Misconfigured PowerApps Exposes 38M Records
Misconfigured applications built using Microsoft Power Apps platform made 38 million records publicly available on the open web. This is due to a default setting in the platform that enable…
Vulnerability in App Container
Google Project Zero shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address it soon. disclosure of findings is the…
LockFile Exploits PettiPotam
Threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be…
BlueLight Payload
Researchers from Volexity recently investigated a Strategic Web Compromise of the Daily NK website by InkySquid. The targeted site is an online newspaper based in South Korea that posts news…
GIT Operations Need 2FA
GitHub is urging its base of users to enable two-factor authentication as the platform shakes up how it protects accounts from compromise.GitHub stopped accepting account passwords when authenticating Git operations.…
Posted inAzure Security
Azure Credentials exposed in PlainText
Mimikatz has been used by a vulnerability researcher to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service.Mimikatz, an open-source software that allows…
Another RCE in Print Spooler Mayhem awaits
Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, after a day of releasing arch tuesday updates adding that it's working to remediate the issue…
Patch Tuesday August 2021
Microsoft patched 44 CVEs in the August 2021 Patch Tuesday release, including seven CVEs rated as critical and 37 rated as important. This month’s update includes patches for: .NET Core…