Sicurezza – Bollettini Microsoft e Linux

News, Alert e Bollettini di sicurezza Microsoft e Linux

Microsoft (Microsoft Technical Security Notifications, MSRC Blog)
  • Microsoft Exchange Server Vulnerabilities Mitigations – updated March 6, 2021
    by MSRC Team on 5 Marzo 2021 at 10:01 pm

    Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version. For customers that are not able to quickly apply updates, we are providing the following alternative mitigation techniques to help Microsoft Exchange customers who need more time to patch their deployments and are willing to make risk … Microsoft Exchange Server Vulnerabilities Mitigations – updated March 6, 2021 Read More »

  • A new experience for reporting copyright or trademark infringement on Microsoft Services
    by MSRC Team on 3 Marzo 2021 at 6:15 pm

    The Notice of Copyright or Trademark Infringement Portal has helped protect Microsoft’s users and customers from intellectual property infringement across online services like Microsoft Azure, Office, Outlook, Skype, Stream, Microsoft News, Sway, Hotmail, NuGet, and Yammer. Microsoft’s response to claims of intellectual property infringement is driven by the reports you send us. To further enhance your … A new experience for reporting copyright or trademark infringement on Microsoft Services Read More »

  • Multiple Security Updates Released for Exchange Server – updated March 8, 2021
    by MSRC Team on 2 Marzo 2021 at 9:07 pm

    MSRC / By MSRC Team / March 2, 2021 Note: If you are looking for specific information on patching your Exchange Servers, please scroll down to the section named Deploy updates to affected Exchange Servers. On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that … Multiple Security Updates Released for Exchange Server – updated March 8, 2021 Read More »

  • Microsoft Internal Solorigate Investigation – Final Update
    by MSRC Team on 18 Febbraio 2021 at 4:00 pm

    We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer … Microsoft Internal Solorigate Investigation – Final Update Read More »

  • MSRC Security Researcher Recognition: 2021
    by Sylvie Liu on 10 Febbraio 2021 at 5:50 pm

    Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher (MVR) and MSRC Contributor are tiers in … MSRC Security Researcher Recognition: 2021 Read More »

  • Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
    by MSRC Team on 9 Febbraio 2021 at 6:10 pm

    Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move … Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 Read More »

  • Continuing to Listen: Good News about the Security Update Guide API!
    by Lisa Olson on 9 Febbraio 2021 at 6:01 pm

    Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. We’re happy to make this valuable public information more freely available … Continuing to Listen: Good News about the Security Update Guide API! Read More »

  • New and Improved Report Abuse Portal and API!
    by MSRC Team on 1 Febbraio 2021 at 6:00 pm

    The Report Abuse (CERT) Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community of reporters, we continue to gain insightful perspectives into the various types of attacks that threaten our online services, our cloud, and our customers.  To further commit to MSRC’s mission of responding to and defending against these types of security incidents, our team has … New and Improved Report Abuse Portal and API! Read More »

  • Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
    by Aanchal Gupta on 15 Gennaio 2021 at 2:31 am

    Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020.  We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default.  This will block vulnerable connections from non-compliant devices.  DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the … Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 Read More »

  • Top MSRC 2020 Q4 Security Researchers – Congratulations!
    by Lynn Miyashita on 14 Gennaio 2021 at 6:00 pm

    We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter (Q4)! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the 2020 Q4 Security Researcher Leaderboard are: Cameron … Top MSRC 2020 Q4 Security Researchers – Congratulations! Read More »

Linux (Community’s Center for Security)
  • RedHat: RHSA-2021-0763:01 Important: kpatch-patch security update>
    by LinuxSecurity Advisories on 9 Marzo 2021 at 4:37 am

    An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  • RedHat: RHSA-2021-0760:01 Moderate: kernel security and bug fix update>
    by LinuxSecurity Advisories on 9 Marzo 2021 at 4:22 am

    An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  • RedHat: RHSA-2021-0758:01 Moderate: nss-softokn security update>
    by LinuxSecurity Advisories on 9 Marzo 2021 at 4:22 am

    An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  • RedHat: RHSA-2021-0759:01 Moderate: curl security update>
    by LinuxSecurity Advisories on 9 Marzo 2021 at 4:21 am

    An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  • RedHat: RHSA-2021-0761:01 Moderate: python security update>
    by LinuxSecurity Advisories on 9 Marzo 2021 at 4:21 am

    An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  • openSUSE: 2021:0397-1 moderate: mbedtls>
    by LinuxSecurity Advisories on 9 Marzo 2021 at 4:16 am

    An update that fixes one vulnerability is now available.

  • How Secure Is Linux?>
    by Brittany Day on 8 Marzo 2021 at 12:42 pm

    It is no secret that the OS you choose is a key determinant of your security online. After all, your OS is the most critical software running on your computer - it manages its memory and processes, as well as all of its software and hardware. The general consensus among experts is that Linux is a highly secure OS - arguably the most secure OS by design. This article will examine the key factors that contribute to the robust security of Linux, and evaluate the level of protection against vulnerabilities and attacks that Linux offers administrators and users.

  • What's the Best Linux Distro for Enhanced Privacy and Security? >
    by Brittany Day on 8 Marzo 2021 at 12:37 pm

    This LinuxSecurity.com feature article was recently featured on the frontpage of Slashdot. While all Linux 'distros' '' or distributed versions of Linux software '' are secure by design, certain distros go above and beyond when it comes to protecting users' privacy and security . We've put together a list of our favorite specialized secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great.

  • Linus Torvalds warns: Watch out for this unusually nasty bug in Linux 5.12 rc1>
    by Brittany Day on 8 Marzo 2021 at 12:33 pm

    Linus Torvalds has warned of a nasty security bug in the first release candidate (RC) of the Linux kernel 5.12, which he has deemed a "double ungood" that can have catastrophic consequences for a computer's filesystem.

  • Get started with CrowdSec v.1.0.X>
    by Brittany Day on 2 Marzo 2021 at 1:02 am

    Thank you to the Crowdsec project for contributing this article.IntroductionThe official release of CrowdSec v.1.0.X introduces several improvements to the previous version, including a major architectural change: the introduction of a local REST API.