It is that time again – among the fixes and patches from Microsoft, for July 2022 is one addressing CVE-2022-22047, Windows Elevation of Privilege Vulnerability – according to Microsoft a zero-day flaw that is being exploited by threat actors. For more details see Bleeping Computer’s excellent round-up of Patch Tuesday: …
Microsoft Patch Tuesday – Follina zero-day fixed
We will start with the good news – the zero-day threat Follina/msdt.exe has been patched. Let’s hope that it really is the fix we all need! Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws (bleepingcomputer.com) There are other fixes in the update, for Excel, Edge, Microsoft networking etc …
Continue reading “Microsoft Patch Tuesday – Follina zero-day fixed”
Ransomware via IoT
I have written before about the security limitations of “Internet of Things” (IoT) devices. Many of them are simple devices, possibly based on older tech, they tend to lack the hardware to allow for regular security updates, etc, etc etc. At least the UK Government is enacting laws to make …
If you have an Aruba or Avaya switch – then this post is for you
Critical vulnerabilities have been discovered in these devices. No exploits have been reported in the wild – but patches are available – so get patching. Critical flaws in ‘millions of Aruba, Avaya switches’ • The Register
Ransomware-as-a-service – The Texas Story – get a free early bird place on our Master Class
Dina Temple-Raston writing at The Record, shows how we have to treat hackers with “respect”. Not respect for what they do or how they do it, but respect so our response to them matches their determination to make money. Ransomware-as-a-service, or RaaS, is the franchise business model for cyber criminals, …