Gemalto's Sentinel LDK RTE Security Vulnerabilities

New Microsoft Sysmon report in VirusTotal improves security

Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage,...

Microsoft achieves a Leader placement in Forrester Wave for XDR

We are excited to share that Microsoft has been named a Leader in The Forrester New Wave: Extended Detection and Response (XDR), Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection,...

Microsoft achieves a Leader placement in Forrester Wave for XDR

We are excited to share that Microsoft has been named a Leader in The Forrester New Wave: Extended Detection and Response (XDR), Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection,...

Description of the security update for SharePoint Server 2019: October 12, 2021 (KB5002028)

Description of the security update for SharePoint Server 2019: October 12, 2021 (KB5002028) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability, Microsoft Word remote code execution vulnerability, Microsoft SharePoint Server remote code...

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense...

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense...

FreeBSD : redis -- multiple vulnerabilities (9b4806c1-257f-11ec-9db5-0800270512f4)

The Redis Team reports : CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on...

Redis < 5.0.14, 6.0.x < 6.0.16, 6.1.x < 6.2.6 Multiple Vulnerabilities

Redis is prone to multiple...

CVE-2021-32762

An integer overflow issue leading to heap buffer overflow was found in the hiredis library. The "redis-cli" command-line tool and "redis-sentinel" service may be vulnerable to this flaw when parsing specially crafted, large multi-bulk network replies. This flaw allows a remote attacker to corrupt.....

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

Integer overflow

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

CVE-2021-32762 Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large...

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange’s multi-factor authentication (MFA). According to a notification letter (PDF) – seen and posted by BleepingComputer, which first reported the story – that Coinbase sent to...

3.1M Neiman Marcus Customer Card Details Breached

Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just...

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

Microsoft continues to work with partners and customers to track and expand our knowledge of the threat actor we refer to as NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components. As we stated before, we suspect that NOBELIUM can draw from significant...

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

Microsoft continues to work with partners and customers to track and expand our knowledge of the threat actor we refer to as NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components. As we stated before, we suspect that NOBELIUM can draw from significant...

A guide to combatting human-operated ransomware: Part 1

This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. Microsoft’s Detection...

A guide to combatting human-operated ransomware: Part 1

This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. Microsoft’s Detection...

Exploit for Improper Initialization in Microsoft

CVE-2021-38647 CVE-2021-38647 - POC to exploit...

HP Omen Hub Exposes Millions of Gamers to Cyberattack

Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw (CVE-2021-3437) from researchers from SentinelLabs details how the gaming.....

Exposure of Sensitive Information to an Unauthorized Actor in opendatacube/odc-tools

Description Information Disclosure AWS PrincipleID, sourceIPAddress, configurationId and more. # Proof of Concept https://raw.githubusercontent.com/opendatacube/odc-tools/develop/apps/dc_tools/tests/data/sentinel-2-nrt_2020_08_21.json Impact Leaks Sensitive...

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444,....

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444,....

CVE-2021-38647

Open Management Infrastructure Remote Code Execution...

CVE-2021-38648

Open Management Infrastructure Elevation of Privilege...

CVE-2021-38649

Open Management Infrastructure Elevation of Privilege...

CVE-2021-38645

Open Management Infrastructure Elevation of Privilege...

Description of the security update for SharePoint Server 2019: September 14, 2021 (KB5002018)

Description of the security update for SharePoint Server 2019: September 14, 2021 (KB5002018) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-38651. Note:.....

Exploit for Allocation of Resources Without Limits or Throttling in Helpsystems Cobalt Strike

A denial of service (DoS) vulnerability (CVE-2021-36798) was...

CobaltStrikeParser - Python parser for CobaltStrike Beacon's configuration

Python parser for CobaltStrike Beacon's configuration Description Use parse_beacon_config.py for stageless beacons, memory dumps or C2 urls with metasploit compatibility mode (default true). Many stageless beacons are PEs where the beacon code itself is stored in the .data section and xored with...

Feds Warn of Ransomware Attacks Ahead of Labor Day

Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won’t — which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. Citing historical precedence, the FBI and CISA.....

How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud

In 2020, the US Department of Defense (DoD) began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base (DIB). This new Cybersecurity Maturity Model Certification1 (CMMC) system requires regular audits that will bolster the security of the...

How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud

In 2020, the US Department of Defense (DoD) began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base (DIB). This new Cybersecurity Maturity Model Certification1 (CMMC) system requires regular audits that will bolster the security of the...

[SECURITY] [DLA 2717-2] redis security update

Debian LTS Advisory DLA-2717-2 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 27, 2021 https://wiki.debian.org/LTS Package : redis Version : 3:3.2.6-3+deb9u6 CVE ID :...

REW-sploit - Emulate And Dissect MSF And *Other* Attacks

REW-sploit The tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.html#rew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploit_docs Need help in analyzing Windows...

How to proactively defend against Mozi IoT botnet

Mozi is a peer-to-peer (P2P) botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records (DVRs). It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s been used to conduct distributed...

How to proactively defend against Mozi IoT botnet

Mozi is a peer-to-peer (P2P) botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records (DVRs). It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s been used to conduct distributed...

Exploit for Allocation of Resources Without Limits or Throttling in Helpsystems Cobalt Strike

CVE-2021-36798 CVE-2021-36798 Cobalt Strike &lt; 4.3 dos ...

Migrating content from traditional SIEMs to Azure Sentinel

In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...

Migrating content from traditional SIEMs to Azure Sentinel

In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...

Microsoft Warns: Another Unpatched PrintNightmare Zero-Day

One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler that can be filed under the PrintNightmare umbrella. The news comes amid plenty of...

7 ways to harden your environment against compromise

Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the...

7 ways to harden your environment against compromise

Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the...

Description of the security update for SharePoint Server 2019: August 10, 2021 (KB5002000)

Description of the security update for SharePoint Server 2019: August 10, 2021 (KB5002000) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see the Microsoft Common Vulnerabilities and Exposures CVE-2021-36940. Note:....