Cybersecurity strategies to prioritize now​​

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System DNS on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the...

CVE-2023-48226 OpenReplay HTML Injection vulnerability

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings for registration looks like validation is correct, a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for...

bad Actor can block the operation of mint by creating duplicate order by frunt runing original order

Lines of code Vulnerability details Impact bad Actor can block the operation of mint by creating duplicate order by frunt runing original order So basically the contracts are doing orders by users RFQ to system whether by API or front end. and make the mint process the problem is in the contract...

Deposit transaction is prone to being front-run by bad actors.

Lines of code Vulnerability details Impact It is possible for an attacker to front-run a user's deposit transaction while transferring fewer amount of assets than the user and minting an equivalent amount of shares as the user could have. Proof of Concept The scenario described below is for the...

MainWP Child < 4.4.1.1 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...

Code injection

XML Signature Wrapping XSW in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider IP to impersonate any TOPdesk user via SAML Response manipulation...

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs--ChatGPT in particular: Given that weve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, its entirely possible that bad actors have been poisoning ChatGPT for months. We dont know...

Meta Moves to Counter New Malware and Repeat Account Takeovers

The company is adding new tools as bad actors use ChatGPT-themed lures and mask their infrastructure in an attempt to trick victims and elude defenders...

The Best Defense Against Cyber Threats for Lean Security Teams

H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… You. That is, if you're in charge of cybersecurity for a small-to-midsize enterprise SME. Why? Bad actors know that SMEs typically have a smaller security budget, less...

CVE-2023-0001

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agen...

Cortex XDR Agent: Cleartext Exposure of Agent Admin Password

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agen...

SP Project & Document Manager < 4.58 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. PoC 1. Upload a file using the plugin. 2. On another browser, access the newly uploaded file via:...

Can Business Cybersecurity Protection Outlay Offset Cybercrime Insurance?

What is cybercrime insurance? Business cybersecurity protection cybercrime insurance safeguards organizations from any financial losses relating to damage to or loss of information from, networks and IT systems. This may include reputation loss, the cost of business interruption, infringement of...

2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends

Every year, Rapid7's team of cloud security experts and researchers put together a report to review data from publicly disclosed breaches that occurred over the prior year. The goal of this report is to unearth patterns and trends in cloud-related breaches and persistent exposures, so organizatio...

Learn the latest cybersecurity techniques at the Microsoft Security Summit

In a world marked by change and uncertainty, innovation is more than a nice-to-have—it’s vital to any healthy organization. But fearless innovation becomes impossible when gaps in security can put those ideas at risk. Many organizations try to increase their defenses by piecing together a patchwo...

Fingerprint Attendance 1.0 Account Takeover Vulnerability

Title: Fingerprint Attendance 1.0 Account Takeover Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Fingerprint...

Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)

Impact Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance. Based on the HTTP status code in the response, an attacker is then able to work out which resources exist, and which do...

Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities

Living-off-the-land binaries LOLBins are no joke: Cyberattackers have been increasingly making use of them to hide their malicious work from security solutions. It’s time for threat hunters and IT security staff to familiarize themselves with how these are used in the attack chains of some of the...

2022 Threat Predictions

Trellix 2022 Threat Predictions By Trellix · January 19, 2022 Ransomware, nation states, social media, and a shifting reliance on a remote workforce made headlines in 2021, proving that bad actors only continue to rise to the challenge. Defiantly, they thwart solution stacks and gain momentum eac...