Researcher Exploits Microsoft's Notepad to 'Pop a Shell'

A memory corruption bug in the Microsoft’s Windows Notepad application can be used to open remote shell access – typically a first step for attackers infiltrating a system. The bug was found by Tavis Ormandy, a bug hunter with Google’s Project Zero team. In a tweet he indicated that the bug was...

PT-2019-6461 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.1.5 Description: The issue is related to the ip6 ra control function in the net/ipv6/ipv6 sockglue.c component of the Linux kernel, which is associated with errors in pointer dereferencing. Exploitation of this...

Step 9. Protect your OS: top 10 actions to secure your environment

In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...

Using Semmle QL vulnerability out Part2-vulnerability warning-the black bar safety net

First part of this series introduced the Semmle QL, as well as the Microsoft Security Response Center MSRC how to use it to review to our report the vulnerability. This article discusses a How do we take the initiative to use it examples, including Azure firmware component of a security audit. Th...

Android Messaging: A Few Bugs Short of a Chain

Posted by Natalie Silvanovich, Project Zero About a year and a half ago, I did some research into Android messaging and mail clients. At the time, I didn’t blog about it, because though I found bugs, I wasn’t able to assemble them into a credible attack. However, in the spirit of writing about...

Recommendations for deploying the latest Attack surface reduction rules for maximum impact

The keystone to good security hygiene is limiting your attack surface. Attack surface reduction is a technique to remove or constrain exploitable behaviors in your systems. In this blog, we discuss the two attack surface reduction rules introduced in the most recent release of Windows and cover...

3 Reasons Your Business Needs Security at the Edge

As a security professional, no one knows better than you that the attack surface is shifting and continues to expand across an ever-widening area. Our interconnected digital lives are wreaking havoc with the idea of "the perimeter." As digital attacks continue to grow in size and volume, and are...

Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution

UPDATE Malicious scanning activity targeting Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers is underway, with a swell of opportunistic probes looking for vulnerable devices ramping up since Friday. According to Bad Packets Report’s honeypot data, cyberattackers are targeting a...

TAU Threat Intelligence Notification: PPID Spoofing – Explorer CLSID

Summary Popular Attack Surface Reduction bypasses allow adversaries to hinder threat hunting activities by spoofing Parent Process ID. PPID to PID relationships have always been a key indicator of compromise and removing these conditions lead to false sense of security. Upon investigation its bee...

Sn0Int - Semi-automatic OSINT Framework And Package Manager

sn0int is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the result...

LabKey Vulnerabilities Threaten Medical Research Data

A trio of vulnerabilities in a popular open source medical data collaboration tool leaves important healthcare research data and potentially subject information open to multiple cross site scripting XSS attacks. The flaws are serious as they allow an attacker to retrieve user credentials once a...

Fighting Fire with Fire: API Automation Risks

Akamai research shows that 83 percent of all traffic on the web today are API calls JSON / XML. In many cases this fast growth can be attributed to the adoption and popularity of mobile devices and the mobile app ecosystem, as well as the abuse by threat actors using bots to automate their manual...

Linux: Mounting of squashfs filesystems

The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems similar to cramfs. A squashfs image can be used without having to first decompress the image. Removing support for unneeded filesystem types reduces the local attack surface of the system. ...

Linux: Mounting of udf filesystems

The udf filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167 specifications. This is an open vendor filesystem type for data storage on a broad range of media. This filesystem type is necessary to support writing DVDs and newer optical disc formats. Removing...

Huawei Router Flaw Leaks Default Credential Status

A vulnerability in some Huawei routers used for carrier ISP services allows cybercriminals to identify whether the devices have default credentials or not – without ever connecting to them. CVE-2018-7900 exists in the router panel and allows credentials information to leak – so attackers can simp...

From DirectX to the Windows Kernel--a few of the CVE vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Operating systemthe kernel is each vulnerability the use of chain final goal, we can view the Zero Day Initiative ZDI Pwn2Own calendar year, race, and understand this aspect of the content. Windows kernel has always been the attacker keen to target, my favorite is the abuse of the...

Hackertarget - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery

Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...

Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

Artificial intelligence is the new golden ring for cybersecurity developers, thanks to its potential to not just automate functions at scale but also to make contextual decisions based on what it learns over time. This can have big implications for security personnel—all too often, companies simp...

Microsoft Windows Defender AV: Impede JavaScript and VBScript to launch executables

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavimpedejsvbsexec.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Configure Attack Surface Reduction rules: Impede JavaScript and VBScript to launch executables Authors: Emanuel Moss Copyright: Copyright c 2018...

Microsoft Windows Defender AV: Block executable content from email client and webmail

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavblockexeccontentmail.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Configure Attack Surface Reduction rules: Block executable content from email client and webmail Authors: Emanuel Moss Copyright: Copyright c...