Ελληνικά
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws. Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, […]
Author Archives: CSIRT
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, Bleeping Computer has learned. These attacks were part of two campaigns that ran between September and December 2020, targeting victims in multiple recurring waves. One of the two attack campaigns specifically targeted Spanish speaking victims […]
The perpetrators behind the SolarWinds supplychain attack were observed leveraging four separate, techniques to bypass identity and access management protections and laterally move from victims’ on-premises networks to their cloud-based Microsoft 365 accounts. Companies that use M365 may therefore wish to heed three key recommendations: harden your hybrid environments, conduct thorough audits of your cloud […]
Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims’ cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. No new tactics, techniques, and procedures (TTPs) were shared in a blog post published on Monday to provide Microsoft 365 Defender users with threat hunting techniques […]