by Scott Muniz | Dec 9, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Cisco has released a security advisory to address Cisco products affected by multiple vulnerabilities in Apache HTTP Server 2.4.48 and earlier releases. An unauthenticated remote attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Cisco Advisory cisco-sa-apache-httpd-2.4.49-VWL69sWQ and apply the necessary updates.
by Scott Muniz | Dec 9, 2021 | Security, Technology
This article is contributed. See the original author and article here.
CISA has released Capacity Enhancement Guide (CEG): Social Media Account Protection, which details ways to protect the security of organization-run social media accounts. Malicious cyber actors that successfully compromise social media accounts—including accounts used by federal agencies—could spread false or sensitive information to a wide audience. The measures described in the CEG aim to reduce the risk of unauthorized access on platforms such as Twitter, Facebook, and Instagram.
CISA encourages social media account administrators to implement the protection measures described in CEG: Social Media Account Protection:
- Establish and maintain a social media policy
- Implement credential management
- Enforce multi-factor authentication (MFA)
- Manage account privacy settings
- Use trusted devices
- Vet third-party vendors
- Maintain situational awareness of cybersecurity threats
- Establish an incident response plan
Note: although CISA created the CEG primarily for federal agencies, the guidance is applicable to all organizations.
by Contributed | Dec 8, 2021 | Technology
This article is contributed. See the original author and article here.
Data Exposed streams live regularly to LearnTV. Every 4 weeks, we’ll do a News Update. We’ll include product updates, videos, blogs, etc. as well as upcoming events and things to look out for. We’ve included an iCal file, so you can add a reminder to tune in live to your calendar. If you missed the episode, you can find them all at https://aka.ms/AzureSQLYT.
You can read this blog to get all the updates and references mentioned in the show (including the awesome speakers we had on!). Since we did things a little differently this month, here’s the special December update which contains the year in review (i.e., all the big updates this year across Azure SQL, SQL Server, and Azure Arc):
SQL Server on Azure VMs
Featuring Ajay Jagannathan
Azure SQL Managed Instance
Featuring Niko Neugebauer
Azure SQL Database
Featuring Andreas Wolter
Updates across Azure SQL
Migrations
Azure Arc-enabled Services
Featuring Buck Woody
SQL Server
Featuring Bob Ward
Last but certainly not least, the biggest announcement in the SQL Server space was, of course, the private preview of SQL Server 2022, the most Azure-enabled SQL Server release yet. New functionality includes Synapse Link support, Link feature to Azure SQL Managed Instance for DR, and new performance enhancements (with no code changes!). Get all the details at https://aka.ms/sqlserver2022.
Anna’s Pick of the Month
My pick of the month is Data Exposed! Marisa Brasile and I are working constantly to get you the information you need when you need it from the SQL Engineering team. So, as we round out the year, Marisa came on to tell us about all the series you might’ve missed (there’s been a lot!).
Live Series:
Mini-series:
Special:
Until next time…
That’s it for now! Be sure to check back next month for the latest updates, and tune into Data Exposed Live the first (or second) Wednesday of every month at 9AM PST on LearnTV. We also release new episodes on Thursdays at 9AM PST and new #MVPTuesday episodes on the last Tuesday of every month at 9AM PST at aka.ms/DataExposedyt.
Having trouble keeping up? Be sure to follow us on twitter to get the latest updates on everything, @AzureSQL.
On a personal note — in 2021 we kicked off the News Updates series as well as Data Exposed Live. Thank you for joining us on this journey of learning, sharing, and growing. We hope you have a wonderful end of the year, and we can’t wait to see you in 2022!
We hope to see you next [YEAR], on Data Exposed :)
–Anna and Marisa
by Scott Muniz | Dec 8, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0 and apply the necessary updates.
by Contributed | Dec 7, 2021 | Technology
This article is contributed. See the original author and article here.
In the article Learning from Expertise #2: Who Dropped my Azure SQL DB? – Microsoft Tech Community we have explored various solution to know, secure, protect, recover, audit and monitor Azure SQL DB against unintended deletion.
Today, we will highlight on another unappealing situation when we see customer who accidentally deleted the SQL DB Server which ultimately deleting the underlying databases as well. This is a scenario commonly hit because of automation tools such as Terraform.
It’s very important to note that: – Restore of a dropped server is not an officially supported scenario, and any attempt to recover will be laid under a best effort trial to recover the server and databases.
First Recommendation
*Do not* recreate the server again with the same name in case you want to restore the dropped the server and try to contact Microsoft support the soonest the possible.
Additional precautionary measures:
The following recommendations can help you to recover from these unintentional scenarios by either preventing it or restoring the important data whenever needed:
1. Implement resource lock to avoid accidental changes in Azure resources. you can lock at different levels like subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can find more information, see: Lock resources to prevent changes – Azure Resource Manager | Microsoft Docs
2. Enable Long Term Backup Retention (LTR)
This feature allows users to configure a single or a pooled database with a long-term backup retention policy (LTR) to automatically retain the database backups in separate Azure Blob storage containers for up to 10 years and recover database using these backups via Azure portal or PowerShell. LTR backups are completely independent and cannot be impacted by server drop. For more information, see:
Long-term backup retention – Azure SQL Database & Azure SQL Managed Instance | Microsoft Docs
Azure SQL Database: Manage long-term backup retention – Azure SQL Database | Microsoft Docs
3. You can export the latest copy of the database into a storage account before deleting the database. Export the database to BACPAC File can be done through various tools like Azure Portal, SQLPackage, SSMS and powershell. More information can be found in:
Export an Azure SQL Database to a BACPAC file (the Azure portal) – Azure SQL Database & Azure SQL Managed Instance | Microsoft Docs
Also, you can leverage Azure automation to automate the database export, you can find the detailed steps handy at my colleague @Mohamed_Baioumy_MSFT‘s blog: How to automate Export Azure SQL DB to blob storage use Automation account – Microsoft Tech Community
I hope you find this article helpful. If you have any feedback, please do not hesitate to provide it in the comment section below.
Ahmed S. Mazrouh
Recent Comments