VMware Releases Security Updates

by | Apr 7, 2022 | Security, Technology

This article is contributed. See the original author and article here.

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review VMware Security Advisory Advisories VMSA-2022-0011 and VMSA-2022-0012 and apply the necessary updates. 

CISA Adds Three Known Exploited Vulnerabilities to Catalog

by | Apr 6, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria

Lesson Learned #195: Performance health self-check for Azure SQL Database and Managed Instance.

by | Apr 6, 2022 | Technology

This article is contributed. See the original author and article here.

In many situations, we used to work on performance issue that following the best practices might be resolved by customers. In this article we would like to share a PowerShell Script that checks some best practices for Azure SQL Database and Managed Instance.


 


We would like to suggest this PowerShell script that you could find out in this URL that contains initial checks we are facing a performance issue. This PowerShell Script is covering the following best practices:


 



  1. Check if we have any automatic tuning recomendations . Based on the results of the execution  of sys.dm_db_tuning_recommendations DMV informs if your database has any recomendations to apply in your database based on the workload analysis done by the SQL Server engine. 

  2. Check if we have have statistics that are out-of-dated Based on the results of the execution of sys.stats and sys.dm_db_stats_properties DMVs inform if any statistics, automatic , user created or associated with an index has the following conditions: If the rows sample is different than the number of rows (this situation may be indicated that the statistics has been updated automatic by SQL Server using a sample or if the statistics has been update more than 15 days ago. 

  3. Check if you have any TSQL that was cancelled or aborted. For example, after expiring of execution command timeout. This check is based on QDS DVM call sys.query_store_runtime_stats.

  4. Check if you have missing indexes. Based on the results of the execution of sys.dm_db_missing_index_xxx informs if you have any missing indexes that helps you to improve the execution of your query. 

  5. Check the setting value of MAXDOP. Based on the results of the sys.database_scoped_configurations DMV check if the value of MAXDOP is 0. 

  6. Check the fragmentation of the indexes. Based on the results of sys.dm_db_index_physical_stats DMV check if the fragmentation of the indexes is more than 50 percent. 


 


Basically, once you have download this PowerShell script, you need to provide the details of your server, database, user, password and destination folder. You could fill up directly these parameters in the PowerShell script if you need to perform more time this process. This PowerShell script only will ask those parameters if they are missing. Also, you could specify as a command line. 


 


Once the process is executed, this PowerShell script will save a file called PerfChecker.Log in the destination folder chosen. Every execution this file will be deleted and created a new one. 


 


This project is public and all the contributions to make more accesible, easy and effective will be very welcome. 


 


Enjoy!


 


 

Mozilla Releases Security Updates for Firefox and Firefox ESR

by | Apr 6, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 99 and Firefox ESR 91.8 and apply the necessary updates.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

by | Apr 6, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 99Firefox ESR 91.8, and Thunderbird 91.8 and apply the necessary updates.