Azure

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA

The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA Read More »

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days) Read More »

Microsoft February 2022 Security Updates (fixes for 16 RCEs, 1 zero-day) 

It was a relatively light Patch Tuesday for Microsoft this month. The Microsoft February 2022 Security Updates includes patches and advisories for 50 vulnerabilities, 16 of those remote code execution flaws and one zero-day (CVE-2022-21989). None are rated Critical.

Microsoft February 2022 Security Updates (fixes for 16 RCEs, 1 zero-day)  Read More »

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories Read More »

Microsoft issues new guidance on OMI vulnerabilities within Azure VM Management extensions

Microsoft has published new guidance on Open Management Infrastructure (OMI) vulnerabilities within Azure virtual management (VM) Management extensions.

Microsoft issues new guidance on OMI vulnerabilities within Azure VM Management extensions Read More »

Microsoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack

Microsoft has released the September 2021 Security updates that includes patches for 66 vulnerabilities, 3 of those rated Critical. The updates also include a fix for one zero-day bug in MSHTML (CVE-2021-40444) exploited in the wild.

Microsoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack Read More »

“BadAlloc” vulnerabilities impact broad range of IoT and OT devices

Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed “BadAlloc” that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.

“BadAlloc” vulnerabilities impact broad range of IoT and OT devices Read More »

Microsoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities

Microsoft has released the April 2021 Security updates that includes patches for 114 vulnerabilities, 19 of those rated Critical. The updates also include fixes for multiple Microsoft Exchange flaws that have a higher likelihood of being exploited.

Microsoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities Read More »

CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

The DHS CISA cybersecurity team just released a new tool dubbed CHIRP, a forensics collection tool designed to help network defenders scan for indicators of compromise (IOCs) associated with the SolarWinds Orion and Active Directory/M365 compromise and cyberattacks.

CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks Read More »