnerability can be exploited by a local, authenticated attacker. CVSSv3 score and can be exploited by a local, authenticated attacker. This month’s update includes patches for: NET and Visual Studio. Microsoft Office.

Windows

Windows Azure Internet SMB

Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)

Tenable

MARCH 8, 2022

Azure Site Recovery. Windows SMB Server. An authenticated user can exploit this vulnerability to execute arbitrary code on an affected server. While an attacker must be authenticated to exploit this vulnerability, Microsoft strongly recommends patching or applying the suggested workarounds as soon as possible.

Windows

Windows Authentication SMB .Net

Palo Alto Networks Recognized in Critical Capabilities Report

Palo Alto Networks

MAY 22, 2023

We received the highest scores out of all vendors in the Enterprise Edge and Distributed Enterprise use cases, and second highest scores in the Enterprise Data Center and SMB use cases. It provides complete visibility across public multicloud environments for both Cloud NGFW for AWS and the latest platform product Cloud NGFW for Azure.

Network

Network Report Firewall Data Center

Microsoft’s April 2021 Patch Tuesday Addresses 108 CVEs (CVE-2021-28310)

Tenable

APRIL 13, 2021

Azure AD Web Sign-in. Azure DevOps. Azure Sphere. Windows SMB Server. Two of the four flaws, CVE-2021-28480 and CVE-2021-28481, are pre-authentication vulnerabilities, which means they can be exploited by remote, unauthenticated attackers without the need for any user interaction. Microsoft Edge (Chromium-based).

Windows

Windows Azure SMB Report

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)

Tenable

APRIL 12, 2022

Azure Site Recovery. Windows SMB. EoP flaws like this one are leveraged post-authentication, after an attacker has successfully accessed a vulnerable system, to gain higher permissions. Microsoft patched 117 CVEs in its April 2022 Patch Tuesday release, with 9 rated as critical and 108 rated as important. Microsoft Dynamics.

Windows

Windows Systems Review Software Review SMB

Our impressions from Apple’s 2019 Worldwide Developer Conference (WWDC)

Ivanti

JUNE 26, 2019

Employees can enroll their iOS or macOS devices using a Managed Apple ID, which can be created in Apple Business Manager (ABM) or learned by ABM through an integration to Azure AD. As iPadOS gains access to data stored on SMB file servers, users will be able to take advantage of lower cost and more scalable storage options. .

Conference

Conference Development Systems Review Storage

Cybersecurity Snapshot: Five Eyes Rank 2023’s Most Frequently Exploited CVEs, While CSA Publishes Framework for AI System Audits

Tenable

NOVEMBER 15, 2024

Require phishing-resistant multi-factor authentication for all users and on all VPN connections. For example, the paper suggests 19 questions to ask about AI security systems, organized into seven sub-categories, including authentication and access control; data sanitization; encryption and key management; and security monitoring.

System

System Weak Development Team Authentication Artificial Intelligence

CTO Universe

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)

Running the OpenTelemetry Collector in Azure Container Apps

Webinars

Running the OpenTelemetry Collector in Azure Container Apps

CISA and NSA Cloud Security Best Practices: Deep Dive

Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713)

Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)

Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190)

Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)

Palo Alto Networks Recognized in Critical Capabilities Report

Microsoft’s April 2021 Patch Tuesday Addresses 108 CVEs (CVE-2021-28310)

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)

Our impressions from Apple’s 2019 Worldwide Developer Conference (WWDC)

Cybersecurity Snapshot: Five Eyes Rank 2023’s Most Frequently Exploited CVEs, While CSA Publishes Framework for AI System Audits

Stay Connected