Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

SharePoint RCE bug resurfaces three months after being patched by Microsoft

Deserialization vulnerabilities are hard to fix

PortSwigger
Open in Source
#vulnerability#web#microsoft#rce#auth
Why MRG-Effitas matters to SMBs

The 360° Assessment & Certification from MRG-Effitas can offer guidance to SMBs looking for a simple, effective cybersecurity product. The post Why MRG-Effitas matters to SMBs appeared first on Malwarebytes Labs.

Secure Email Gateway Vs. Integrated Cloud Email Security (SEG Vs. ICES) – What’s the difference, and which should my business use?

By Waqas When you think of phishing or any form of internet crime, many believe this is something completely remote… This is a post from HackRead.com Read the original post: Secure Email Gateway Vs. Integrated Cloud Email Security (SEG Vs. ICES) – What’s the difference, and which should my business use?

Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US

By Deeba Ahmed Cobalt Mirage is an Irani threat group believed to be linked to the Iranian Cobalt Illusion threat group,… This is a post from HackRead.com Read the original post: Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

Malwarebytes Threat Intelligence has uncovered an attack using the lure of information about the war in Ukraine to target people in Germany. The post Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis appeared first on Malwarebytes Labs.

CVE-2022-25865: Fix git fetch - addresses a potential security concern regarding git fetch by kenotron · Pull Request #103 · microsoft/workspace-tools

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

CVE-2022-25865: Fix git fetch - addresses a potential security concern regarding git fetch by kenotron · Pull Request #103 · microsoft/workspace-tools

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Threat Roundup for May 6 to May 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 6 and May 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.