16 matches found
8 best practices for CISOs conducting risk reviews
The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...
CVE-2021-43890
creationtimestamp| type| source ---|---|--- 2021-12-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=704 2021-12-15 17:34:38+00:00| seen| https://t.me/truesecator/2447 2021-12-15 18:20:35+00:00| seen| https://t.me/cibsecurity/34035 2022-02-06 21:38:36+00:00| exploited|...
NOBELIUM Attacks on Cloud Services and other Technologies
Microsoft has released a blog on NOBELIUM attacks on cloud services and other technologies. CISA urges users and administrators to review NOBELIUM targeting delegated administrative privileges to facilitate broader attacks and apply the necessary mitigations. This product is provided subject to...
Practical tips on how to use application security testing and testing standards
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Daniel Cuthbert, Global Head of Security...
CVE-2021-33766
creationtimestamp| type| source ---|---|--- 2021-04-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/04/april-2021-update-tuesday-packages-now-available/ 2021-08-30 20:48:52+00:00| seen| https://t.me/cibsecurity/28015 2021-08-30 21:16:05+00:00| seen| https://t.me/cKure/6874 2021-08-3...
Threat Source newsletter (Feb. 11, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have an update on LodaRAT, a trojan we’ve been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user’s credentials and monitor things like their phone calls and...
CVE-2021-24074
creationtimestamp| type| source ---|---|--- 2021-02-09 07:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/02/multiple-security-updates-affecting-tcp-ip/ 2021-02-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=550 2021-02-11 16:46:36+00:00|...
CVE-2019-1181
creationtimestamp| type| source ---|---|--- 2019-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2019/08/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ 2019-08-13 23:12:13+00:00| seen| https://t.me/cybershit/558 2019-08-14 04:00:00+00:00| seen|...
CVE-2018-3646
creationtimestamp| type| source ---|---|--- 2018-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2018/08/analysis-and-mitigation-of-l1-terminal-fault-l1tf/ 2018-08-15 21:03:32+00:00| seen| https://t.me/canyoupwnme/4249 2018-09-02 06:22:17+00:00| seen| https://t.me/QubesOS/248...
CVE-2018-3620
creationtimestamp| type| source ---|---|--- 2018-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2018/08/analysis-and-mitigation-of-l1-terminal-fault-l1tf/ 2018-08-15 21:03:32+00:00| seen| https://t.me/canyoupwnme/4249 2018-09-02 06:22:17+00:00| seen| https://t.me/QubesOS/248...
CVE-2018-3639
creationtimestamp| type| source ---|---|--- 2018-05-21 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2018/05/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ 2018-05-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44695 2018-05-22 07:26:30+00:00| seen|...
CVE-2017-5754
creationtimestamp| type| source ---|---|--- 2018-01-04 04:07:06+00:00| exploited| https://t.me/BleepingComputer/2305 2018-01-05 14:03:36+00:00| exploited| https://t.me/antichat/566 2018-01-05 14:18:35+00:00| exploited| https://t.me/alexmakus/1614 2018-03-14 15:55:35+00:00| exploited|...
blogs.partner.microsoft.com XSS vulnerability
Vulnerable URL: https://blogs.partner.microsoft.com/mpn/top-social-media-tips-to-connect-with-customers/?ln=" menik Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...
Radancy: XSS risk reduction with X-XSS-Protection: 1; mode=block header
As you can read for example on this Microsoft blog http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx: " ... X-XSS-Protection: 1; mode=block When this token is present, if a potential XSS Reflection attack...
CVE-2014-6324
creationtimestamp| type| source ---|---|--- 2014-11-18 07:00:00+00:00| seen| https://msrc.microsoft.com/blog/2014/11/additional-information-about-cve-2014-6324/ 2014-12-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35474 2018-05-29 15:50:33+00:00| seen|...
CVE-2014-4073
creationtimestamp| type| source ---|---|--- 2014-10-14 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2014/10/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability/...