Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024.
The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting
January 17th, 2025 (3 months ago)
|
|
|
January 17th, 2025 (3 months ago)
|
|
|
Description: Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. [...]
January 16th, 2025 (3 months ago)
|
CVE-2024-7344 |
Description: A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. [...]
EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
|
Description: Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.
"A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a
January 16th, 2025 (3 months ago)
|
|
CVE-2024-7344 |
Description: Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems.
The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new
EPSS Score: 0.04%
January 16th, 2025 (3 months ago)
|
|
CVE-2024-49132 |
Description: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 16th, 2025 (3 months ago)
|
|
CVE-2024-49127 |
Description: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 16th, 2025 (3 months ago)
|
|
|
Description: CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. [...]
January 15th, 2025 (3 months ago)
|
|
|
Description: Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs.
The playbook details analytical methodologies tied to using these logs. Specifically, the playbook offers:
An overview of the newly introduced logs in Microsoft Purview Audit (Standard) that enable organizations to conduct forensic and compliance investigations by accessing critical events (e.g., mail items accessed, mail items sent, and user searches in SharePoint Online and Exchange Online).
A description of administration/enabling actions and ingestion of these logs to Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems.
A discussion of significant events in other M365 services, such as Teams.
CISA encourages organizations to use the playbook to make newly available logs an actionable part of their enterprise cybersecurity operations.
January 15th, 2025 (3 months ago)
|