Hot Topics

vulnerability

NOBELIUM Demonstrates  Why Microsoft Is the Weakest Link

NOBELIUM Demonstrates  Why Microsoft Is the Weakest Link

| | azure, cyberattack, cybercrime, E5 License, Exploits, Lior Blog, Lior Div, Microsoft, microsoft defender, Microsoft Exchange, NOBELIUM, RansomOps, Ransomware, Russia, SolarWinds Attacks, Vulnerabilities, vulnerability
Microsoft platforms and products are ubiquitous. Government agencies and companies of all sizes and industries around the world rely on Microsoft software to get things done. They are also riddled with security ...
Blog
THREAT ALERT: Malicious Code Implant in the UAParser.js Library

THREAT ALERT: Malicious Code Implant in the UAParser.js Library

| | cryptominer, cyberattack, Cybereason Defense Platform, Cybersecurity, EDR, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, EPP, Exploits, Infosec, Malop, Malware, managed detection and response, managed security services provider, mdr, security, Security Operations Center, SOC, Threat Alerts, Threat Intelligence, UAParser.js Library, Unified Endpoint Security, Vulnerabilities, vulnerability
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them ...
Blog
Microsoft Publishes Veiled Mea Culpa Disguised as Research

Microsoft Publishes Veiled Mea Culpa Disguised as Research

| | E5 License, EDR, endpoint detection and response, Endpoint Protection Platform, EPP, Exploits, Extended Detection and Response, Microsoft, Microsoft Exchange, Nation-state Attack, SolarWinds Attacks, Unified Endpoint Security, Vulnerabilities, vulnerability, XDR
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM—the threat actor behind the SolarWinds attacks—is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that ...
Blog
EDR Buyer’s Guide: Microsoft E5 Licenses and Security Risks

EDR Buyer’s Guide: Microsoft E5 Licenses and Security Risks

| | Buyer's Guide, E5 License, EDR, endpoint detection and response, Endpoint Protection Platform, enterprise security, Exploits, Microsoft, microsoft defender, Network Security, Resource, ResourcesCat, Unified Endpoint Security, Vulnerabilities, vulnerability, White Paper, White Papers, whitepaper
There is no shortage of options for security teams undergoing an evaluation of EDR and EPP solutions currently available to the market. With roughly 30 serious vendors focused specifically on EDR and ...
Blog

Popular npm Project Used by Millions Hijacked in Supply-Chain Attack

| | FEATURED, Nexus Intelligence Insights, vulnerability
Last week, Sonatype reported our discovery of three malicious npm cryptomining packages on npm: klow, klown, and okhsa. These packages, which infiltrated the npm registry between October 12th and 15th, installed Monero ...
Sonatype Blog
t2 / 2016 - Learning the wrong lessons from Offense (Haroon Meer)

Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)

| | nodejs, npm, supply chain, vulnerability
Evolving Threat series — Infiltrating NPM’s Supply Chain (UA-Parser-js)And if you think your are safe (as you recently procured a well marketed commercial open source dependency scanner) is when you are most in danger ...
ShiftLeft Blog - Medium

What Pandemic Responses Teach Us About Cybersecurity

| | Risk Managment, risk mitigation, vulnerability, Vulnerability Management, vulnerability risk
I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full ...
The State of Security
Microsoft’s Failure to Prioritize Security Puts Everyone at Risk

Microsoft’s Failure to Prioritize Security Puts Everyone at Risk

| | Anti-Ransomware, antivirus, Cybereason Anti-Ransomware Solution, EDR, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, enterprise security, EPP, Exploits, Extended Detection and Response, Hafnium, Microsoft, microsoft defender, Microsoft Exchange, Microsoft Hypertext Markup Language, Network Security, Next Generation Antivirus, ngav, ProxyLogon, ProxyShell, SolarWinds Attacks, Unified Endpoint Security, Vulnerabilities, vulnerability
It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn’t release a patch to defend ...
Blog
1,460-Day Old Known Vulnerability Catches Microsoft Off Guard

1,460-Day Old Known Vulnerability Catches Microsoft Off Guard

| | AI, Artificial Intelligence, Azurescape, Cybereason Defense Platform, Cybereason XDR Platform, EDR, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, Exploits, Hafnium, Lior Blog, machine learning, Microsoft, Microsoft Exchange, Microsoft Hypertext Markup Language, MSHTML, Next Generation Antivirus, ngav, PrintNightmare, SolarWinds Attacks, Unified Endpoint Security, Vulnerabilities, vulnerability, XDR, zero-day
Vulnerabilities are a fact of life. I started my career in cybersecurity finding and exploiting those vulnerabilities to conduct nation-state offensive operations. I understand the simple reality that there is no such ...
Blog
Threat Analysis Report: PrintNightmare and Magniber Ransomware

Threat Analysis Report: PrintNightmare and Magniber Ransomware

| | CVE-2021-34481, CVE-2021-34527, cyberattack, Cybereason Defense Platform, Cybereason XDR Platform, EDR, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, enterprise security, EPP, Exploits, Extended Detection and Response, Incident Response, Magniber Ransomware, Malware, managed detection and response, managed security services provider, mdr, Microsoft, MITRE ATT&CK Framework, Multi-Stage Ransomware, PrintNightmare, RansomOps, Ransomware, rce, research, Threat Analysis Report, Unified Endpoint Security, Vulnerabilities, vulnerability
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them ...
Blog
Load more