Cyber Security Alerts



Latest LTS (Long Term Support) version for Cohesity Data Cloud 6.8.1_u3 is released

Cohesity recently announced that version 6.8.1_u3 has been designated as a Long Term Support (LTS) release, so all future 6.8.x releases will receive LTS support.

Long Term Support (LTS) releases are supported for a minimum of 12 months from the date of LTS designation and a minimum of 6 months of overlapping coverage between two LTS releases, with the estimated end of support date for version 6.8.1 being May 15, 2024.

The previous LTS version, 6.6.0d, ends on November 15, 2023.

🔄 We recommend installing or upgrading to LTS versions in all production environments.


ℹ️ Customers who are already running 6.8.1 and cannot perform a full upgrade to 6.8.1_u3, should apply p10/p10s1, as it is functionally equivalent to 6.8.1_u3.

ℹ️ Customers upgrading to 6.8.1_u3 are not required to apply p10/p10s1 to the cluster.

ℹ️ Applying p10/p10s1 to a 6.8.1_u3 cluster will fail, as 6.8.1_u3 comes pre-packaged with p10 fixes and agent binaries.

ℹ️ Patches p11 and later, once released, can be applied normally.

ℹ️ Software version 6.8.1.x introduces enhanced security through Secure Shell functionality.

Customers upgrading to 6.8.1.x from a software version 6.6.x or earlier are recommended to refer to the section Using Secure Shell to understand the functionality and the resulting changes.


✅ 6.6.x and later ⇢ upgrade directly to 6.8.1_u3

✅ 6.5.1c to 6.5.1f_u1 ⇢ upgrade directly to 6.8.1_u3

✅ 6.5.1 to 6.5.1b ⇢ an interim upgrade is required. Upgrade to 6.5.1f and then upgrade to 6.8.1_u3

✅ 6.3.1.x ⇢ an interim upgrade is required. Upgrade to 6.5.1f, then upgrade to 6.8.1_u3.

CRITICAL VULNERABILITY - Microsoft Security Updates for March 2023

New Technology LAN Manager (NTLM) credentials theft

Microsoft Threat Intelligence has published the security updates, corresponding to the month of March and which includes all the information between 02/15/2023 and 03/14/2023, consists of 109 vulnerabilities (with assigned CVE), rated as: 9 of critical severity, 70 important, 1 moderate and 29 without assigned severity.

The published vulnerabilities correspond to the following types:

❌ Denial of service.
❌ Privilege escalation.
❌ Information disclosure.
❌ Remote execution of code.
❌ Omission of security measures.
❌ Identity theft (spoofing).

👀 You can consult the list of affected resources here

Of particular note is a 0Day vulnerability that is being actively exploited in Microsoft Outlook for Windows.
This targeted abuse would allow the theft of new technology LAN manager (NTLM) credentials. It requires no user interaction and is triggered when an attacker sends a specially crafted message with an extended MAPI property with a UNC path to an SMB share (TCP 445) on a server controlled by a threat actor. In addition, the exploit can be performed before viewing the email in Preview Pane.
👀 Read more about this threat here
Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability.


⚠️ All supported versions of Microsoft Outlook for Windows.
✅ Other versions of Microsoft Outlook, such as Android, iOS, Mac, as well as Outlook on the web and other M365 services do not support NTLM authentication and are not vulnerable to being attacked by these messages.
🔄 We recommend that all our customers upgrade Microsoft Outlook for Windows to stay secure.
🔗 You can check Outlook updates CVE-2023-23397.


Fortinet has issued 15 advisories, 1 critical, 5 high, 8 medium and 1 low severity.

The critical vulnerability could allow an attacker to execute remote code and/or perform a denial of service,

The vulnerability is described in this article.


❌ FortiOS, versions:

      – 7.2.0 through 7.2.3;
      – 7.0.0 through 7.0.9;
      – 6.4.0 through 6.4.11;
      – 6.2.0 through 6.2.12;
      – all 6.0 versions.

❌ FortiProxy, versions:

      – 7.2.0 through 7.2.2;
      – 7.0.0 through 7.0.8;
      – through 2.0.11;
      – all versions 1.2;
      – all versions 1.1.

For the moment, it is recommended:

Upgrade to the following versions to fix the critical vulnerability:

🔄 FortiOS:

    – 7.4.0 or higher;
    – 7.2.4 or higher;
    – 7.0.10 or higher;
    – 6.4.12 or higher;
    – 6.2.13 or higher.

🔄 FortiProxy:

    – 7.2.3 or higher;
    – 7.0.9 or higher;
    – 2.0.12 or higher.

🔄 FortiOS-6K7K:

    – 7.0.10 or higher;
    – 6.4.12 or higher;
    – 6.2.13 or higher.

For other non-critical vulnerabilities, please refer to the Solutions section of each advisory.

CRITICAL VULNERABILITY - Veeam® Backup & Replication™

Unauthorized access to backup infrastructure hosts

In mid-February, a vulnerability has been detected in a Veeam® Backup & Replication™ component with a CVSS score of 7.5, indicating high severity. This vulnerability could allow an unauthenticated user to request encrypted credentials that could lead to gaining access to backup infrastructure hosts.


❌ All versions of Veeam Backup & Replication

For the time being, it is recommended to:

Proceed with the update of the installations.

🔄 Patches have been developed for V11 and V12 to mitigate this vulnerability.

🔄 If you are using a Veeam all-in-one appliance without remote backup infrastructure components, you can also block external connections to TCP port 9401 on the backup server firewall as a temporary workaround until the patch is installed.



Several system administrators, hosting providers and even several CERTs are warning of numerous attacks targeting unpatched VMware ESXi servers.

The main problem lies in the exploitation of a vulnerability detected in February 2021, with code CVE-2021-21974 and a score of 9.8 out of 10.

Despite its seriousness, the fact that two years have passed since its discovery and that there are patches and mitigation measures to prevent it from being exploited by attackers, many machines are still vulnerable.

The highest degree of exposure to this vulnerability is caused when we have published the vCenter service to the outside.


❌ ESXi v7.x prior to ESXi70U1c-17325551

❌ ESXi v6.7.x prior to ESXi670-202102401-SG

❌ ESXi v6.5.x prior to ESXi650-202102101-SG

For the time being, it is recommended to:

Apply security patches and update our systems within a reasonable period of time.

👀 We leave you more information about this vulnerability in this news



If you have scheduled incremental forever backups for file-based workloads on your physical server (Windows, Linux, AIX, Solaris), you may encounter data integrity issues at recovery time.

This is unlikely to occur as the behavior only manifests itself after a new root path. When entering a new root path, previously included legacy paths may not be available in subsequent snapshots.

Any modified data in existing paths will be copied as expected. If you encounter this problem, you will need to perform a full copy to recover all data. However, this is only possible if the server is available and functioning to perform the copy.


❌ Version 6.6.0.d_U2 or earlier when the last full backup was performed.

❌ If you back up file-based workloads from physical servers.

❌ If you use the incremental-forever method (a full backup followed by all incremental runs).

❌ If you have added a parent directory to the data since the last full backup.

Versions 6.6.0d_u3 and higher have the solution applied.

For the time being, it is recommended to:

Proceed with the update of:

🔄 LTS version 6.6.0.d_u6 and perform a full backup.

🔄 If you have already upgraded to version 6.6.0d_u3 or higher, schedule a full backup for all your relevant jobs at least once to prevent the behavior from being passed along with the upgrade.

For more specific information about the cluster version ⇢ KB article

CRITICAL VULNERABILITY - Fortinet & Exchange 0 Day

In this section we explain two vulnerabilities detected in the last hours.

CRITICAL VULNERABILITY - Buffer Overflow in Fortinet products

On 12/23/2022, a 0 day (highest level critical) heap-based buffer overflow vulnerability was reported in Fortinet, the exploitation of which could allow a remote, unauthenticated attacker to execute arbitrary code via malicious requests.

The vulnerability has been assigned the identifier CVE-2022-42475.


❌ FortiOS, versions:

      ⇢ from 7.2.0 to 7.2.2;

      ⇢ from to 7.0.8;

      ⇢ from 6.4.0 to 6.4.10;

      ⇢ from 6.2.0 to 6.2.11;

[Update 12/23/2022]

      ⇢ from 6.0.0 to 6.0.15;

      ⇢ from 5.6.0 through 5.6.14;

      ⇢ from 5.4.0 through 5.4.13;

      ⇢ from 5.2.0 through 5.2.15;

      ⇢ from through 5.0.14;


❌ FortiOS-6K7K, versions:

      ⇢ from 7.0.0 to 7.0.7;

      ⇢ from 6.4.0 through 6.4.9;

      ⇢ from 6.2.0 through 6.2.11;

      ⇢ from through 6.0.14;


[Update 12/23/2022]


❌ FortiOSProxy, versions:

      ⇢ from 7.2.0 to 7.2.1;

      ⇢ from 7.0.0 through 7.0.7;

      ⇢ from through 2.0.11;

      ⇢ from 1.2.0 through 1.2.13;

      ⇢ from 1.1.0 through 1.1.6;

      ⇢ from through 1.0.7.


For the time being, it is recommended:

Proceed with the updating of:

🔄 FortiOS:

     ⇢ 7.2.3;

     ⇢ 7.0.9;

     ⇢ 6.4.11;

     ⇢ 6.2.12;

     ⇢ [Upgrade 23/12/2022] 6.0.16.


🔄 FortiOS-6K7K:

     ⇢ 7.0.8 (forthcoming publication);

     ⇢ 6.4.10;

     ⇢ 6.0.15;

[Upgrade 23/12/2022]

🔄 FortiProxy:

     ⇢ 7.2.2;

     ⇢ 7.0.8;

     ⇢ 2.0.12 (forthcoming publication)

CRITICAL VULNERABILITY - Microsoft Exchange Server

On 12/23/2022, Microsoft is investigating two 0 day (highest level critical) vulnerabilities affecting Microsoft Exchange Server, the exploitation of which could allow a remote, unauthenticated attacker to execute arbitrary code via malicious requests.

The first is a Server-Side Request Forgery (SSRF) vulnerability, while the second allows remote code execution (RCE) when the attacker can access PowerShell.

There is currently no update or security patch available to fix these vulnerabilities.

The vulnerability is described in this article.

If you are not running Microsoft Exchange on premise and do not have Outlook Web App with Internet access, you will not be affected.

❌ Exchange Server 2013;

❌ Exchange Server 2016;

❌ Exchange Server 2019;   

Microsoft recommends applying a series of mitigation measures and reminds you of the importance of always keeping your systems and applications up to date.


Last 01/21/2022, a new massive attack was carried out specifically targeting Horizon View environments published to the outside.

This is a variant of the previous Log4shell attack, which in this case exploits a vulnerability in the “VMware Horizon View Blast Secure Gateway” service to execute a script that calls Horizon’s own nssm.exe application.

The service is legal and comes installed as standard with Horizon, the problem is that the malicious call is not controlled by the application.

Involved Systems

Actions to be taken (as per KB below):
🔂 Upgrade UAGs to version 2111 or 7.13.1
🔂 Upgrade Connection Servers to version 2111 or 7.13.1
🔂 Update affected agents.
⚠️ ¡WARNING! ⚠️ 
At Encora we are prepared to fix and update your Horizon View environment, we can also attend incidents related to this vulnerability in corporate environments.


On 9/12/2021, a critical vulnerability in the Java log4j library was published. This is an open source library from the Apache foundation that is used for log processing and could allow remote code execution.
The vulnerability CVE-2021-44228 is described in this article

This library is widely used all over the world and affects an infinite number of products.

Specifically, all versions of Apache log4j-core equal to or earlier than 2.14.1 will be affected by the vulnerability.

Encora vulnerabilidad crítica Log4j
For the time being, it’s recommended:
  1. If possible, upgrade Log4j directly to version 2.15.0 or higher. 
  2. Between versions 2.10 and 2.14.1, it can be alleviated by modifying the system property log4j2.formatMsgNoLookups = true
  3. Between versions 2.0-beta9 and 2.10.0, it is recommended that you remove the class JndiLookupdel classpath: zip -q -d log4j-core – *. Jar org / apache / logging / log4j / core / lookup / JndiLookup .class. 
  4. Check if any of your products are affected from the following published list of affected products
  5. Over the next few days, pay attention to announcements and releases of new patches from your suppliers.
Although the vulnerability remains in the application itself, as far as firewalls and perimeter security are concerned, most suppliers have already published (or are in the process of doing so) updates in the Application and Threats control, as well as IPS modules, to prevent possible exploitation of this vulnerability from the outside.
Some of them are:
⚠️ ¡WARNING! ⚠️ 
Encora recommends keeping all security solutions updated throughout the IT environment (Firewalls, WAF, endpoints, etc.).

QNAP fixes four vulnerabilities

On 4/10/2021, QNAP announces that 4 vulnerabilities have been fixed, 2 of which are HIGH severity. These allow attackers to perform XSS (cross-site scripting) attacks and inject code for malicious purposes.

Encora soluciona vulnerabilidad QNAP

The affected devices are:

QNAP EOL devices – discontinued products – that execute QVR

  • Versions prior to 5.1.5 compiling 20210902.

QNAP NAS devices running Photo Station

  • Versions Prior to 6.0.18
  • Versions Prior to 5.7.13
  • Versions Prior to 5.4.10

QNAP NAS devices running Image2PDF

  • Versions Prior to 2.15


⚠️ ¡WARNING! ⚠️ 

It is recommended to check the firmware status of the device, as well as the support status of the affected applications.

The official security note published by INCIBE explains a Workaround to mitigate this vulnerability.

To upgrade QVR devices:

  1. Log into QVR as administrator.
  2. Go to “Control Panel > System Settings > Firmware Update”.
  3. “Live Update”, click on “Check for Update”.
  4. The latest available QVR update is downloaded and installed.

To upgrade Photo Station or Image2PDF:

  1. Log in to QTS or QuTS hero as administrator.
  2. Open the App Center and then click on the magnifying glass icon, a search box will appear.
  3. Type “Photo Station” or “Image2PDF” and then press ENTER
  4. Click on Update and a confirmation message will appear.
  5. Note: The Upgrade button is not available if you are already upgraded.
  6. When OK appears, click on it and it means that the application is updated.

At Encora we are experts in cybersecurity and we can help you solve this and other problems in your company.


MICROSOFT WINDOWS (CVE - 2021 - 40444)

On 7/09/2021, Microsoft made public a critical vulnerability, classified with a high level by Microsoft.

The developer is investigating a remote code execution (RCE) vulnerability in MSHTML, a component of Internet Explorer, which is being actively attacked and could affect Microsoft Windows, through the use of specially crafted Microsoft Office documents for malicious use.

An attacker could create a malicious ActiveX control to be used by a Microsoft Office document by attacking the browser engine.

The attacker would therefore have to convince the user to open the malicious document.

Users whose accounts are configured to have fewer user rights on the system are less likely to be affected than those operating with administrator rights.

Alerta de ciberseguridad Encora

At Encora we are experts in cybersecurity and we can help you solve this and other problems in your company.

Affected Versions:

For both 32-bit and 64-bit systems:

  • Windows 10 and versions 1607, 1809, 1909, 2004, 20H2 y 21H1
  • Windows 7 Service Pack 1
  • Windows 8.1
  • Windows Server 2008 Service Pack 2 and 2008 Service Pack 2 (Server Core installation)

For 64-bit systems:

  • Windows Server 2008 R2 Service Pack 1 and 2008 R2 Service Pack 1 (Server Core installation)
  • 2012 and 2012 R2; both also for Server Core installations.
  • 2016, 2019 and 2022: in all three cases also for Server Core installations.
  • 2004 (Server Core installation) and 20H2 (Server Core installation)

For ARM64 systems:

  • Windows 10 versiones 1809, 1909, 2004, 20H2 and 21H1
  • Windows RT 8.1

Microsoft has not yet released an update to fix the vulnerability.

Until its publication, here are some prevention actions:

  1. Open Microsoft Office documents downloaded from the Internet in Protected View mode, this way the attack will have no effect.
  2. Update and enable Microsoft Defender as it provides detection and protection for this vulnerability. 
  3. If you do not use Microsoft Defender, keep your antivirus updated.

The official security note published by Microsoft explains a Workaround to temporarily mitigate this vulnerability.

Note that this involves modifying the Windows registry and restarting the system.

⚠️ ¡WARNING! ⚠️

Using the registry editor incorrectly can cause serious problems that may require reinstallation of the operating system. In this particular case, making the modifications indicated by Microsoft should not have any consequences since it would only affect Internet Explorer.

At Encora we are experts in cybersecurity and we can help you solve this and other problems in your company.

Azure AD environment audit

Recently, this article was made public where it was reported that a DLL library had been breached and that it allowed attackers to have a backdoor access to the affected devices.
Many applications and tools that we use on a daily basis request connection to Azure AD as part of their initial configuration. Over time, each of the integrated applications can suffer security breaches due to published vulnerabilities, and cybercriminals can escalate privileges on the Azure AD platform, causing an even greater disaster.
From Encora we offer our customers a free review of the Azure AD environment, in order to know the current exposure of the environment and to mitigate the risks posed by some tools or applications linked to the Azure AD cloud platform.
If you wish to have your environment checked, just let us know and our team will contact you as soon as possible.

heck here our Cyber Security portfolio.