Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. It is used to protect...

GHSA-PH2H-HH49-VH27 OpenStack Nova Denial of Service in network source security groups

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

Best practices for defending Azure Virtual Machines

One of the things that our Detection and Response Team DART and Customer Service and Support CSS security teams see frequently during investigation of customer incidents are attacks on virtual machines from the internet. This is one area in the cloud security shared responsibility model where...

PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple...

Microsoft Pushes Azure Users to Patch Linux Systems

Microsoft is warning customers that some Azure installations are vulnerable to a recently-disclosed critical Linux Exim mail server flaw that is under active attack. The warning comes after a widespread worm campaign was disclosed on Friday, targeting a flaw in the Exim mail transport agent MTA,...

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution RCE vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS...

Microsoft Azure Cloud Security Auditing: Azurite

Microsoft Azure Cloud Security Auditing Auditing Cloud services has become an essential task and significant effort is required to assess the security of the available resources. Azurite was developed to assist penetration testers and auditors during the enumeration and reconnaissance activities...

OpenStack: Nova network source security groups denial of service

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...