Aggregator

微软Exchange漏洞攻击者行为分析

At Akamai, the Enterprise Security Red Team (ESRT) continuously strives to evaluate the security of both our external and internal services.

Summary Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium. Threat Type Vulnerability Overview Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements o

Summary Microsoft has finally fixed a vulnerability initially disclosed by a Tenable researcher back in January 2021. Threat Type Vulnerability Overview A component of Microsoft's Sysinternals utility was found in January 2021 to be vulnerable to privilege escalation. According to the release notes from Microsoft: "This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necess

Summary In mid-February, several vulnerabilities were attacked, according to researchers with Unit 42 of Palo Alto Networks. As of this writing, the attacks are ongoing. Unit 42 provides information about these attacks and the malware discovered during analysis. Threat Type Malware Overview Threat actors have been busy with exploits against several vulnerabilities, some of which are rated as critical. Among the vulnerabilities being exploited are VisualDoor, CVE-2020-25506, CVE-2021-27561, CVE-2021-27562, C

Summary PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products. Threat Type Vulnerability Overview PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products. This content update is compatible with IBM QRadar Network Security Firmware v

众所周知，C 语言中使用字符数组来表示字符串，并在字符串末尾使用空字符 \0 标识字符串结束。 如果字符串中包含 \0 或者二进制数据，就会导致 strlen 函数获取的长度跟字符

本篇我们继续分享一些关于华为智联旗下小豚AI摄像头的研究内容

Summary A variety of threat actors have been exploiting the ProxyLogon vulnerability in order to carry out malicious activities. Sophos identified the operators of the Black KingDom ransomware also taking advantage of this exploit in a recent campaign. Threat Type Ransomware Overview Sophos published a blog post analyzing Black KingDom's use of the ProxyLogon exploit to distribute its ransomware payloads. After exploiting ProxyLogon ( CVE-2021-27065 ) on vulnerable on-premise versions of Microsoft Exchange

Summary The ICS-CERT has published four advisories that affect Weintek EasyWeb cMT, GE MU320E, GE Reason DR60, and Ovarro TBox. Threat Type Vulnerability Overview The ICS-CERT has published four advisories that affect Weintek EasyWeb cMT, GE MU320E, GE Reason DR60, and Ovarro TBox. Further information is available from the advisories, which are summarized below. ICS Advisory ICSA-21-082-01 - Weintek EasyWeb cMT CVE-2021-27446 - The Weintek cMT product line is vulnerable to Code Injection, which may allow an

Google 如何通过电力超售在数据中心部署更多的机器

Summary Necro, a classic botnet family, first discovered in 2015, was written in Python. On March 2nd, Netlab 360 discovered two samples of a new variant of Necro. Keksec, also known as Kek Security is the threat actor group responsible for the botnet. The botnet has been found on both Windows and Linux systems. Threat Type Malware, Botnet, Cryptomining Overview Necro, a classic botnet family first discovered in 2015, was written in Python. On March 2nd, Netlab 360 discovered two samples of a new variant of

Summary PAM update 4103.18182 contains 7 new events, 0 new moderate event responses, and 0 new aggressive event responses. Threat Type Vulnerability Overview PAM update 4103.18182 contains 7 new events, 0 new moderate event responses, and 0 new aggressive event responses. This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Net

Akamai hit a new milestone last week when web traffic delivered across our edge network peaked at 200 terabits per second (Tbps).

The past month has been a very dynamic time in the world of security for hackers and threat researchers, but it has been an extended nightmare for CSOs responsible for securing their enterprise networks.

The Akamai Foundation was set up in 2018 to improve the impact and focus of our long-term philanthropic activities.

Summary Analysts from the Malware Hunter Team have discovered a new tactic being employed by threat actors: Windows Safe Mode Encryption. Bleeping Computer has published an article on the details of the boot mode ransomware encryption technique. Threat Type Vulnerability, Ransomware Overview REvil has added the ability to encrypt files even in Windows Safe Mode. This mode allows users to troubleshoot the operating system for errors. Safe Mode prevents startup menu items from starting and only allows the bar

Three years of reported security incidents shows continued growth in denial-of-service and password login attacks such as brute force and credential stuffing.

Summary IBM X-Force Threat Intelligence has published a report on ITG14 and their shift from Point-of-Sale (POS) systems to ransomware and the emersion of new TTPs for the group. Threat Type Malware, Ransomware,Phishing, VBS, PowerShell, Backdoor Overview IBM X-Force Threat Intelligence has published a report on ITG14, which shares overlap with FIN7 and CARBON SPIDER, and its latest shift from Point-of-Sale (POS) systems to ransomware with new TTPs. X-Force analysts have concluded the latest campaign is aff