azure

Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products

| | azure, Blog, Emergency Response, Microsoft Dynamics, Microsoft Edge, Microsoft Office, Microsoft Visual Studio, Windows
Overview On January 14, NSFOCUS CERT detected that Microsoft released a security update patch for January, which fixed 159 security problems in widely used products such as Windows, Microsoft Office, Microsoft Visual ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Attacking Entra Metaverse: Part 1

Attacking Entra Metaverse: Part 1

| | attack-path-management, azure, Azure Active Directory, Offensive Security, Red Team
This is part one in a two (maybe three…) part series regarding attacker tradecraft around the syncing mechanics between Active Directory and Entra. This first blog post is a short one, and ...
Posts By SpecterOps Team Members - Medium
Unwrapping BloodHound v6.3 with Impact Analysis

Unwrapping BloodHound v6.3 with Impact Analysis

| | Active Directory, attack-path-management, azure, BloodHound, identity security
Just in time for the holidays, sharper tools for faster defenseToday, the SpecterOps team rolled out a number of new features, product enhancements, and recommendations intended to help users of BloodHound Enterprise and ...
Posts By SpecterOps Team Members - Medium
SPA is for Single-Page Abuse! - Using Single-Page Application Tokens to Enumerate Azure

SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure

| | azure, Cybersecurity, Entra ID, red-team-methodology
Author: Lance B. CainOverviewMicrosoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology ...
Posts By SpecterOps Team Members - Medium
Azure Key Vault Tradecraft with BARK

Azure Key Vault Tradecraft with BARK

| | azure, cloud computing, Cybersecurity, information-technology, Microsoft
BriefThis post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of ...
Posts By SpecterOps Team Members - Medium

Microsoft’s August Security Update on High-Risk Vulnerabilities in Multiple Products

| | azure, Blog, CVE-2024-38106, CVE-2024-38107, CVE-2024-38189, CVE-2024-38193, CVE-2024-38213, Emergency Response, office, Windows vulnerability
Overview On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Hybrid Attack Paths, New Views and your favorite dog learns an old trick

Hybrid Attack Paths, New Views and your favorite dog learns an old trick

| | Active Directory, attack-path-management, azure, BloodHound, bloodhound-enterprise
Introducing Hybrid Attack PathsDeath from Above: An Attack Path from Azure to Active Directory With BloodHoundWhen we introduced Azure Attack Paths into BloodHound, they were added as a completely separate sub-graph. At no ...
Posts By SpecterOps Team Members - Medium
Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year

Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year

| | azure, Blog, Cybersecurity News, Zero Day Attacks, zero-day, zero-day attack
A severe zero-day vulnerability in Microsoft Windows, tracked as CVE-2024-38112, has been actively exploited by threat actors for at least 18 months. This security flaw in the Windows MSHTML Platform allows remote ...
MixMode

Several Linux Kernel Azure Vulnerabilities Fixed in Ubuntu

| | arbitrary code execution, azure, Denial-of-Service (DoS), end-of-life Linux, Extended Lifecycle Support, KernelCare Enterprise, Linux & Open Source News, Linux kernel Azure vulnerabilities, linux kernel patching, linux kernel vulnerabilities, linux live patching, live patching, Microsoft Azure Cloud, Race Condition Vulnerabilities, security patches, Ubuntu 16.04, Ubuntu 16.04 End of Life, Ubuntu 18.04 End of Life, ubuntu 18.04 security updates, Ubuntu 18.04 security vulnerabilities
Recently, Canonical released security updates to address several vulnerabilities in the Linux kernel for Microsoft Azure Cloud systems in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. An attacker could possibly use these ...
TuxCare
A Microsoft Windows “blue screen of death”

Global Outage Outrage: CrowdStrike Security Tool Blamed

| | azure, Azure cloud, cloud outage, CrowdStrike, CrowdStrike Falcon, CrowdStrike Falcon XDR, Downtime and outages, m365, Microsoft 365, Microsoft 365 (365), Microsoft 365 outage, Microsoft 365 service outage alert, Microsoft Azure, Microsoft Azure Security, outage, Outage Investigation, SB Blogwatch
BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide ...
Security Boulevard
Load more