This week has been fairly monumental in the somewhat shady world of Cyber Geopolitics. Can we get our heads around any of it? Let us see. The UK, US and EU have accused China of being the initial party behind attacks on internet facing Microsoft Exchange servers which have affected 30,000 organisations globally. In January this year, an alleged “Chinese-linked group (aka state … Read more
Last week saw the 2021 Microsoft Inspire conference, once more delivered virtually rather than in the decadent halls of Las Vegas. Here we present our takeouts from the event in case you missed anything! Hybrid Workforce ‘Remote working’ is the new normal and is being redefined by Microsoft as having a Hybrid Workforce. Microsoft is supporting this transition … Read more
RCE on DC? Defender for Identity saves the day In this month’s ‘Patch Tuesday’ (so many bugs, so little time), Microsoft announced a patch for a critical remote code execution vulnerability (RCE) in the Windows Print Spooler CVE-20212-1675. Requiring local or remote access to the vulnerable host, Admin privileges were said to be potentially easily available, although … Read more
This week it is bad news for people running in-house, Internet facing Exchange servers, which are being actively exploited by nation-state actors to facilitate the theft of intellectual property and other data from seemingly specific verticals, including infectious disease researchers, higher education institutions, defence contractors, policy
…and women, possibly children too, if you believe the papers. Even if you had spent the last 2 months trekking across the Mongolian Steppe avoiding what is left of the Horde you will surely have heard about the sublime breach of Government departments, large software companies, and possibly some big Internationals via a supply chain
We all know about patch Tuesday, the regular and often dreaded patches from Microsoft and other large vendors. Many of these patches are automagically deployed without testing, certainly in smaller organisations, and in the case of the recent SolarWinds snafu, large enterprises, large software companies, and critical government departments.