Exploits
THREAT ALERT: Malicious Code Implant in the UAParser.js Library
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them ...
Microsoft Publishes Veiled Mea Culpa Disguised as Research
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM—the threat actor behind the SolarWinds attacks—is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that ...
EDR Buyer’s Guide: Microsoft E5 Licenses and Security Risks
There is no shortage of options for security teams undergoing an evaluation of EDR and EPP solutions currently available to the market. With roughly 30 serious vendors focused specifically on EDR and ...
Microsoft’s Failure to Prioritize Security Puts Everyone at Risk
It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn’t release a patch to defend ...
The Proliferation of Zero-days
The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking ...
1,460-Day Old Known Vulnerability Catches Microsoft Off Guard
Vulnerabilities are a fact of life. I started my career in cybersecurity finding and exploiting those vulnerabilities to conduct nation-state offensive operations. I understand the simple reality that there is no such ...
Threat Analysis Report: PrintNightmare and Magniber Ransomware
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them ...
Microsoft Zero-Day-of-the-Month Club
When it comes to zero day attacks against Microsoft products, I often feel like Bill Murray’s character in the movie Groundhog Day. It seems like I keep waking up to the same ...
THREAT ALERT: Microsoft MSHTML Remote Code Execution Vulnerability
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them ...
CISO Stories Podcast: The Unpatchable Vulnerability that is Human Nature
Rachel Tobac, CEO of SocialProof Security, delves into the inner-workings of social engineering exploits where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human ...