CVE-2022-23604 Privilege escalation in Defender

x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the sam...

The vulnerability of Microsoft Windows Defender operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Microsoft Windows Defender operating systems is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

Remote sessions are abruptly disconnected on Endpoints for Mac

Citrix Virtual Apps and Desktops sessions get abruptly disconnected on endpoints for Mac, which use Microsoft Defender...

EDRHunt - Scan Installed EDRs And AVs On Windows

EDRHunt scans Windows services, drivers, processes, registry for installed EDRs Endpoint Detection And Response. Read more about EDRHunt here. Install Binary Download the latest release from the release section. Releases are built for windows/amd64. Go Requires Go to be installed on system. Teste...

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...

Detect active network reconnaissance with Microsoft Defender for Endpoint

The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, such as the Cybersecurity...

Detect active network reconnaissance with Microsoft Defender for Endpoint

The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, such as the Cybersecurity...

The vulnerability of Microsoft Windows Defender operating system, related to improper code generation management, allows attackers to execute arbitrary code.

The vulnerability of Microsoft’s Windows Defender operating system is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially crafted request...

New Variant of UpdateAgent Malware Infects Mac Computers with Adware

Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has undergone several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat...

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...

Measure the effectiveness of your Microsoft security with AttackIQ

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. To improve an organization’s cybersecurity readiness, you need to test that your detection and prevention technologies work as intended and that your security program is performing a...

Measure the effectiveness of your Microsoft security with AttackIQ

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. To improve an organization’s cybersecurity readiness, you need to test that your detection and prevention technologies work as intended and that your security program is performing a...

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

We have recently uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. We observed that the second stage of the campaign was successful agains...

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

We have recently uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. We observed that the second stage of the campaign was successful agains...

January 25, 2022—KB5009616 (OS Build 17763.2510) Preview

January 25, 2022—KB5009616 OS Build 17763.2510 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights Updates...

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated...

Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Vulnerability

Exploit Title: Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSe...

Microsoft Windows Defender - Detections Bypass Vulnerability

Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSec Vendor...

Microsoft Windows Defender - Detections Bypass

Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSec Vendor...