Citrix XML Services Configured for Farm Controller Fails to Respond to XML Service Transaction

Citrix XML Services configured for farm Controller fails to respond to XML Service transaction after installing Microsoft KB2919355 on Controllers. Uninstalling the patch KB2919355 on Windows 2012 R2 Controller resolves this issue...

QakBot attacks with Windows zero-day (CVE-2024-30051)

In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a...

Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to run multiple operating systems as virtual...

Security Updates for Microsoft SQL Server (January 2024)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture. Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities...

Unraveling the Intricate Arsenal of Stayin’ Alive Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a Chromium fi...

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs. Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays...

Actors, Threats and Vulnerabilities 08 to 14 May 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, identified a total of nine attacks that were executed. Additionally, HiveForce Labs identified four different...

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

Welcome to this weeks edition of the Threat Source newsletter. Law enforcement organizations across the globe notched a series of wins over the past few weeks against online forums for cybercriminals. On March 23, the FBI announced it disrupted the online cybercriminal marketplace BreachForums,...

Actors, Threats and Vulnerabilities 13 March to 19 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Over the past week, Hive Pro detected the presence of five active threat actors. The first of these is Dark Pink APT, a notorious group with a history of engaging in informati...

Security Updates for Microsoft Excel Products (March 2023)

The Microsoft Excel Products are missing security updates. They are, therefore, affected by multiple vulnerabilities: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2023-23398 - A remote code execution...

Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link for Russia: This month I decided to change the format a bit. Now I share my impression of Microsoft...

Microsoft Patch Tuesday January 2023: ALPC EoP, Win Backup EoP, LocalPotato, Exchange, Remote RCEs

Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilitie...

Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 98 vulnerabilities. Of these vulnerabilities, 11 are classified as "Critical", 87 are classified as "Important", no vulnerability classified as "Moderate." According to Microsoft all "Critical" vulnerability are either less...

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in...

QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield

Day two of QSC profiled the special launch of the Qualys Threat Research Unit, TRU. Taking the audience through a madcap tour of what the threat research unit is doing to provide intelligence and actionable insights into its census was Travis Smith, VP of Qualys Threat Research Unit. He dove deep...

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service DoS. The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol MS-EVEN, which enables...

Patch Tuesday - October 2022

The October batch of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser. Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities...

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five...

Weekly Threat Digest: 9-15 May 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 650 3 1 14 10 13 The second week of May 2022 witnessed the discovery of 650 vulnerabilities out of which 3 gained...