azure

Azure Key Vault Tradecraft with BARK

Azure Key Vault Tradecraft with BARK

| | azure, cloud computing, Cybersecurity, information-technology, Microsoft
BriefThis post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of ...
Posts By SpecterOps Team Members - Medium

Microsoft’s August Security Update on High-Risk Vulnerabilities in Multiple Products

| | azure, Blog, CVE-2024-38106, CVE-2024-38107, CVE-2024-38189, CVE-2024-38193, CVE-2024-38213, Emergency Response, office, Windows vulnerability
Overview On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Hybrid Attack Paths, New Views and your favorite dog learns an old trick

Hybrid Attack Paths, New Views and your favorite dog learns an old trick

| | Active Directory, attack-path-management, azure, BloodHound, bloodhound-enterprise
Introducing Hybrid Attack PathsDeath from Above: An Attack Path from Azure to Active Directory With BloodHoundWhen we introduced Azure Attack Paths into BloodHound, they were added as a completely separate sub-graph. At no ...
Posts By SpecterOps Team Members - Medium
Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year

Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year

| | azure, Blog, Cybersecurity News, Zero Day Attacks, zero-day, zero-day attack
A severe zero-day vulnerability in Microsoft Windows, tracked as CVE-2024-38112, has been actively exploited by threat actors for at least 18 months. This security flaw in the Windows MSHTML Platform allows remote ...
MixMode

Several Linux Kernel Azure Vulnerabilities Fixed in Ubuntu

| | arbitrary code execution, azure, Denial-of-Service (DoS), end-of-life Linux, Extended Lifecycle Support, KernelCare Enterprise, Linux & Open Source News, Linux kernel Azure vulnerabilities, linux kernel patching, linux kernel vulnerabilities, linux live patching, live patching, Microsoft Azure Cloud, Race Condition Vulnerabilities, security patches, Ubuntu 16.04, Ubuntu 16.04 End of Life, Ubuntu 18.04 End of Life, ubuntu 18.04 security updates, Ubuntu 18.04 security vulnerabilities
Recently, Canonical released security updates to address several vulnerabilities in the Linux kernel for Microsoft Azure Cloud systems in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. An attacker could possibly use these ...
TuxCare
A Microsoft Windows “blue screen of death”

Global Outage Outrage: CrowdStrike Security Tool Blamed

| | azure, Azure cloud, cloud outage, CrowdStrike, CrowdStrike Falcon, CrowdStrike Falcon XDR, Downtime and outages, m365, Microsoft 365, Microsoft 365 (365), Microsoft 365 outage, Microsoft 365 service outage alert, Microsoft Azure, Microsoft Azure Security, outage, Outage Investigation, SB Blogwatch
BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide ...
Security Boulevard

Microsoft’s Security Update in July of High-Risk Vulnerabilities in Multiple Products

| | .NET Framework, azure, Blog, Emergency Response, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, security update, System Management Center, Windows
Overview On July 10, NSFOCUS CERT detected that Microsoft released a security update patch for July, which fixed 139 security issues involving Windows, Microsoft SQL Server, Microsoft Office, Azure and other widely ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
How Privileged Identity Management Affects Conditional Access Policies

How Privileged Identity Management Affects Conditional Access Policies

| | azure, Entra
IntroductionWhen administrators use directory roles (aka Entra ID roles) when configuring Conditional Access Policies (CAPs), users are not included in the enforcement of that CAP until after that user’s role assignment is ...
Posts By SpecterOps Team Members - Medium
Accelerating CMMC 2.0 Compliance for Defense Contractors with Microsoft Azure

Accelerating CMMC 2.0 Compliance for Defense Contractors with Microsoft Azure

| | azure, Blog, CMMC, Compliance, Defender for Cloud, ThreatAlert
Microsoft Azure provides a suite of highly integrated security services that provide a cost-effective solution for Defense contractors looking to meet the CMMC 2.0 requirements. The Cybersecurity Maturity Model Certification (CMMC) is ...
Blog Archives - stackArmor
A single, juicy raspberry on a plain, white background

Biden Review Board Gives Microsoft a Big, Fat Raspberry

| | Active Directory, Authentication, azure, Azure Active Directory, Azure AD, Azure security, cisa, CISA.gov, CSRB, Cyber Safety Review Board, Cybersecurity Infrastructure Security Administration, Entra ID, Exchange, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, Outlook.com, SB Blogwatch, Storm-0558
Storm-0558 forecast: Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says CISA ...
Security Boulevard
Load more