New Microsoft Sysmon report in VirusTotal improves security
Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage,...
0.2AI Score
Microsoft achieves a Leader placement in Forrester Wave for XDR
We are excited to share that Microsoft has been named a Leader in The Forrester New Wave: Extended Detection and Response (XDR), Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection,...
0.5AI Score
Microsoft achieves a Leader placement in Forrester Wave for XDR
We are excited to share that Microsoft has been named a Leader in The Forrester New Wave: Extended Detection and Response (XDR), Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection,...
0.5AI Score
Description of the security update for SharePoint Server 2019: October 12, 2021 (KB5002028)
Description of the security update for SharePoint Server 2019: October 12, 2021 (KB5002028) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability, Microsoft Word remote code execution vulnerability, Microsoft SharePoint Server remote code...
8.1CVSS
7.4AI Score
0.163EPSS
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense...
0.1AI Score
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense...
0.1AI Score
FreeBSD : redis -- multiple vulnerabilities (9b4806c1-257f-11ec-9db5-0800270512f4)
The Redis Team reports : CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on...
8.8CVSS
0.5AI Score
0.023EPSS
Redis < 5.0.14, 6.0.x < 6.0.16, 6.1.x < 6.2.6 Multiple Vulnerabilities
Redis is prone to multiple...
8.8CVSS
8.8AI Score
0.009EPSS
An integer overflow issue leading to heap buffer overflow was found in the hiredis library. The "redis-cli" command-line tool and "redis-sentinel" service may be vulnerable to this flaw when parsing specially crafted, large multi-bulk network replies. This flaw allows a remote attacker to corrupt.....
8.8CVSS
5.1AI Score
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
8.8CVSS
8.8AI Score
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
8.8CVSS
2.8AI Score
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
8.8CVSS
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
8.8CVSS
8.5AI Score
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
8.8CVSS
8.4AI Score
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
8.8CVSS
8.5AI Score
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
7.5CVSS
8.8AI Score
0.009EPSS
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library....
8.8CVSS
8.3AI Score
0.009EPSS
redis -- multiple vulnerabilities
The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large...
8.8CVSS
1.7AI Score
0.023EPSS
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed
The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange’s multi-factor authentication (MFA). According to a notification letter (PDF) – seen and posted by BleepingComputer, which first reported the story – that Coinbase sent to...
-0.5AI Score
0.975EPSS
3.1M Neiman Marcus Customer Card Details Breached
Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just...
0.1AI Score
0.975EPSS
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
Microsoft continues to work with partners and customers to track and expand our knowledge of the threat actor we refer to as NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components. As we stated before, we suspect that NOBELIUM can draw from significant...
8.1AI Score
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
Microsoft continues to work with partners and customers to track and expand our knowledge of the threat actor we refer to as NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components. As we stated before, we suspect that NOBELIUM can draw from significant...
8.1AI Score
A guide to combatting human-operated ransomware: Part 1
This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. Microsoft’s Detection...
8.1AI Score
A guide to combatting human-operated ransomware: Part 1
This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. Microsoft’s Detection...
8.1AI Score
Exploit for Improper Initialization in Microsoft
CVE-2021-38647 CVE-2021-38647 - POC to exploit...
9.8CVSS
7.9AI Score
0.975EPSS
HP Omen Hub Exposes Millions of Gamers to Cyberattack
Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw (CVE-2021-3437) from researchers from SentinelLabs details how the gaming.....
AI Score
0.002EPSS
Exposure of Sensitive Information to an Unauthorized Actor in opendatacube/odc-tools
Description Information Disclosure AWS PrincipleID, sourceIPAddress, configurationId and more. # Proof of Concept https://raw.githubusercontent.com/opendatacube/odc-tools/develop/apps/dc_tools/tests/data/sentinel-2-nrt_2020_08_21.json Impact Leaks Sensitive...
0.5AI Score
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444,....
AI Score
0.969EPSS
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444,....
AI Score
0.969EPSS
Description of the security update for SharePoint Server 2019: September 14, 2021 (KB5002018)
Description of the security update for SharePoint Server 2019: September 14, 2021 (KB5002018) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-38651. Note:.....
7.6CVSS
6.2AI Score
0.001EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Helpsystems Cobalt Strike
A denial of service (DoS) vulnerability (CVE-2021-36798) was...
7.5CVSS
7.3AI Score
0.003EPSS
CobaltStrikeParser - Python parser for CobaltStrike Beacon's configuration
Python parser for CobaltStrike Beacon's configuration Description Use parse_beacon_config.py for stageless beacons, memory dumps or C2 urls with metasploit compatibility mode (default true). Many stageless beacons are PEs where the beacon code itself is stored in the .data section and xored with...
7.2AI Score
Feds Warn of Ransomware Attacks Ahead of Labor Day
Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won’t — which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. Citing historical precedence, the FBI and CISA.....
-0.3AI Score
How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud
In 2020, the US Department of Defense (DoD) began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base (DIB). This new Cybersecurity Maturity Model Certification1 (CMMC) system requires regular audits that will bolster the security of the...
0.1AI Score
How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud
In 2020, the US Department of Defense (DoD) began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base (DIB). This new Cybersecurity Maturity Model Certification1 (CMMC) system requires regular audits that will bolster the security of the...
0.1AI Score
[SECURITY] [DLA 2717-2] redis security update
Debian LTS Advisory DLA-2717-2 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 27, 2021 https://wiki.debian.org/LTS Package : redis Version : 3:3.2.6-3+deb9u6 CVE ID :...
7.5CVSS
7.7AI Score
0.017EPSS
REW-sploit - Emulate And Dissect MSF And *Other* Attacks
REW-sploit The tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.html#rew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploit_docs Need help in analyzing Windows...
6.9AI Score
How to proactively defend against Mozi IoT botnet
Mozi is a peer-to-peer (P2P) botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records (DVRs). It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s been used to conduct distributed...
7.8CVSS
0.2AI Score
0.956EPSS
How to proactively defend against Mozi IoT botnet
Mozi is a peer-to-peer (P2P) botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records (DVRs). It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s been used to conduct distributed...
7.8CVSS
0.2AI Score
0.956EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Helpsystems Cobalt Strike
CVE-2021-36798 CVE-2021-36798 Cobalt Strike < 4.3 dos ...
7.5CVSS
7.5AI Score
0.003EPSS
Migrating content from traditional SIEMs to Azure Sentinel
In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...
-0.4AI Score
Migrating content from traditional SIEMs to Azure Sentinel
In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...
-0.4AI Score
Microsoft Warns: Another Unpatched PrintNightmare Zero-Day
One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler that can be filed under the PrintNightmare umbrella. The news comes amid plenty of...
8.8CVSS
0.2AI Score
0.967EPSS
7 ways to harden your environment against compromise
Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the...
AI Score
7 ways to harden your environment against compromise
Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the...
AI Score
Description of the security update for SharePoint Server 2019: August 10, 2021 (KB5002000)
Description of the security update for SharePoint Server 2019: August 10, 2021 (KB5002000) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see the Microsoft Common Vulnerabilities and Exposures CVE-2021-36940. Note:....
7.6CVSS
6.2AI Score
0.001EPSS