7 matches found
Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
In recent weeks, the Microsoft Threat Intelligence Center MSTIC and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high...
Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins...
CVE-2019-0819
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'...
CVE-2017-8516
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability"...
Microsoft Offers Analysis of Zero-Day Exploited By Zirconium Group
Microsoft has released technical details on a zero-day vulnerability being exploited by a little-known APT group known as Zirconium. According to the company the vulnerability CVE-2017-0005 affects mostly older versions of Windows and can allow an adversary to execute remote code if a user either...
Analysis of the New Adobe Flash Attacks
When Adobe warned customers earlier this week about a newly discovered vulnerability in the Flash Player software, company officials said that there were already attacks underway against the bug. Those attacks are using malicious Flash files buried in Word documents and Microsoft’s security...