Microsoft security experts outline next steps after compromise recovery

Who is CRSP? The Microsoft Compromise Recovery Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function is related to the lack of a mechanism for converting data types. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s encoding function allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function is related to the lack of verification for the result of the addition arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC function decoding process allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the STTS decoder for MPEG-4 multimedia platform GPAC is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

DarthSidious - Building An Active Directory Domain And Hacking It

The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to buil...

The vulnerability of the HDLR decoder in the MPEG-4 multimedia platform GPAC function decoding process allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the HDLR decoder in the MPEG-4 multimedia platform GPAC decoding function is related to the lack of a mechanism for data type conversion. Exploiting this vulnerability allows an attacker operating remotely to gain access to confidential data, compromise its integrity, and cau...

Microsoft CRSP shares the ways human behavior affects compromise recovery

The Microsoft Compromise Recover Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across all organizations public and private, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As ...

Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop

You’re tasked with protecting your environment, and you’ve invested significant time and resources into deploying and configuring your tools — but how do you know if the security controls you’ve put into place are effective? The challenge continues to grow as attacker tactics, techniques, and...

3 Reasons to Join Rapid7’s Cloud Security Summit

The world of the cloud never stops moving — so neither can cloud security. In the face of rapidly evolving technology and a constantly changing threat landscape, keeping up with all the latest developments, trends, and best practices in this emerging practice is more vital than ever. Enter Rapid7...

Free HermeticRansom Ransomware Decryptor Released

A free decryptor is out to unlock a ransomware found piggybacking on the HermeticWiper data wiper malware that ESET and Broadcom’s Symantec discovered targeting machines at financial, defense, aviation and IT services outfits in Ukraine, Lithuania and Latvia last week. The fact that there was...

Ex-Gumshoe Nabs Cybercrooks with FBI Tactics

Crooks are crooks, right? Whatever motivates serial violent offenders doesn’t switch off when they stop mugging people and instead pick up a keyboard to transform into cyber actors who craft cyber threats. At least, that was the thinking behind the 2012 creation of the FBI’s Cyber Behavioral...

Celebrating 20 Years of Trustworthy Computing

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

The critical vulnerability is buried among endless open source code, and many cyber experts are stumped...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the use of memory after it is freed, allowing attackers to exploit their privileges.

The vulnerability of Adobe After Effects’ video and dynamic image editing software relates to the use of memory after it is freed during the processing of JPEG 2000 or jp2 graphic files. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense

Todays threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers SOCs must be equipped with the tools and insight to identify and resolve potentially high-impact threa...

Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense

Todays threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers SOCs must be equipped with the tools and insight to identify and resolve potentially high-impact threa...

North Korean Hackers Found Behind a Range of Credential Theft Campaigns

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterpris...

Finding My Way as an Akamai Intern

It’s an exciting time to be starting a career in digital – but even more so when it’s at a company like Akamai. An organization driven by a commitment to developing talent within the industry, Akamai is an intellectually rigorous, demanding, and rewarding environment to be in at any level. But fo...

Encrypted & Fileless Malware Sees Big Growth

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...

[The Lost Bots] Episode 6: D&R + VM = WINNING!

!\The Lost Bots\ Episode 6: D&R + VM = WINNING!https://blog.rapid7.com/content/images/2021/10/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpeg Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security wi...