U.S. Agencies have been making headlines recently for a lot of their new cyber related regulations. The following are several noteworthy of examples of what they have been up to. The Federal Communications Commission (FCC) and Robocalls The FCC expects phone carriers to block illegal robocalls from providers not yet registered with the Robocall Mitigation Database. The … [Read more...]
Twitch Affected by Large Data Leak
Update 1: Twitch believes login credentials have not been exposed (October 7th, 2021): Twitch posted a statement on their blog that, "At this time, we have no indication that login credentials have been exposed." Additionally, as credit card details are not stored by Twitch, they have ruled out exposure. We recommend changing your password and to enable multi-factor … [Read more...]
To Not Share is To Care
October is Cybersecurity (or, for the less civilized, ‘cyber security’) Awareness Month. Every October, CISA hosts security awareness presentations. Additionally, Cybersecurity Awareness month means an increase in jaded by posts by InfoSec professionals on Twitter and emails from corporate reiterating security basics. There are plenty of positives to be found. Individuals are … [Read more...]
Azure Linux VMs Vulnerable Due to Pre-Installed Agents
Update 1: OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post … [Read more...]
The PrintNightmare Saga Continues to Frustrate System Administrators
Update 1: Third PrintNightmare CVE published (July 16th, 2021): Microsoft published CVE-2021-34481 on July 15th for a local privilege escalation vulnerability. The third Print Spooler service vulnerability is considered separate from PrintNightmare (CVE-2021-34527), but it is still within a similar sphere of printer driver vulnerabilities. Gentilkiwi, the author of … [Read more...]