Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.
"A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a
January 16th, 2025 (4 months ago)
|
CVE-2024-7344 |
Description: Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems.
The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new
EPSS Score: 0.04%
January 16th, 2025 (4 months ago)
|
|
|
Description: CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. [...]
January 15th, 2025 (4 months ago)
|
|
|
Description: Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs.
The playbook details analytical methodologies tied to using these logs. Specifically, the playbook offers:
An overview of the newly introduced logs in Microsoft Purview Audit (Standard) that enable organizations to conduct forensic and compliance investigations by accessing critical events (e.g., mail items accessed, mail items sent, and user searches in SharePoint Online and Exchange Online).
A description of administration/enabling actions and ingestion of these logs to Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems.
A discussion of significant events in other M365 services, such as Teams.
CISA encourages organizations to use the playbook to make newly available logs an actionable part of their enterprise cybersecurity operations.
January 15th, 2025 (4 months ago)
|
|
|
Description: Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker. [...]
January 15th, 2025 (4 months ago)
|
|
CVE-2024-7344 |
Description: Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks.
Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned
EPSS Score: 0.04%
January 15th, 2025 (4 months ago)
|
|
|
January 15th, 2025 (4 months ago)
|
|
|
Description: Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
January 14th, 2025 (4 months ago)
|
|
|
Description: Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. [...]
January 14th, 2025 (4 months ago)
|
|
|
Description: Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
January 14th, 2025 (4 months ago)
|