Using Azure to Address Endpoint Hygiene Management

Remote workers are set up, but endpoint management is still an issue

Setting up a remote workforce during the COVID-19 pandemic presented a huge challenge, especially trying to get so much done in such a short time frame. While getting extra Zoom licenses was likely pretty easy, there are more challenging issues surrounding remote sharing of documents, endpoint updates, setting up and/or adding more VPN licenses, opening up access to previously restricted vectors, and probably most challenging, answering questions for all of your end users that suddenly blew up the help desk! However, there still may be some core challenges that need to be resolved in ensuring that all machines are updated and in the desired state of configuration.

The Tetrade: Brazilian banking malware goes global

Introduction

Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their attacks to the customers of local banks. But the time has come when they aggressively expand their attacks and operations abroad, targeting other countries and banks. The Tetrade is our designation for four large banking trojan families created, developed and spread by Brazilian crooks, but now on a global level.

Highly-Critical SAP bug that could let attackers take over corporate servers patched

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications.
The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity firm Onapsis, which uncovered the flaw.

Breached Data Indexer ‘Data Viper’ Hacked

Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Securing Digital Transformation on a Budget

While the cloud has been around for a while, countless organizations are still making the transition for digital transformation and attempting to replicate security controls they’ve developed internally within a new architecture. Though cloud providers certainly do a lot to provide strong security measures, many security controls are still up to the user to implement, and as organizations migrate, they tend to pile up a lot of new security debt and potentially introduce critical flaws and vulnerabilities into their environments.