Microsoft Security Summit Greece

Microsoft Security Summit Greece

Given the recent events in Europe, cybersecurity has become imperative as a national and a business priority. Furthermore, governments and organizations are looking to harden their digital networks and protect their critical infrastructure from cyber-attacks. Microsoft’s Security Summit aims to provide key insights on current and future cybersecurity trends, uncover Microsoft’s security strategy and internal … Read more

Protecting your online content

protect online content

If you are a Web content creator, you know that you will have to face various challenges with securing your content from theft and plagiarism. Whether you create e-books, e-courses, scientific research or artistic content, you need to be aware of a few basic techniques to protect your content’s security and privacy and allow it … Read more

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

security and privacy

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508 The following vulnerabilities have recently been discovered and announced by Citrix. CVE-2022-27507  Authenticated denial of service  CWE-400: Uncontrolled Resource Consumption     VPN (Gateway) virtual server with   DTLS, and  either ‘HDX Insight for EDT traffic’ or ‘SmartControl’ is configured  CVE-2022-27508  Unauthenticated denial of service  … Read more

Windows DCOM hardening

security and privacy

Introduction The Distributed Component Object Model (DCOM) Remote Protocol is a protocol for exposing application objects by way of remote procedure calls (RPCs). The protocol consists of a set of extensions layered on Microsoft Remote Procedure Call Protocol Extensions as specified in [MS-RPCE]. The DCOM Remote Protocol is also referred to as Object RPC or … Read more

PCI DSS 4.0 has been released

PCI DSS 4.0

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. It is a multi-layered set of specifications which target at acceptable security and privacy levels for all organizations which process any type of payment cards in their transactions … Read more

OCSP SHA-1 support ending 30 May 2022

security and privacy

OCSP SHA-1 support ending 30 May 2022 Microsoft has announced the sunset for SHA-1 Online Certificate Standard Protocol signing. Microsoft is updating the Online Certificate Standard Protocol (OCSP) service to comply with a recent change to the Certificate Authority / Browser Forum (CA/B Forum) Baseline Requirements. This change requires that all publicly-trusted Public Key Infrastructures … Read more

Citrix ADC security vulnerabilities

security and privacy

Citrix ADC security vulnerabilities description A new security vulnerability with ID CVE-2021-22955 (Unauthenticated denial of service) has been discovered in Citrix ADC, which affects the following Citrix products and firmware versions: Citrix ADC and Citrix Gateway 13.0 before 13.0-83.27  Citrix ADC and Citrix Gateway 12.1 before 12.1-63.22  Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.23  Citrix ADC 12.1-FIPS before 12.1-55.257  Also a new security vulnerability with … Read more

Microsoft 365 secure score top 10 improvement actions

security and privacy

Introduction Microsoft 365 security score is a consolidated security score based on Microsoft best practice security configurations for Microsoft 365 tenants. The higher the score the higher theoretically your overall Microsoft 365 tenant security levels. The score comprises a list of improvement actions based on your current security posture. Not all improvement actions may be … Read more

TLS 1.0 and 1.1 deprecation in Azure services

TLS on Azure services

Overview Some of TLS protocols (TLS 1.0 and TLS 1.1) as well as ciphers suites (3DES –  TLS_RSA_WITH_3DES_EDE_CBC_SHA) are gradually being deprecated from all software systems (client and server). This undoubtably affects Azure services as well. If there is a mismatch in the TLS configuration among the components of your Azure solution, you may encounter … Read more

Azure migration design considerations

Microsoft Azure

Running an Azure migration can entail many services and parameters which should taken into account. In the case of an Azure migration Proof of Concept (PoC), the Azure PoC subscription is used as an intermediary platform on which to perform an initial migration, test the proof of concept and validate functionality and then switch-over to … Read more

Exchange Online and SharePoint Online data protection mechanisms

Exchange Online and SharePoint Online data protection mechanisms

All Office365 components are adequately protected from accidental deletion via the usage of various Office365 features. The following features are offered out of the box for Office 365 data protection. Feature Sharepoint and OneDrive for Business Recycle Bins In SharePoint Online, items are retained for 93 days from the time you delete them from their … Read more

Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management

cloudknox

The acquisition of CloudKnox further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions. Microsoft is committed to providing their customers with unified privileged access management, identity governance and entitlement management including: Automated and simplified access policy enforcement in one integrated multi-cloud platform for all … Read more

Overview of Microsoft Azure Security Tools

Microsoft Security Portal

Microsoft Azure Security Tools Besides the Microsoft Security Response Center (MSRC), Microsoft offers a handful of security related tools and APIs which are available via Web-based consoles, Microsoft Graph API and Powershell. By navigating to https://security.microsoft.com/info, you should be able to utilize all available security tools and consoles as described below. Microsoft 365 security center. … Read more

The state of the network in the covid-19 era

covid-19 state of the network

Introduction The Covid-19 era has introduced a series of changes which are still being unfolded and which are bringing a profound impact on the lives of billions of people around the world. New terms such as “the future of work”, “remote working” and “remote learning” are being used in at an increasing pace. The consequences … Read more

Citrix announced VAD security vulnerabilities

Citrix Virtual Apps and Desktops Deployment and Adoption Resource Center

Case Citrix announced on November 10th 2020 the following vulnerabilities. CVE ID Description Vulnerability Type Pre-conditions  CVE-2020-8269 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM CWE-269: Improper Privilege Management The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory CVE-2020-8270 An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM CWE-78: Improper Neutralization of Special … Read more