Researchers have detected a scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals.
During last 30 about 24,000 unique IP addresses have attempted to access these critical security gateways
Here you can find complete article:
https://cybersecuritynews.com/hackers-scanning-palo-alto-networks-portals/
There is an easy and quick way to get .TXT file with all AD Usernames and relatives last logon dates.
In previous article I mentioned a way to check remote client/server uptime.
https://www.alessandromazzanti.com/2022/03/scripting-how-to-check-server-uptime.html
An alternative way is to execute these powershell commands:
$serverName = "NomeDelServer"
$uptime = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $serverName).ConvertToDateTime((Get-WmiObject -Class Win32_OperatingSystem -ComputerName $serverName).LastBootUpTime)
$uptime
I already published several blog articles related to PRTG product.
https://www.alessandromazzanti.com/search?q=prtg
During these days we managed PRTG server migration.
This is step by step article that we followed succesfully.
The Windows security updates released on or after April 9, 2024 address elevation of privilege vulnerabilities with the Kerberos PAC Validation Protocol.
Take Action
IMPORTANT Step 1 to install the update released on or after April 9, 2024 will NOT fully address the security issues in CVE-2024-26248 and CVE-2024-29056 by default. To fully mitigate the security issue for all devices, you must move to Enforced mode (described in Step 3) once your environment is fully updated.
To help protect your environment and prevent outages, we recommend the following steps:
UPDATE: Windows domain controllers and Windows clients must be updated with a Windows security update released on or after April 9, 2024.
MONITOR: Audit events will be visible in Compatibility mode to identify devices not updated.
ENABLE: After Enforcement mode is fully enabled in your environment, the vulnerabilities described in CVE-2024-26248 and CVE-2024-29056 will be mitigated.
(Install the April 2025 Windows update on all Windows domain controllers and Windows clients, once it becomes available later this year. Enforcement mode will be fully enabled in your environment. This will properly mitigate the vulnerabilities described in CVE-2024-26248 and CVE-2024-29056.)
Summary
Keep Microsoft Teams desktop clients (version 24295.x.x.x or older) updated to avoid warning banners starting March 2025 and blocking pages from May 6th, 2025. Ensure automatic updates or frequent updates to the golden image to stay current. Check the Teams Admin Center for client usage reports.
Here it is original article
https://admin.microsoft.com/AdminPortal/home?ref=MessageCenter/:/messages/MC1038442