Defense in depth — the Microsoft way (part 48): privilege escalation for dummies — they didn’t make SUCH a stupid blunder?
Home » Defense in depth — the Microsoft way (part 48): privilege escalation for dummies — they didn’t make SUCH a stupid blunder?
Defense in depth — the Microsoft way (part 48): privilege escalation for dummies — they didn’t make SUCH a stupid blunder?
Share
RSS
More Articles…
- CIS Controls and Vulnerability Assessment: practical guide to adopting best practices
- Kerberoasting: a threat to cybersecurity and how to mitigate it with Security Posture analysis
- Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA)
- CSIRT and SOC: Differences between incident management and security monitoring
- Security posture analysis: Complete guide to strengthening cybersecurity
- Deception vs EDR: What’s the Best Threat Defense Strategy?
- Deception: Tricking Hackers to Secure Your Network
- Active Defense Deception: cybersecurity that beats hackers with their own weapons
Categories …
- Backup as a Service (17)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (189)
- Cyber Threat Intelligence (CTI) (7)
- Deception (4)
- Ethical Phishing (9)
- Penetration Test (8)
- Posture Guard (1)
- SOCaaS (62)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Dark Reading
- The Silent Threat of APIs: What the New Data Reveals About Unknown Risk October 2, 2023The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.
- Securing AI: What You Should Know September 29, 2023Securing AI within your organization starts with understanding how AI differs from traditional business tools. Google's Secure AI Framework provides a model for what to do next.
- How Can Your Security Team Help Developers Shift Left? September 29, 2023Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.
- Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain September 29, 2023The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
- DHS: Physical Security a Concern in Johnson Controls Cyberattack September 29, 2023An internal memo cites DHS floor plans that could have been accessed in the breach.
- Cybersecurity Gaps Plague US State Department, GAO Report Warns September 29, 2023The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
- Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software September 29, 2023In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
- People Still Matter in Cybersecurity Management September 29, 2023Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
- Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files September 29, 2023Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise.
- QR Code 101: What the Threats Look Like September 29, 2023Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.
Full Disclosure
- [tool] WatchGuard Firebox Web Update Unpacker September 25, 2023Posted by retset on Sep 25A small utility for extracting file system images from "sysa-dl" update files. https://github.com/ret5et/Watchguard_WebUI_Unpacker
- APPLE-SA-2023-09-21-6 macOS Ventura 13.6 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-6 macOS Ventura 13.6 macOS Ventura 13.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213931. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
- APPLE-SA-2023-09-21-7 macOS Monterey 12.7 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-7 macOS Monterey 12.7 macOS Monterey 12.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213932. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
- APPLE-SA-2023-09-21-5 watchOS 9.6.3 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-5 watchOS 9.6.3 watchOS 9.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213929. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
- APPLE-SA-2023-09-21-4 watchOS 10.0.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-4 watchOS 10.0.1 watchOS 10.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213928. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
- APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 iOS 16.7 and iPadOS 16.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213927. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. […]
- APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 iOS 17.0.1 and iPadOS 17.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213926. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: iPhone XS […]
- APPLE-SA-2023-09-21-1 Safari 16.6.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-1 Safari 16.6.1 Safari 16.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213930. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. WebKit Available for: macOS Big Sur and Monterey Impact: Processing web […]
- Advisory X41-2023-001: Two Vulnerabilities in OPNsense September 23, 2023Posted by X41 D-Sec GmbH Advisories via Fulldisclosure on Sep 22Advisory X41-2023-001: Two Vulnerabilities in OPNsense =========================================================== Highest Severity Rating: High Confirmed Affected Versions: 23.1.11_1, 23.7.3, 23.7.4 Confirmed Patched Versions: Commit 484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 Vendor: Deciso B.V. / OPNsense Vendor URL: https://opnsense.org Credit: X41 D-Sec GmbH, Yasar Klawohn and JM Status: Public Advisory-URL:...
- SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape September 18, 2023Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18SEC Consult Vulnerability Lab Security Advisory < 20230918-0 > ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BCF vulnerable version: OpenScape SBC...
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
Products and Solutions
News
- CIS Controls and Vulnerability Assessment: practical guide to adopting best practices September 25, 2023
- Kerberoasting: a threat to cybersecurity and how to mitigate it with Security Posture analysis September 8, 2023
- Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA) September 8, 2023
- CSIRT and SOC: Differences between incident management and security monitoring September 8, 2023
- Security posture analysis: Complete guide to strengthening cybersecurity August 21, 2023
Google Reviews
















© 2023 Secure Online Desktop s.r.l. All Rights Reserved. Registered Office: via dell'Annunciata 27 – 20121 Milan (MI), Operational Office: via statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Tax code and VAT number 07485920966 – R.E.A. MI-1962358 Privacy Policy - ISO Certifications