vulnerability
NOBELIUM Demonstrates Why Microsoft Is the Weakest Link
Microsoft platforms and products are ubiquitous. Government agencies and companies of all sizes and industries around the world rely on Microsoft software to get things done. They are also riddled with security ...
THREAT ALERT: Malicious Code Implant in the UAParser.js Library
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them ...
Microsoft Publishes Veiled Mea Culpa Disguised as Research
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM—the threat actor behind the SolarWinds attacks—is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that ...
EDR Buyer’s Guide: Microsoft E5 Licenses and Security Risks
There is no shortage of options for security teams undergoing an evaluation of EDR and EPP solutions currently available to the market. With roughly 30 serious vendors focused specifically on EDR and ...
Popular npm Project Used by Millions Hijacked in Supply-Chain Attack
Last week, Sonatype reported our discovery of three malicious npm cryptomining packages on npm: klow, klown, and okhsa. These packages, which infiltrated the npm registry between October 12th and 15th, installed Monero ...
Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)
Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)And if you think your are safe (as you recently procured a well marketed commercial open source dependency scanner) is when you are most in danger ...
What Pandemic Responses Teach Us About Cybersecurity
I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full ...
Microsoft’s Failure to Prioritize Security Puts Everyone at Risk
It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn’t release a patch to defend ...
1,460-Day Old Known Vulnerability Catches Microsoft Off Guard
Vulnerabilities are a fact of life. I started my career in cybersecurity finding and exploiting those vulnerabilities to conduct nation-state offensive operations. I understand the simple reality that there is no such ...
Threat Analysis Report: PrintNightmare and Magniber Ransomware
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them ...