by Scott Muniz | Sep 16, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.
CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.
by Scott Muniz | Sep 16, 2021 | Security, Technology
This article is contributed. See the original author and article here.
(Updated, September 17)
On September 16, 2021, Microsoft released additional guidance on Open Management Infrastructure (OMI) vulnerabilities—CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647—which impact Azure VM Management Extensions. According to Microsoft, “[c]ustomers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available…”
CISA encourages organizations to review Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions for more information and to:
- ensure automatic updates are applied
- ensure manual updates are applied, as patches are made available
- restrict external access to Linux systems that expose OMI ports (TCP 5985, 5986, and 1270)
(Original, September 16)
Microsoft has released an update to address a remote code execution vulnerability—CVE-2021-38647—in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system.
CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary update.
by Contributed | Sep 15, 2021 | Technology
This article is contributed. See the original author and article here.
We’re pleased to announce that you can now join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (Azure AD) and connect to the virtual machine from any device with basic credentials. You’ll also be able to automatically enroll the virtual machines with Microsoft Endpoint Manager.
Azure portal showing the new Azure AD and Intune options for Azure Virtual Desktop host pools.
This new configuration allows you to provide access to cloud-only users (created in Azure AD and not synchronized from an on-prem directory) which wasn’t possible before. For certain scenarios, this will help eliminate the need for a domain controller, help reduce cost, and streamline your deployment. While this is a major milestone, it’s just the beginning of the journey towards full integration with Azure Active Directory. We will continue adding new capabilities such as support for FSLogix profiles, single sign-on, additional credential types like FIDO2, and Azure Files for cloud users.
To learn more, visit our documentation page.
by Scott Muniz | Sep 14, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
by Contributed | Sep 14, 2021 | Technology
This article is contributed. See the original author and article here.
In 2019, Microsoft and Pivotal (now VMware) announced Azure Spring Cloud, a fully managed service for Spring Boot applications. We set out to solve many of the common challenges enterprise developers face when running Spring Boot applications at scale. The service manages dynamic scaling, security patching, out-of-the-box instrumentation for monitoring, and more so developers can focus on their apps. Since then, we’ve worked with many customers including Kroger, Swiss Re, Raley’s, and Digital Realty to help them adopt the service.
We also learned that some customers need more. Many are running thousands of Spring Boot applications on-premises and need advanced capabilities to accelerate their Spring modernization projects. Based on our learnings, we started worked on a new Azure Spring Cloud tier with commercially supported components to meet the needs of enterprise customers. Now, we are announcing the availability of Azure Spring Cloud Enterprise in preview.
Azure Spring Cloud Enterprise is a managed service for Spring that is optimized for the needs of enterprise developers. We have collaborated with VMware to combine the cloud platform expertise of Microsoft with the innovation of the VMware Tanzu portfolio. Azure Spring Cloud Enterprise adds commercial Tanzu components built specifically to address enterprise requirements around configuration, integration, flexibility, and support.
Figure 1: Example—Azure Spring Cloud pricing tier selection, including Enterprise tier
Commercial VMware Tanzu components
With Azure Spring Cloud Enterprise, customers can use the VMware Tanzu components they know and love on managed Azure infrastructure. Tanzu Build Service, Tanzu Application Configuration Service, and Tanzu Service Registry are available during preview. Customers will have the flexibility to select which Tanzu components they want during or after instance creation. Microsoft and VMware will continue to add more Tanzu components such as Tanzu Spring Cloud Gateway and Spring Cloud Data Flow* to the service, providing increased value to customers.
*The Azure Spring Cloud Enterprise roadmap is not confirmed and is subject to change.
Figure 2: Example—VMware Tanzu settings and component selection in Azure portal
Advanced configurability and flexibility
Large enterprises often have complex workflows and need additional configuration options for their environments and development processes. Tanzu Build Service supports customizable Buildpack configurations that automate container creation and governance. Developers also get the full benefits of the Azure platform with limitless scaling and global deployment options, as well as integration with Azure services. And customers can move their existing Spring workloads built on Tanzu components to Azure Spring Cloud Enterprise, using the service to provide on-demand Spring Cloud infrastructure.
Spring Runtime support
Azure Spring Cloud Enterprise includes VMware Spring Runtime support for Spring projects. This gives you access to Spring experts and access to special versions of popular Spring projects specifically designed for enterprise use. With expert assistance, you can unlock the full potential of the Spring ecosystem and jumpstart your Spring application development.
Fully integrated with Azure
Azure Spring Cloud Enterprise runs on Azure in a fully managed environment. You get all the benefits of Azure, and the experience is familiar and intuitive. Just create your instances using a provisioning tool of your choice—Azure portal, Azure CLI, Azure Resource Manager Template, or Terraform.
Figure 3: Example—Azure Spring Cloud Enterprise creation review
After you create your instance and deploy your applications, you can easily monitor with Application Insights or other application performance management (APM) tools of your choice. As with the standard tier, Azure Spring Cloud Enterprise comes with out-of-the-box support for aggregating logs, metrics, distributed app traces, and alerts.
Figure 4: Example—Application transactions visible through Application Insights “Application Map”
Get started
Azure Spring Cloud Enterprise provides customers with advanced configuration capabilities and managed Tanzu components, all backed by the enterprise promises customers expect from VMware and Microsoft. We would love to see you try the service and share your feedback—sign up for the preview by clicking “Contact Me.”
You can also learn more about Azure Spring Cloud Enterprise from VMware.
Recent Comments