Summary
According to multiple sources an OpenSSL vulnerability in some Palo Alto appliances could be exploited to trigger a denial of service (DOS) condition. This vulnerability has been patched in OpenSSL but not all Palo Alto appliances.
Threat Type
Vulnerability
Overview
X-Force is tracking the disclosure of an OpenSSL vulnerability in some Palo Alto appliances that if exploited could lead to a denial of service (DOS) condition. In early March of 2022, updates were released by OpenSSL to address CVE-20
Conti is a notorious ransomware group that targets high-revenue organizations. They were first detected in 2020, and appear to be based in Russia. It is believed that the group is the successor to Ryuk ransomware group. According to Chainalysis, The ransomware group was the highest grossing of all ransomware groups in 2021, with an estimated revenue of at least 180 million dollars.
Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program.
Through this expanded program, we encourage researchers to discover and report high-impact security vulnerabilities to help protect customers. We offer awards up to $26,000 USD for eligible submissions.
Information for red teaming macOS and info on real world TTPs are still a bit sparse. That makes it difficult for defenders to know what attackers do on macOS compared to Windows. Some organizations might have a bigger blind spot when it comes to macOS.
This post describes how an adversary can grab hashes from a macOS machine, how to convert it to a hashcat friendly format and use hashcat to crack it.
Despite how they sound, Spring4Shell and the related vulnerabilities in the Spring Framework aren’t exactly like Log4Shell. Learn how they work and what you can do.