Microsoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.

Microsoft has released a stand-alone version of Defender for Business for small-to-midsize businesses (SMBs), which the company says will provide endpoint security on par with that of a large enterprise. 

A Microsoft survey found that 70% of SMBs are worried about the business risk that cybersecurity poses, and while 80% of SMBs said they have antivirus protection, 93%  still have concerns about cybersecurity threats. 

Microsoft said Defender for Business can help automate the protection, detection, and response tasks that can bog down SecOps 

"Automated investigation and remediation are a huge part of the product," Adam Atwell, cloud solutions architect at consulting firm Kite Technology Group, said in a statement. "It's just happening in the background. Defender for Business makes our security so simple."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Microsoft Releases Defender for SMBs

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.

CVE-2022-28940: 0day/新华三magicR100存在DOS攻击漏洞分析.md at main · zhefox/0day

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.

**12 years of experience**

On the eCommerce market

**60,000+ live shops**

From SMB to Enterprise  
10,000+ new stores every year

**150+ partners**

From 40+ countries

**1,500+ integrations**

Plugins, themes, language packs

**250,000+ members**

Community worldwide

**3,000,000+ downloads**

And the number is still growing

**For every size and type of business**

**Small and medium business**

Quickly launch and scale your online store with rich built-in functionality: integration with payment and shipment services; warehouse managing; marketing and SEO tools; and mobile-friendly stores.

**Enterprise business**

Use multi-vendor and multi-store functionality (B2B and B2C). Get the maximum advantage of enterprise-grade performance. Easy integration and limitless customization opportunities.

**Global business**

A flexible system to fit your demands: GDPR; multi-currencies and multi-languages; regional taxes and laws support; management of multiple international stores; integration with local services and suppliers.

**Why nopCommerce**

**Absolutely free**

No transaction fee.  
No monthly fees.  
No hidden fees.

**PCI DSS compliant**

Meet all security requirements for all kinds of businesses

**Unlimited customization**

You’re not limited by our built-in functionality because we’re open-source

**Great Support**

Our team and our community is always here to help you

**Testimonials**

If you are a .NET developer looking for an eCommerce platform you should consider nopCommerce. It is both a great extensible eCommerce platform and supports the latest versions of .NET

Scott Hunter,  
Director of Program Management for the .NET Platform at Microsoft (USA)

nopCommerce is a fantastic open-source, stable, and super extensible eCommerce platform based on cross-platform .NET Core! It's perfect for any size business.

Scott Hanselman,  
Principal Community Architect, Microsoft (USA)

Besides having a rich out-of-the-box functionality, the platform is also flexible in terms of additional customization and gives an opportunity to integrate with different corporate systems, which made it a perfect fit for us.

Boris Kulaev,  
Head of eCommerce Harman RUS CIS

Read case study

With nopCommerce we are able to create the optimal eCommerce system according to our customer’s needs. The modern and sophisticated backend of nopCommerce allows fast and simple configuration of the shop.

José Lopez,  
CEO of JMC Software AG (Switzerland)

Play case study

We like nopCommerce because it’s a platform with a very well-structured architecture that enables its modification greatly since it’s open-source. nopCommerce can be easily adapted to cover the needs of every one of our customers.

Eduardo Adame,  
General Director of Tecnofin (Mexico)

Play case study

As a platform, nopCommerce supports us very well because the architecture is very good. We needed a secure, Microsoft-compatible solution for a customer that was multi-store capable and nopCommerce fitted this description best.

Tobias Derucki,  
Managing Partner at Innovapps (Germany)

View the testimonial

I would recommend nopCommerce because it has an easy-to-use interface and you don’t have to be an IT-master to use it. You can be a marketing professional, create the content, manage the pricing and categories, and do it very easy.

Dana Koman,  
Marketing Manager of TACO Metals (USA)

View the testimonial

**Our clients**

*   
*   
*   
*   
*   
*   
*   
*   

**Integrated with all services**

**Create a successful store with nopCommerce!**

CVE-2022-27461: Free and open-source eCommerce platform. ASP.NET based shopping cart.

An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable.

**What happened?**

The details of this bug have been sent to @DavidXanatos by email on March 21. This issue only serves to track the fixing (that is, if this is confirmed to be a real bug) progress publicly.

In short, I've found a bug in Sandboxie that presumably lets an attacker break out of the sandbox. This has yet to be confirmed by the developers, though.

**To Reproduce**

Described in the email.

**Expected behavior**

Sandboxed programs should not be allowed to escape.

**What is your Windows edition and version?**

Windows 10 Home 20H2 (19042.1466) 64-bit

**In which Windows account you have this problem?**

A local or Microsoft account without special changes.

**Please mention any installed security software**

Built-in realtime protection in Windows 10

**What version of Sandboxie are you running?**

Sandboxie Classic v5.55.13 64-bit

**Is it a regression?**

_No response_

**List of affected browsers**

_No response_

**In which sandbox type you have this problem?**

I only reproduced it with Sandboxie Classic.

**Is the sandboxed program also installed outside the sandbox?**

No, it is not installed in the real system.

**Can you reproduce this problem on an empty sandbox?**

I can confirm it also on an empty sandbox.

**Did you previously enable some security policy settings outside Sandboxie?**

_No response_

**Crash dump**

_No response_

**Trace log**

_No response_

**Sandboxie.ini configuration**

_No response_

**Sandboxie-Plus.ini configuration (for Plus interface issues)**

_No response_

CVE-2022-28067: Sandbox breakout bug (details omitted) · Issue #1714 · sandboxie-plus/Sandboxie

Also adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.

WALTHAM, Mass. , May 4, 2022 /PRNewswire/ -- Uptycs, provider of the first cloud-native security analytics platform enabling cloud and endpoint security from a common solution, announced today new cloud infrastructure entitlement management (CIEM) capabilities that strengthen its cloud security posture management (CSPM) offering. In addition, Uptycs announced CSPM support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage. These new capabilities provide Security and Governance, Risk, and Compliance teams with continuous monitoring of cloud services, identities, and entitlements so they can better reduce their cloud risk.

"Disparate cloud security solutions only deliver pieces of the picture, leaving Security teams unaware of new risks in a fast-changing cloud environment," says Ganesh Pai, CEO and co-founder of Uptycs. "As organizations scale out their cloud footprints—including across multiple public cloud providers—they need new types of security controls, especially in the realm of cloud identity and entitlement. Uptycs provides a unified platform for CSPM and CWPP that gives Security teams a holistic and fully integrated platform for securing their cloud resources, workloads, and infrastructure."

As they add cloud accounts, resources, and infrastructure, the number of user and machine identities grows exponentially. The majority of these identities have more access than they need to do their jobs, posing a serious risk if an attacker is able to steal credentials. According to Gartner, more than 95% of accounts in IaaS use, on average, less than 3% of the entitlements they are granted.1 In addition, Gartner estimates that "by 2023, 75% of security failures will result from inadequate management of identities, access and privileges, up from 50% in 2020."2

With new cloud identity and entitlement analytics capabilities in Uptycs, Security and Governance teams can solve these challenges:

*   **Monitor least privilege -** Continuously monitoring cloud infrastructure to spot identity misconfiguration and permissions gaps so they can move toward least-privilege access, minimizing the damage that can be caused by privilege escalation.
*   **Measure identity risk and governance posture -** Measuring the overall identity risk posture for cloud accounts based on factors such as root account configuration, credentials rotation, possibility of privilege escalation, and credential exposure.
*   **Harden cloud IAM policies -** Continuously analyzing cloud IAM policies and creating risk profiles so that teams can prioritize their efforts on tuning the most risky policies.
*   **Map identities and relationships -** Visually map relationships across accounts, rank connections based on riskiness, and show the impact a user can have on an asset or critical service.
*   **Detect and investigate identity misuse -** Show top cloud IAM principals and services denied based on specific time windows, enabling users to drill down into trends for a specific user/service and spot any anomalies from the regions based on historical data.

The cloud identity and entitlement analytics capabilities are generally available today for AWS as an add-on for the Uptycs CSPM offering. Uptycs' broader CSPM support for GCP and Azure (inventory, audit, compliance, and threat detection) is generally available.

1 Gartner, "Managing Privileged Access in Cloud Infrastructure," Paul Mezzera, December 7, 2021

2 Gartner, "Innovation Insight for Cloud Infrastructure Entitlement Management, Henrique Teixeira, Michael Kelley, Abhyuday Data, June 15, 2021

**About Uptycs  
**Uptycs provides the first cloud-native security analytics platform that enables endpoint and cloud security from a single platform. The solution provides a unique telemetry-powered approach to address multiple use cases—including Extended Detection & Response (XDR), Cloud Workload Protection (CWPP), and Cloud Security Posture Management (CSPM). Uptycs enables security professionals to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface. A free trial of Uptycs can be requested at www.uptycs.com/free-trial.

Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.
"Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.

"Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links," Google Threat Analysis Group's (TAG) Billy Leonard said in a report.

"Financially motivated and criminal actors are also using current events as a means for targeting users," Leonard added.

One notable threat actor is Curious Gorge, which TAG has attributed to China People's Liberation Army Strategic Support Force (PLA SSF) and has been observed striking government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia.

Attacks aimed at Russia have singled out several governmental entities, such as the Ministry of Foreign Affairs, with additional compromises impacting Russian defense contractors and manufacturers as well as an unnamed logistics company.

The findings follow disclosures that a China-linked government-sponsored threat actor known as Mustang Panda (aka Bronze President) may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX.

Another set of phishing attacks involved APT28 (aka Fancy Bear) hackers targeting Ukrainian users with a .NET malware that's capable of stealing cookies and passwords from Chrome, Edge and Firefox browsers.

Also implicated were Russia-based threat groups, including Turla (aka Venomous Bear) and COLDRIVER (aka Calisto), as well as a Belarusian hacking crew named Ghostwriter in different credential phishing campaigns targeting defense and cybersecurity organizations in the Baltic region and high-risk individuals in Ukraine.

Ghostwriter's latest attacks directed victims to compromised websites, from where the users were sent to an attacker-controlled web page to harvest their credentials.

In an unrelated phishing campaign targeting entities in Eastern European countries, a previously unknown and financially motivated hacking group has been spotted impersonating a Russian agency to deploy a JavaScript backdoor called DarkWatchman onto infected computers.

IBM Security X-Force connected the intrusions to a threat cluster it's tracking under the moniker Hive0117.

"The campaign masquerades as official communications from the Russian Government's Federal Bailiffs Service, the Russian-language emails are addressed to users in Lithuania, Estonia, and Russia in the Telecommunications, Electronic and Industrial sectors," the company said.

The findings come as Microsoft divulged that six different Russia-aligned actors launched at least 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country.

The geopolitical tensions and the ensuing military invasion of Ukraine have also fueled an escalation in data wiper attacks intended to cripple mission critical processes and destroy forensic evidence.

What's more, the Computer Emergency Response Team of Ukraine (CERT-UA) revealed details of ongoing distributed denial-of-service (DDoS) attacks directed against government and news portals by injecting malicious JavaScript (dubbed "BrownFlood") into the compromised sites.

DDoS attacks have been reported beyond Ukraine as well. Last week, Romania's National Directorate of Cyber ​​Security (DNSC) disclosed that several websites belonging to public and private institutions were "targeted by attackers who aimed to make these online services unavailable."

The attacks, claimed by a pro-Russian collective called Killnet, come in response to Romania's decision to support Ukraine in the military conflict with Russia.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

Summary

Broken access control in API for projects using Git VCS (CVE-2022-1502)

Advisory Number

2022-03

Discovery Date

26 APR 2022

Patch Release Date

28 APR 2022

Advisory Release Date

04 MAY 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-1502

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.1.2454 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

The versions of Octopus Server affected by this vulnerability are:

*   All 2021.3.x versions before 2021.3.12725
*   All 2022.1.x versions before 2022.1.2454

**Fix**

To address this vulnerability, we have released Octopus Server versions:

*   2021.3.12725
*   2022.1.2454

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest versions 2022.1.2454. You can download the latest version of Octopus Server from https://octopus.com/downloads

**Mitigation**

There is no known mitigation for CVE-2022-1502, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found during internal testing at Octopus Deploy.

CVE-2022-1502: Security Advisory 2022-03

Summary

Broken access control in API for projects using Git VCS (CVE-2022-1502)

Advisory Number

2022-03

Discovery Date

26 APR 2022

Patch Release Date

28 APR 2022

Advisory Release Date

04 MAR 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-1502

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.1.2454 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy security levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

The versions of Octopus Server affected by this vulnerability are:

*   All 2021.3.x versions before 2021.3.12725
*   All 2022.1.x versions before 2022.1.2454

**Fix**

To address this vulnerability, we have released Octopus Server versions:

*   2021.3.12725
*   2022.1.2454

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest versions 2022.1.2454. You can download the latest version of Octopus Server from https://octopus.com/downloads

**Mitigation**

There is no known mitigation for CVE-2022-1502, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team (https://octopus.com/support).

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found during internal testing at Octopus Deploy.

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.

Tag

#microsoft