Lucene search
K

30 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/01 12:0 a.m.23 views

SUSE SLES15 / openSUSE 15 Security Update : azure-cli (SUSE-SU-2025:0751-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0751-1 advisory. - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certa...

9.1CVSS5.5AI score0.01609EPSS
Exploits0References4
OSV
OSV
added 2025/02/28 4:26 p.m.12 views

SUSE-SU-2025:0751-1 Security update for azure-cli

This update for azure-cli fixes the following issues: - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud bsc1231971...

9.1CVSS6.8AI score0.01609EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2021/12/23 12:0 a.m.23 views

Microsoft Azure Defender for IoT maintenanceWindow Endpoint SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. Authentication is required to exploit this vulnerability. The specific flaw exists within the maintenanceWindow endpoint. The issue results from the lack of proper...

8.8CVSS8.4AI score0.02712EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2021/12/21 12:0 a.m.28 views

Microsoft Azure Defender for IoT sync Endpoint SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sync endpoint. The issue results from the lack of proper validation ...

9.8CVSS8.8AI score0.03825EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2021/12/21 12:0 a.m.19 views

Microsoft Azure Defender for IoT update-handshake Endpoint SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update-handshake endpoint. The issue results from the lack of proper...

9.8CVSS8.8AI score0.0403EPSS
Exploits1References1
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/10/18 7:0 p.m.21 views

Microsoft achieves a Leader placement in Forrester Wave for XDR

We are excited to share that Microsoft has been named a Leader in The Forrester New Wave: Extended Detection and Response XDR, Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection,...

0.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/08/19 6:0 p.m.233 views

How to proactively defend against Mozi IoT botnet

Mozi is a peer-to-peer P2P botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records DVRs. It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s been used to conduct distributed...

10CVSS0.2AI score0.59259EPSS
Exploits23
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/08/19 6:0 p.m.121 views

How to proactively defend against Mozi IoT botnet

Mozi is a peer-to-peer P2P botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records DVRs. It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s been used to conduct distributed...

10CVSS0.2AI score0.59259EPSS
Exploits23
Microsoft Secure
Microsoft Secure
added 2021/06/02 1:0 p.m.54 views

Microsoft acquires ReFirm Labs to enhance IoT security

Modern computing devices can be thought of as a collection of discrete microprocessors each with a dedicated function like high-speed networking, graphics, Disk I/O, AI, and everything in between. The emergence of the intelligent edge has accelerated the number of these cloud-connected devices th...

0.2AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/05/20 4:0 p.m.45 views

SimuLand: Understand adversary tradecraft and improve detection strategies

At Microsoft, we continuously collaborate with customers and the InfoSec community to learn more about the latest adversary tradecraft so that we can improve our detection strategies across all our security services. Even though those detections are already built into our products, and protecting...

Exploits0
ThreatPost
ThreatPost
added 2021/04/30 11:49 a.m.104 views

Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices

Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash...

0.5AI score0.01326EPSS
Exploits0References7
Microsoft Secure
Microsoft Secure
added 2021/04/29 5:0 p.m.38 views

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

The MITRE ATT&CK® for Containers matrix was published today, establishing an industry knowledge base of attack techniques associated with containerization and related technologies that are increasingly more ubiquitous in the current computing landscape. Microsoft is happy to have contributed and...

7.7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/04/29 5:0 p.m.42 views

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

The MITRE ATT&CK® for Containers matrix was published today, establishing an industry knowledge base of attack techniques associated with containerization and related technologies that are increasingly more ubiquitous in the current computing landscape. Microsoft is happy to have contributed and...

7.7AI score
Exploits0
MSRC
MSRC
added 2021/04/29 4:56 p.m.56 views

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These...

3.3AI score
Exploits0
MSRC
MSRC
added 2021/04/29 7:0 a.m.7 views

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These...

8.3AI score
Exploits0
MSRC
MSRC
added 2021/04/29 7:0 a.m.13 views

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These...

3.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/04/27 4:0 p.m.46 views

Meet critical infrastructure security compliance requirements with Microsoft 365

Critical infrastructure operators face a hostile cyber threat environment and a complex compliance landscape. Every operator of an industrial control system also operates an IT network to service its productivity needs. A supervisory control and data acquisition SCADA system operator of a power...

0.7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/04/27 4:0 p.m.37 views

Meet critical infrastructure security compliance requirements with Microsoft 365

Critical infrastructure operators face a hostile cyber threat environment and a complex compliance landscape. Every operator of an industrial control system also operates an IT network to service its productivity needs. A supervisory control and data acquisition SCADA system operator of a power...

0.7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/04/08 6:0 p.m.56 views

Threat matrix for storage services

The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat protection and mitigation strategies and...

0.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/03/09 5:0 p.m.20 views

Azure LoLBins: Protecting against the dual use of virtual machine extensions

Azure Defender for Resource Manager offers unique protection by automatically monitoring the resource management operations in your organization, whether theyre performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. In this blog, we will look into the...

8AI score
Exploits0
Rows per page
Query Builder