August 26, 2024 at 12:54PM Microsoft is investigating a false positive issue in Exchange Online, where emails with images are wrongly tagged as malicious and quarantined. The ongoing service degradation issue seems widespread, affecting outbound traffic, replies, and forwards of external emails. This is reminiscent of a past issue in October 2023. Microsoft is actively … Read more
June 20, 2024 at 11:54AM Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability using publicly available proof-of-concept exploits. The CVE-2024-28995 flaw allows unauthenticated attackers to read arbitrary files from the filesystem. SolarWinds released a fix, but public exploits are available, making it crucial for administrators to apply the security updates promptly. Based on … Read more
April 19, 2024 at 11:30AM Around 22,500 Palo Alto GlobalProtect firewall devices are likely vulnerable to the critical CVE-2024-3400 flaw, which allows unauthenticated attackers to execute commands with root privileges. Palo Alto Networks released patches between April 14-18, 2024, addressing the vulnerability. Threat actors have actively exploited the flaw, with many unpatched systems remaining possibly … Read more
February 4, 2024 at 12:33PM Microsoft is introducing Linux ‘sudo’ feature in Windows Server 2025, allowing admins to elevate privileges for console applications. It aims to enhance security by enabling low-privileged users to execute certain commands as root. The leaked preview build displays new in-development settings for the Windows ‘sudo’ command, indicating its early stage … Read more