Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration
Description: Vulnerabilities in Microsoft Azure Data Factory's integration with Apache Airflow can lead to unauthorized access and control over cloud resources. The post Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration appeared first on Unit 42.
Source: Palo Alto Unit42
December 18th, 2024 (5 months ago)
Researchers Crack Microsoft Azure MFA in an Hour
Description: A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
Source: Dark Reading
December 11th, 2024 (5 months ago)
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
Description: The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically
Source: TheHackerNews
December 11th, 2024 (5 months ago)
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Description: Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
Source: TheHackerNews
December 11th, 2024 (5 months ago)
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
Description: Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
Source: TheHackerNews
December 11th, 2024 (5 months ago)
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
Description: The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
Source: Dark Reading
December 10th, 2024 (5 months ago)
Windows 10 KB5048652 update fixes new motherboard activation bug
Description: Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device's motherboard. [...]
Source: BleepingComputer
December 10th, 2024 (5 months ago)
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Description: Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. [...]
Source: BleepingComputer
December 10th, 2024 (5 months ago)
Windows 11 KB5048667 & KB5048685 cumulative updates released
Description: Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
Source: BleepingComputer
December 10th, 2024 (5 months ago)
Microsoft 365 outage takes down Office web apps, admin center
Description: Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. [...]
Source: BleepingComputer
December 10th, 2024 (5 months ago)