reader comments 20 with 16 posters participating Share this story A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute-forcing on vulnerable Azure servers. Although Microsoft had initially… Read More »
reader comments 8 with 8 posters participating Share this story Imagine having unlimited attempts to guess someone’s username and password without getting caught. That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no visibility into the attacker’s actions, let alone the possibility of blocking them. A newly discovered… Read More »
Enlarge / If you own the right domain, you can intercept hundreds of thousands of innocent third parties’ email credentials, just by operating a standard webserver. reader comments 35 with 25 posters participating, including story author Share this story Security researcher Amit Serper of Guardicore discovered a severe flaw in Microsoft’s autodiscover—the protocol which allows… Read More »
reader comments 37 with 30 posters participating Share this story A code execution bug in Apple’s macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn’t fully patched it yet, as tested by Ars. Those shortcut files can take over your Mac Independent security researcher Park Minchan… Read More »
Getty Images reader comments 38 with 32 posters participating Share this story A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in… Read More »
Aurich Lawson | Getty Images reader comments 44 with 39 posters participating Share this story Apple has released several security updates this week to patch a “FORCEDENTRY” vulnerability on iOS devices. The “zero-click, zero-day” vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known… Read More »
Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. reader comments 31 with 20 posters participating, including story author Share this story Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure.… Read More »
Enlarge / Cosmos DB is a managed database service offering—including both relational and noSQL data structures—belonging to Microsoft’s Azure cloud infrastructure. reader comments 44 with 22 posters participating, including story author Share this story Cloud security vendor Wiz announced yesterday that it found a vulnerability in Microsoft Azure’s managed database service, Cosmos DB, that granted… Read More »
reader comments 106 with 75 posters participating, including story author Share this story This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File… Read More »