Author: Cyberthreat Blog
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked...
Read MoreVU#806555: A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
Overview UEFI firmware applications DTBios and BiosFlashShell from DTResearch contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. The vulnerability stems from improper...
Read MoreHow to Mitigate Insider Threats by Learning from Past Incidents
This post summarizes a new best practice added to the new 7th edition of the Common Sense Guide to Mitigating Insider Threats, “Learn from Past Insider Threat Incidents.”
Read MoreFive Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST’s Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing...
Read More