microsoft - Hexafusion Blog | Hexafusion

Hexafusion Blog

Hexafusion management team has been serving businesses in Canada and the United States since 2014, providing IT Services such as IT support, IT security, computer support and consulting to small and medium-sized businesses.

Microsoft Patch Tuesday – July 2021

microsoft-patch-tuesday

9 Zero-days Fixed - 3 Actively Exploited

Patch Tuesday is once again upon us. The Patch Tuesday, July 2021 brings us 117 fixes, 15 of which are rated as critical including a highly critical Microsoft Sharepoint Server RCE vulnerability. We've listed the most important changes below and listed all of the fixes included.

0 Comments
Continue reading

Microsoft Patch Tuesday – May 2021

Microsoft-Patch-Tuesday-May-2021

Microsoft released its Patch Tuesday, May 2021 with updates and security patches to fix 55 security flaws within Windows and other products. From these flaws, 4 are rated as critical and 3 are zero-day vulnerabilities.

3 Zero-Day Vulnerabilities Fixed

In their Patch Tuesday of May 2021, three publicly-disclosed zero-day vulnerabilities were patched:

  • CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege vulnerability
  • CVE-2021-31207 - Exchange Server Security Bypass Feature Vulnerability
  • CVE-2021-31200 - Common Utilities Remote Code Execution vulnerability.
0 Comments
Continue reading

Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

dark web pricing

Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.

Cybercriminals are vying for Remote Desktop Protocol (RDP) access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing.

During the COVID-19 pandemic, cybercriminals have profited with “increasingly advantageous positions to benefit from the disruption,” said researchers — and this has also been reflected on underground markets, where new services like targeted ransomware and advanced SIM swapping are popping up.

0 Comments
Continue reading

Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

Microsoft-solarwinds-vmware-hack

The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.

0 Comments
Continue reading

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

download

Source: https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.

0 Comments
Continue reading