Microsoft Dynamics 365 (on-premises) information disclosure vulnerability (CNVD-2024-00204)

Microsoft Dynamics 365 is a new-generation cloud-based intelligent business application from Microsoft, which helps enterprises grow and transform digitally through the perfect integration of CRM & ERP. An information disclosure vulnerability exists in Microsoft Dynamics 365 on-premises, which ca...

Propius MachineSelector 信任管理问题漏洞

Propius MachineSelector is Propius' Web server-client based remote maintenance tool for local setups on-premise or cloud-based in which companies can create, manage and control secure access to their machines. A security vulnerability exists in Propius MachineSelector versions 6.6.0 and 6.6.1,...

Why Healthcare Cybercrime is the Perfect Storm

Its Friday night. You, your husband, and your two children are settling in for a fun pizza and movie night together. Unexpectedly, your elderly neighbor, Anne, calls in a panic. Her husband Steve is having severe chest pains. While Anne has already called emergency services, she asks that you com...

Addressing cybersecurity at the board level with Difenda and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Cybersecurity is no longer simply a lone silo or regulatory process; it is a business issue that affects every aspect of an organization. From financial losses to reputational damage...

Design/Logic Flaw

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

WEPA Print Away 安全漏洞

WEPA Print Away is a cloud-based print management solution organized by the University of Wisconsin-Milwaukee. A security vulnerability exists in WEPA Print Away that stems from not verifying that a user is authorized to access a document before generating a print order and associated release cod...

WEPA Print Away 跨站脚本漏洞

WEPA Print Away is a cloud-based print management solution organized by the University of Wisconsin-Milwaukee. WEPA Print Away has a security vulnerability that stems from not properly cleaning up uploaded file names. An attacker exploited the vulnerability to perform a cross-site scripting attac...

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based, local IT automation solution from ConnectWise USA. The product supports content management, file sharing, IT asset tracking and management, and more. A security vulnerability exists in ConnectWise Automate version 2022.11 that stems from vulnerability to...

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based, local IT automation solution from ConnectWise USA. The product supports content management, file sharing, IT asset tracking and management, and more. A security vulnerability exists in ConnectWise Automate version 2022.1 that stems from...

Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where the...

Secure your business like you secure your home: 5 steps to protect against cybercrime

Running a business requires a lot of determination and sometimes a leap of faith. Every day brings a new challenge, and many times it can feel like the stress and uncertainty are too much. That’s when you remind yourself why you took the leap—the satisfaction of realizing your own vision—and you...

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebas...

Abusing a GitHub Codespaces Feature For Malware Delivery

Proof of Concept POC: We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server...

Hallmark Channel: Securing the Season

How Crown Media protects its crown jewel It’s that time of year again…chestnuts roasting on an open-fire, kids making wish-lists, and company holiday parties where you can showcase your most outlandish ugly sweater. It’s also the time of year we all get a little bit less cynical and take in a...

The 5 Core Principles of the Zero-Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero-trust model, every organization should be actively moving in that...

On-Ramping Traffic to a Cloud-Based Secure Web Gateway

Though cloud-based secure web gateways SWGs eliminate many problems, it’s important to select the right approach to on-ramping traffic based on use case and protection level...

How businesses are gaining integrated data protection with Microsoft Purview

Currently, our interconnected world is creating 2.5 quintillion bytes of data every day.1 Every purchase made, every email sent, every contract signed: all of it gets shared, accessed, and stored. We take it on faith that organizations are doing all this safely; however, data loss is becoming a...

Secure your endpoints with Transparity and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Endpoint protection platforms EPPs are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ability to normalize and correlat...