Tuesday, February 9, 2021

Apple Releases Security Updates

Original release date: February 9, 2021

Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

 Title: Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

URL: https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/
Published On (YYYY-dd-MM):2021-09-02
Overview: Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move …

Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 Read More »

Azure AD B2C Deep Dive Webinar Series

 

Azure AD B2C Deep Dive Webinar Series

Virtual Event | 2/19 – 5/14, 2021 | 3:00 – 4:30pm, GMT

 

Please join us for Azure AD B2C series. You can register for all sessions or pick topics of interest to you.

- Join the entire series

Register here

 

Session 1 – February 19th - Azure AD B2C overview

This session focuses on understanding the use case and architecture for Azure AD B2C. When do I use it? How does it work? How can I configure it? What is the roadmap? The session will be a combination of slides and demos ranging from basic to more advanced tasks.

Register here

 

Session 2 – March 12th - How to deploy Azure AD B2C from scratch

Learn how to create your Azure AD B2C environment, configure connections to identity providers, customize attribute collection and add your branding:

  • Create your Azure AD B2C directory
  • Connect with social and enterprise identity providers
  • Integrate your applications and systems
  • Brand and customize the user experience

Register here

 

Session 3 – April 9th- Get started with Azure AD B2C custom policies

Learn how to set up the Azure AD B2C policy and relying party policies. Explorer the custom policy XML elements, and file structure.

  1. Deploy a custom policy starter pack (manual and automatically)
  2. Understanding the basics of custom policy: claims, claims transformation, user journeys, technical profile, and relying party policy.
  3. Customized your policy (add sign-in option with social IDP, customized the UX, and more)
  4. Troubleshooting

Register here

 

Session 4 – May 14th- Extend B2C capability through ISV partner ecosystem

Learn how to extend B2C capabilities through ISV partner ecosystem. Enable bot detection, fraud protection, device fingerprinting and provide secure hybrid access to on-premise/legacy applications with ISV partners.

Scenario:

  • Prevent fraudulent accounts from being created
  • Understand if user is logging in with a new or known device
  • Enable Azure AD B2C for on-premise  applications

Register here

 

We look forward to you joining us!

Microsoft Warns of Windows Win32k Privilege Escalation

Original release date: February 9, 2021

Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1732 and apply the necessary patch to Windows 10 and Windows 2019 servers.

This product is provided subject to this Notification and this Privacy & Use policy.