#microsoft

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name : The word dog in Spanish is “perro” @p3RR0.

From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.

Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows.

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

Attackers appear to have found a way around PowerShell monitoring by using a default utility instead.

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind�, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind� and/or “anonymous bind� are not affected.

Transparency and inter-team collaboration key amid escalating threats and compliance requirements

By Waqas Essentially, ransom DDoS attacks are just DDoS with a ransom demand but a sudden increase in these attacks… This is a post from HackRead.com Read the original post: The Growing Threat of Ransom DDoS Attacks Requires Effective Prevention and Mitigation