Tag: Security
-
Using an Asustor NAS? Shut it down now!
Hi everyone, Quick one here due to time sensitivity. Deadbolt, the ransomware that has previously been utilised to attack QNAP NAS devices, has been used to attack Asustor NAS devices. Looks like there’s an exploit in the EZ Connect system, so advice is currently to disconnect the NAS from the internet and disable this service…
-
Backups, Trust, Boundaries, and Cloud Security Considerations in 2022
Cloud adoption continues to increase as organisations are either taking their first steps into the cloud, or progressing their IT strategies, whether it’s a full cloud migration, multi-cloud or delivering a hybrid architecture. A great workload to leverage the cloud has been as a backup repository. By using the cloud, we can meet multiple improvements…
-
Key Changes in the New Veeam Backup for Microsoft Azure v3a Release
As the headline suggests, Veeam recently released a “version 3a“ of Veeam Backup for Microsoft Azure. Whilst there are your usual mixture of security fixes and bugs resolved, it actually brings a new (and welcome) change to the licensing structure around protecting Azure SQL workloads (not to be confused with Azure virtual machines running SQL…
-
VMware Log4j Vulnerabilities Confirmed
I don’t often dedicate a blog post to a particular security vulnerability, but since it has scored a perfect 10 CVE rating, it’s important to be aware ASAP. VMware have identified multiple products that utilise the Apache technology that are vulnerable to the Log4j vulnerability. What is this “Log4j” vulnerability? A Remote Code Execution (RCE)…
-
Data Protection Best Practice: Encrypting Backups
Today I want to talk about backups, and the importance of encrypting them, everywhere. When people think of encrypted backups, the usual first thoughts are around portable backups such as tape and USB or backups outside of your trust domain such as cloud storage. This is a great starting point, and if you’re not currently…
-
VMware vCenter Server Appliance: Sequence Wrong Size for a Certificate when replacing SSL Certificates
Hi! Just a quick one today. I was replacing a certificate for a customer’s VCSA today with one from their internal CA when I hit the error “Sequence Wrong Size for a Certificate”. To clarify, I had generated a CSR from the VCSA, requested the certificate from the CA, downloaded this and the certificate chain…
-
Workaround: KB5005043 / Security Update August 2021 Won’t Install on Windows Server 2016
I’ve found a lot of clients are having the same issue with their Windows Server 2016 servers and getting KB5005043 to install. It seems that Microsoft might not be identifying this patch correctly as it doesn’t show within Windows Update for most and then downloading the patch manually from the Microsoft Catalog results in the…
-
Microsoft Exchange Server 2010/2013/2016/2019 – Unable to connect to OWA/ECP “protectionCertificates.Length<1"
Microsoft have done it again, with another security update, they’ve broken a lot of environments, I wish there was a better communication method than finding a small footnote on a blog post that a patch was going to potentially break environments. Many organisations have automated patch workflows that end up catching people out when this…
-
Microsoft Azure Sentinel Log Analytics- Not Collecting Syslog
Today I was asked to advise on why a particular firewall was unable to send its syslog data to Azure Sentinel and found something rather interesting I thought would be useful to share. Firstly I validated that the deployment steps had been followed and that the VM Extension for Linux had been attached to the…
-
Microsoft Exchange Server KB5000871: Unable to Apply “owaauth.dll”, 400 Bad Request & Server Error in ECP application
Hey, so I’ve been going through all our customers this week that’ve been identified as potentially at risk by the latest Exchange Server vulnerabilities (full details straight from Microsoft here) and as you can expect from a rapid response release, it’s not quite consistent when installing. Please be painfully aware of the Microsoft installation notes…
Michael Paul | @micoolpaul 