News

The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records’ database belonging to the company’s popular Creative Cloud service. With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company’s full suite of popular creative software for desktop...

Cisco has disclosed 13 big security vulnerabilities in its most recent software security advisory for Cisco IOS and Cisco IOS XE. The company said that all administrators should review their devices to determine which version of this software they are using. Running an outdated version could mean their devices are exposed to some of these vulnerabilities, said Cisco. According to Cisco, these...

A new form of malware, dubbed ‘Tarmac’ is making its appearance on Mac devices. What is Tarmac malware? How does it work? Tarmac is a ‘malvertisements’ or malicious ads discovered by security researchers. Tarmac malware is also known as OSX. Tarmac is actually a companion of Shlayer, an older program. The two viruses work together to infect MacOS users with spam advertisements....

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world’s most widely used mobile operating system, Android. What’s more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of their...

Some of the most commonly asked questionsI asked are around tradational on premise Active Directory and Azure AD services and the differences between all the flavours available to them when adopting a hybrid posture. More specifically, what are the difference between: Azure Active Directory (AAD) Azure Active Directory Domain Services (AADDS) Active Directory (AD) It’s essential to understand the differences when you’re looking...

As IT consultants we are often asked to assist our clients with Acceptable use Policies.  IT is very unlikely that any two usage policies will be identical, as companies have different requirements, however it helps to have a sample policy to start as a base and then adapt as required.  I have provided very simple yet effective Internet and Email...

Summary This article describes how to use the “Automatic Replies (Out of Office)” and “Out of Office Assistant”. Note This feature is only available with an Exchange account that used by many organizations. Home users typically do not have the Exchange account. To enable Automatic Replies feature for non-Exchange account, please go to this section: How to enable Automatic Replies...

Despite back-to-back reports of malicious apps, Google’s Play Store still harbors lots of such applications. Once again, researchers have discovered a bunch of such applications, including gaming and photo apps, that delivered malware to users’ devices. Malicious Gaming and Photo Apps Reportedly, Dr.Web team has discovered another batch of malicious applications flooding the Google Play Store. In their study, they...

As a trusted IT and Security advisor for our clients, we constantly watch the security and vendor landscape, looking for the latest best practices, threats and updates from our partners.  Identity driven security has become essential in todays online world.  I have highlighted some of the key aspects of Identity driven security, how Microsoft has adopted the approach and why...

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019. The flaw has received a CVSS v31 base score of 9.8 and a CVSS v20 base score of...

Microsoft has released a new version of the Windows 10 Update Assistant in order to fix a local privilege escalation vulnerability. While there is no imminent threat, the only way to fix this vulnerability is to uninstall the program or download the latest version. The Windows 10 Update Assistant is a Microsoft program that helps you download and upgrade to the...

State-sponsored hackers are currently targeting UK and international organizations with VPN exploits. If your employees are using virtual private networks (VPNs) from Fortinet, Palo Alto, or Pulse Secure, you really need to patch the products and search through system logs for signs of compromise. A group of Chinese state-backed hackers known as APT5 have been attacking enterprise VPN servers using...