Citrix ADC security vulnerabilities description A new security vulnerability with ID CVE-2021-22955 (Unauthenticated denial of service) has been discovered in Citrix ADC, which affects the following Citrix products and firmware versions: Citrix ADC and Citrix Gateway 13.0 before 13.0-83.27 Citrix ADC and Citrix Gateway 12.1 before 12.1-63.22 Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.23 Citrix ADC 12.1-FIPS before 12.1-55.257 Also […]
Introduction Microsoft 365 security score is a consolidated security score based on Microsoft best practice security configurations for Microsoft 365 tenants. The higher the score the higher theoretically your overall Microsoft 365 tenant security levels. The score comprises a list of improvement actions based on your current security posture. Not […]
Overview Some of TLS protocols (TLS 1.0 and TLS 1.1) as well as ciphers suites (3DES – TLS_RSA_WITH_3DES_EDE_CBC_SHA) are gradually being deprecated from all software systems (client and server). This undoubtably affects Azure services as well. If there is a mismatch in the TLS configuration among the components of your […]
Running an Azure Proof of Concept (Azure PoC) can entail many services and parameters which should taken into account. More considerations are added if there is a migration involved in the PoC project. In this case, the Azure PoC subscription is used as an intermediary platform on which to perform […]
All Office365 components are adequately protected from accidental deletion via the usage of various Office365 features. The following features are offered out of the box for Office 365 data protection. Feature Sharepoint and OneDrive for Business Recycle Bins In SharePoint Online, items are retained for 93 days from the time […]
The acquisition of CloudKnox further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions. Microsoft is committed to providing their customers with unified privileged access management, identity governance and entitlement management including: Automated and simplified access policy enforcement in one […]
Microsoft Azure Security Tools Besides the Microsoft Security Response Center (MSRC), Microsoft offers a handful of security related tools and APIs which are available via Web-based consoles, Microsoft Graph API and Powershell. By navigating to https://security.microsoft.com/info, you should be able to utilize all available security tools and consoles as described […]
Introduction The Covid-19 era has introduced a series of changes which are still being unfolded and which are bringing a profound impact on the lives of billions of people around the world. New terms such as “the future of work”, “remote working” and “remote learning” are being used in at […]
Case Citrix announced on November 10th 2020 the following vulnerabilities. CVE ID Description Vulnerability Type Pre-conditions CVE-2020-8269 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM CWE-269: Improper Privilege Management The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory CVE-2020-8270 An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM […]
Citrix released today (11th June 2020) a security bulletin alert regarding a discovered software vulnerability in the Citrix Workspace App client: https://support.citrix.com/article/CTX275460 A new version of Citrix Workspace app client for Windows has been released. Citrix strongly recommends that all customers upgrade Citrix Workspace app to the latest version via Auto Update, or by directly running […]
