7x Second Security [2-May-2022]
Using the Flexible Server in Azure?
Do this: Make sure your private network access is enabled when setting up flexible servers.
Why: A pair of vulnerabilities were recently discovered in the Azure Database for PostgreSQL Flexible Server that could allow attackers to bypass authentication, execute privilege escalation, and gain code execution.
Additional Info: https://thehackernews.com/2022/04/microsoft-azure-vulnerability-exposes.html
Using Windows Systems?
Do this: Do not engage with unprovoked emails.
Why: Emotet malware has launched a new campaign utilizing targeted phishing emails to compromise Windows systems.
Additional Info: https://threatpost.com/emotet-back-new-tricks/179410/
Using Internet Explorer?
Do this: Patch immediately.
Why: Attackers are leveraging an exploit kit to deploy RedLine Stealer trojans. These trojans have the ability to do recon against the target system and exfiltrate data.
Additional Info: https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html/