GitHub

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories Read More »

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update)

Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update) Read More »

Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability

Microsoft has issued a workaround for a serious zero-day vulnerability CVE-2021–36934 dubbed “SeriousSAM” that could allow an attacker to read any registry hives as a non-administrator.

Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability Read More »

Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity

Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.

Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity Read More »

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks

Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks Read More »

XCSSET mac malware targets Xcode projects to deliver malicious payloads

Security researchers have discovered a new mac malware dubbed XCSSET. The malware not only inserts malicious code into XCode projects, but also leverages two zero-days to exploit a flaw in Data Vaults and plant a JavaScript backdoor in Safari.

XCSSET mac malware targets Xcode projects to deliver malicious payloads Read More »