microsoft

Disneyland Malware Team: It’s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

2 years ago

Krebs on Security

Open in Source

#web #mac #windows #microsoft #linux #ddos #dos #git #pdf #auth #blog

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security and privacy guarantees provided by state-of-the-art ML algorithms – indeed this is one of Microsoft’s Responsible AI Principles.

2 years ago

msrc-blog

Open in Source

#mac #microsoft #git #intel

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security and privacy guarantees provided by state-of-the-art ML algorithms – indeed this is one of Microsoft’s Responsible AI Principles.

2 years ago

msrc-blog

Open in Source

#mac #microsoft

Vulnerability Spotlight: Microsoft Office class attribute double-free vulnerability

Marcin 'Icewall’ Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a class attribute double-free vulnerability in Microsoft Office. Microsoft Office is a suite of tools used for productivity in both a corporate environment as well as by end-users. It offers a range of tools that

2 years ago

TALOS

Open in Source

#vulnerability #microsoft #cisco

Cisco Secure Email Gateway Malware Detection Evasion

Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with the gateway, to evade detection of malicious payloads by anti-virus components on the gateway. This exploit was successfully tested with a zip file containing the Eicar test virus and Cisco Secure Email Gateways with AsyncOS 14.2.0-620, 14.0.0-698, and others. An affected Email Client was Mozilla Thunderbird 91.11.0 (64-bit).

2 years ago

Packet Storm

Open in Source

#microsoft #ubuntu #cisco #git

Red Canary Provides First-Ever MITRE Engenuity™ ATT&CK® Evaluations for Managed Services

.

2 years ago

DARKReading

Open in Source

#microsoft #ssl

CVE-2022-38167: Process Management and Workflow Automation Software - Nintex

The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.

2 years ago

CVE

Open in Source

#xss #microsoft #git #intel

CVE-2022-43693: Release 8.5.10 · concretecms/concretecms

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.

2 years ago

CVE

Open in Source

#xss #csrf #microsoft #perl #oauth #auth

Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution

Backdoor.Win32.RemServ.d malware suffers from a remote command execution vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #web #windows #microsoft #redis #backdoor #auth

Avatier Achieves ISO 27001 Certification for its Information Security Management System

Designation recognizes highest caliber of information security.