Blog - Cyber Security Informer

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. In late 2015, Nick Landers, Co-Founder of Dreadnode, published a blog on the abuse of Outlook Rules for RCE. include <Windows.h> What makes that determination?”

Authentication

Authentication Penetration Testing Technology Phishing

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

Related: It’s all about ‘ attack surface management ‘ However, today’s perpetrator isn’t standing in front of you brandishing a weapon. The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. Prevalence.

Ransomware

Ransomware Education Financial Services Phishing

Reinventing Asset Management for Cybersecurity Professionals

IT Security Guru

MAY 24, 2021

With limited resources on security teams, automated tools are required to achieve the scale and scope of managing small- and medium-sized environments, let alone enterprise-scale infrastructure. production or test), which helps identify business-critical assets and tag them automatically. Simplifying Asset Management for Security.

Cybersecurity

Cybersecurity Risk Software Data collection

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. In late 2015, Nick Landers, Co-Founder of Dreadnode, published a blog on the abuse of Outlook Rules for RCE. include <Windows.h> What makes that determination?”

Authentication

Authentication Penetration Testing Technology Phishing

Best Practice Steps for Safe Data Sharing

Security Boulevard

MAY 24, 2021

<a href='/blog?tag=Data tag=Data Security'>Data Security</a> <a href='/blog?tag=Data tag=Data Breach'>Data Breach</a> <a href='/blog?tag=Information This can be achieved by email encryption or, where there are large volumes of data through a managed file transfer (MFT) solution.

Data breaches

Data breaches Risk Government Encryption

McAfee Provides Max Cyber Defense Capabilities in MITRE’s Carbanak+FIN7 ATT&CK® Evaluation

McAfee

APRIL 20, 2021

100% visibility across the 10 major attack steps on Day 1 ( Carbanak ), and 100% visibility across the 10 major attack steps on Day 2 ( FIN7 ). . 8 7 % visibility across the total of 174 sub- steps for the 2 attack scenarios. . 8 7 % visibility across the total of 174 sub- steps for the 2 attack scenarios. .

Threat Detection

Threat Detection Cybersecurity Government Network Security

Securing Containers with NIST 800-190 and MVISION CNAPP

McAfee

DECEMBER 9, 2020

Unfortunately, this also compounds supply chain risks and presents an ever-increasing attack surface. With the use of native tagging and network flow log analysis, customers can visualize cloud infrastructure interactions including across compute, network, and storage components.

Architecture

Architecture Risk Technology Digital transformation

Kali Linux 2021.2 Release (Kaboxer, Kali-Tweaks, Bleeding-Edge & Privileged Ports)

Kali Linux

MAY 31, 2021

Again) In case you missed it, we have previously covered Kaboxer in it’s own dedicated blog post , which goes into a lot more detail of why we love it so! Again) In case you missed it, we have previously covered Kaboxer in it’s own dedicated blog post , which goes into a lot more detail of why we love it so!

Engineering

Engineering Firmware Architecture Backups

Machine Learning in Cybersecurity Course – Part 2: Specific Applications and Challenges

NopSec

APRIL 7, 2019

In our l ast week’s blog post , we outlined the first part of that webinar, without going into the three specific applications and the challenges. For example, we could tag all messages that contain the expression ‘make money’ as spam. Intrusion detection systems (IDS) are one way to stay a step ahead of potential attackers.

Cybersecurity

Cybersecurity Data breaches Malware Risk

AvosLocker enters the ransomware scene, asks for partners

Malwarebytes

JULY 23, 2021

This blog post was authored by Hasherezade. In mid-July we responded to an incident that involved an attack on a Microsoft Exchange server. In this blog we will take a look at AvosLocker a solid, yet not too fancy new ransomware family that has already claimed several victims. Behavioral Analysis. Execution flow.

Ransomware

Ransomware Encryption Malware Backups

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

MAY 11, 2021

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. victim that earns $15 billion in annual revenue.

Ransomware

Ransomware Advertising Healthcare Penetration Testing

AvosLocker enters the ransomware scene, asks for partners

Malwarebytes

JULY 23, 2021

This blog post was authored by Hasherezade. In mid-July we responded to an incident that involved an attack on a Microsoft Exchange server. In this blog we will take a look at AvosLocker a solid, yet not too fancy new ransomware family that has already claimed several victims. Behavioral Analysis. Execution flow.

Ransomware

Ransomware Encryption Malware Backups

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

It was not the best way to manage or maintain packages. As we were scrapping it all and starting from scratch when starting with Kali, we moved to Git and used GPG to tag releases, at the same time, published all our build-scripts allowing anyone to build Kali on any platform. The lack of FHS was hurting us in many different ways.

InfoSec

InfoSec Penetration Testing Architecture Software

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches

Data breaches Passwords InfoSec Accountability

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Mobile devices exposed to wide attacks. Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. BruteRatel, an attack tool comparable to CobaltStrike, remains on our radar when it comes to APT adoption.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Webinars

Trending Sources

Reinventing Asset Management for Cybersecurity Professionals

Webinars

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

Best Practice Steps for Safe Data Sharing

McAfee Provides Max Cyber Defense Capabilities in MITRE’s Carbanak+FIN7 ATT&CK® Evaluation

Securing Containers with NIST 800-190 and MVISION CNAPP

Kali Linux 2021.2 Release (Kaboxer, Kali-Tweaks, Bleeding-Edge & Privileged Ports)

Machine Learning in Cybersecurity Course – Part 2: Specific Applications and Challenges

AvosLocker enters the ransomware scene, asks for partners

A Closer Look at the DarkSide Ransomware Gang

AvosLocker enters the ransomware scene, asks for partners

Happy 10th anniversary & Kali's story.so far

Project Svalbard: The Future of Have I Been Pwned

Advanced threat predictions for 2023

Stay Connected