INTERCEPT - Policy As Code Static Analysis Auditing

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works ...

Fedora 30 : php-horde-horde (2020-fd8761fd13)

horde 5.2.22 - jan SECURITY: Protect image processing service from rendering active SVG content within the browser. - jan SECURITY: Fix XSS vulnerabilities in administration interface. - jan Support Redis Sentinel configuration Michael Menge , Request 14998. - jan Use file hashing for detecting...

Fedora 31 : php-horde-horde (2020-1a968aeb47)

horde 5.2.22 - jan SECURITY: Protect image processing service from rendering active SVG content within the browser. - jan SECURITY: Fix XSS vulnerabilities in administration interface. - jan Support Redis Sentinel configuration Michael Menge , Request 14998. - jan Use file hashing for detecting...

Threat hunting: Part 1—Why your SOC needs a proactive hunting team

Cybersecurity can often feel like a game of whack-a-mole. As our tools get better at stopping one type of attack, our adversaries innovate new tactics. Sophisticated cybercriminals burrow their way into network caverns, avoiding detection for weeks or even months, as they gather information and...

MISA expands with new members and new product additions

Another RSA Conference RSAC and another big year for the Microsoft Intelligent Security Association MISA. MISA was launched at RSAC 2018 with 26 members and a year later we had doubled in size to 53 members. Today, I am excited to share that the association has again doubled in size to 102 member...

Free import of AWS CloudTrail logs through June 2020 and other exciting Azure Sentinel updates

SecOps teams are increasingly challenged to protect assets across distributed environments, analyze the growing volume of security data, and prioritize response to real threats. As a cloud-native SIEM solution security information and event management, Azure Sentinel uses artificial intelligence ...

Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals

Cybercrime is as much a people problem as it is a technology problem. To respond effectively, the defender community must harness machine learning to compliment the strengths of people. This is the philosophy that undergirds Azure Sentinel. Azure Sentinel is a cloud-native SIEM that exploits...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2...

Design/Logic Flaw

HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 contains a flaw where negation in certain policy expressions is parsed incorrectly. The issue has been fixed in version 0.10.2. Affected component: Sentinel policy evaluation/parsing; root cause: incorrect handling of negation in expressions. Impact details are lim...

CVE-2019-18232

SafeNet Sentinel LDK License Manager, all versions prior to 7.101only Microsoft Windows versions are affected is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading...

CVE-2019-18232

SafeNet Sentinel LDK License Manager, all versions prior to 7.101only Microsoft Windows versions are affected is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading...

Privilege escalation

SafeNet Sentinel LDK License Manager, all versions prior to 7.101only Microsoft Windows versions are affected is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading...

CVE-2019-18232

SafeNet Sentinel LDK License Manager (Windows, all versions prior to 7.101) is affected when configured as a service. The issue allows a local attacker to abuse symbolic links to create, write, or delete files in the system folder, resulting in privilege escalation and potential DLL hijacking tha...

CVE-2019-18232

SafeNet Sentinel LDK License Manager, all versions prior to 7.101only Microsoft Windows versions are affected is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading...

Thales DIS SafeNet Sentinel LDK License Manager Runtime

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Thales DIS Equipment: SafeNet Sentinel LDK License Manager Runtime Vulnerability: Link Following 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to escalate privileges. 3...

Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM

Just a month ago, I communicated the details about Azure Sentinel reaching general availability. Since then, many customers have shared how Azure Sentinel has empowered their teams to be nimble and more efficient. ASOS, one of the largest online fashion retailers, is an excellent example of this...

Microsoft Intelligent Security Association grows to more than 80 members

Sometimes an idea sparks, and it feels so natural, so organic, that it takes on a life of its own and surprises you by how fast it grows. The Microsoft Intelligent Security Association MISA was one of these ideas. It was born out of a desire to be easy to do business with and be a better partner ...