Tag: microsoft
-
Device Code Phishing in Entra ID – Aktive Phishing-Angriffe auf Microsoft-Konten mittels Device Code Login
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/phishing-kampagne-microsoft-device-code-login-a-2af2eb8eb798dfa789e756632f4ed63a/
-
Schwachstellen managen: Die besten Vulnerability-Management-Tools
by
in SecurityNews
Tags: attack, cloud, compliance, data, detection, google, infrastructure, Internet, iot, microsoft, risk, saas, service, software, tool, update, vulnerability, vulnerability-managementSchwachstellen zu managen, muss keine Schwerstarbeit sein. Wenn Sie die richtigen Tools einsetzen. Das sind die besten in Sachen Vulnerability Management.Nicht nur das Vulnerability Management hat sich im Laufe der Jahre erheblich verändert, sondern auch die Systeme, auf denen Schwachstellen identifiziert und gepatcht werden müssen. Systeme für das Schwachstellen-Management fokussieren heutzutage nicht mehr nur auf…
-
Microsoft names alleged credential-snatching ‘Azure Abuse Enterprise’ operators
by
in SecurityNewsCrew helped lowlifes generate X-rated celeb deepfakes using Redmond’s OpenAI-powered cloud claim First seen on theregister.com Jump to article: www.theregister.com/2025/02/28/microsoft_names_and_shames_4/
-
Copilot exposes private GitHub pages, some removed by Microsoft
by
in SecurityNewsRepositories once set to public and later to private, still accessible through Copilot. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/
-
Cyberangriffe abwehren: Wie Windows-Architekturen widerstandsfähiger werden
by
in SecurityNewsDie weltweiten Computerstörungen im Sommer 2024 durch ein fehlerhaftes Cybersicherheits-Update hatten weitreichende Folgen. Das Bundesamt für Sicherheit in der Informationstechnik (BSI), Crowdstrike und Microsoft haben den Vorfall intensiv aufgearbeitet und jetzt umfassende Maßnahmen zur Stärkung der Systemresilienz vorgestellt. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/cyberangriffe-abwehren-wie-windows-architekturen-widerstandsfaehiger-werden/
-
How to configure OAuth in Microsoft 365 Defender and keep your cloud secure
by
in SecurityNews
Tags: access, attack, authentication, backup, business, cloud, email, identity, mail, mfa, microsoft, monitoring, password, risk, risk-analysis, software, tool, vulnerability, windowsSet the filter to permission level “high severity” and community use to “not common”. Using this filter, you can focus on apps that are potentially very risky, where users may have underestimated the risk.Under Permissions select all the options that are particularly risky in a specific context. For example, you can select all the filters…
-
Rechteausweitung und Remote Code – Microsoft behebt aktiv ausgenutzte Schwachstelle
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-microsoft-sicherheitsluecken-bing-power-pages-a-04ff59835d2e1ce56750a07e2a2c187e/
-
Hiding in Plain Sight: The Hidden Dangers of Geolocation in Cloud Security
by
in SecurityNewsOne of the biggest challenges organizations face today is detecting malicious activity in cloud environments. As highlighted in MixMode’s latest Threat Research Report, cybercriminals are increasingly leveraging trusted cloud providers like AWS, Microsoft Azure, and Google Cloud to disguise their attacks, a strategy known as infrastructure laundering. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/hiding-in-plain-sight-the-hidden-dangers-of-geolocation-in-cloud-security-2/
-
Windows 11 KB5052093 update released with 33 changes and fixes
by
in SecurityNewsMicrosoft has released the February 2025 preview cumulative update for Windows 11 24H2, with 33 improvements and fixes for multiple issues, including SSH and File Explorer bugs and the volume jumping to 100% when waking the PC from sleep. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5052093-update-released-with-33-changes-and-fixes/
-
Windows 11 24H2 upgrades now blocked for some AutoCAD users
by
in SecurityNewsMicrosoft has introduced a new Windows 11 24H2 upgrade block for systems with AutoCAD 2022, addressing compatibility issues that prevent the program from launching. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-24h2-upgrades-now-blocked-for-some-autocad-users/
-
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
by
in SecurityNews
Tags: access, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are as follows -CVE-2024-49035 (CVSS score: 8.7) – An improper access control First seen on…
-
Microsoft 365 Accounts Get Sprayed by Mega-Botnet
by
in SecurityNewsThe threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don’t typically monitor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/microsoft-365-accounts-sprayed-mega-botnet
-
Xi know what you did last summer: China was all up in Republicans’ email, says book
by
in SecurityNewsOf course, Microsoft is in the mix, isn’t it First seen on theregister.com Jump to article: www.theregister.com/2025/02/25/china_hacked_gop_emails/
-
Black Basta ransomware leak sheds light on targets, tactics
by
in SecurityNewsVulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619641/Black-Basta-ransomware-leak-sheds-light-on-targets-tactics
-
Microsoft fixes Entra ID authentication issue caused by DNS change
by
in SecurityNewsMicrosoft has fixed an issue that caused Entra ID DNS authentication failures when using the company’s Seamless SSO and Microsoft Entra Connect Sync. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-entra-id-authentication-issue-caused-by-dns-change/
-
Veeam releases new orchestration, disaster recovery tool for Microsoft Hyper-V
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/veeam-releases-new-orchestration-disaster-recovery-tool-for-microsoft-hyper-v
-
Massive Botnet Facilitates Microsoft 365 Password Spray Attacks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/massive-botnet-facilitates-microsoft-365-password-spray-attacks
-
Botnet of 130,000 compromised devices targets Microsoft 365 accounts
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/botnet-of-130000-compromised-devices-targets-microsoft-365-accounts
-
Windows 10 KB5052077 update fixes broken SSH connections
by
in SecurityNewsMicrosoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH connections. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-kb5052077-update-fixes-broken-ssh-connections/
-
Microsoft’s Password Spray and Pray Attack: A Wake-Up Call for 2FA Adoption
Microsoft accounts without 2FA face a “password spray and pray” attack, prompting urgent warnings for organizations to bolster defenses and prevent breaches. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/trends/microsoft-password-spray-and-pray-attack/
-
CISA Confirms Microsoft Partner Center Flaw Exploited In Attacks
by
in SecurityNewsA ‘critical’ vulnerability in Microsoft’s partner program website has seen exploitation in cyberattacks, according to CISA. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-confirms-microsoft-partner-center-flaw-exploited-in-attacks
-
Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware
by
in SecurityNewsOpposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader. The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed…
-
Chinese Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts
by
in SecurityNewsA China-linked botnet powered by 130,000 hacked devices has targeted Microsoft 365 accounts with password spraying attacks. The post Chinese Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-botnet-powered-by-130000-devices-targets-microsoft-365-accounts/
-
Microsoft trims more CPUs from Windows 11 compatibility list
by
in SecurityNewsOEMs blowing dust from the processor stock cupboard, beware First seen on theregister.com Jump to article: www.theregister.com/2025/02/24/microsoft_win_11_cpus/
-
Veeam und Microsoft vertiefen Partnerschaft für KI-gestützte Datensicherheit
by
in SecurityNewsIn einer Zeit zunehmender Cyberbedrohungen und der sich stetig wandelnden Cloud-Landschaft ist Datenresilienz nicht länger optional, sie ist geschäftskritisch First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-und-microsoft-vertiefen-partnerschaft-fuer-ki-gestuetzte-datensicherheit/a39951/
-
25 Years On, Active Directory Is Still a Prime Attack Target
by
in SecurityNewsEvolving threats and hybrid identity challenges keep Microsoft’s Active Directory at risk. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/25-years-active-directory-prime-attack-target
-
Chinese Botnet Bypasses MFA in Microsoft 365 Attacks
SecurityScorecard revealed that the large-scale password spraying campaign can bypass MFA and security access policies by utilizing Non-interactive sign-ins First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-botnet-mfa-microsoft/
-
Password Spraying: 130.000 Bots attackieren Microsoft-365-Konten
by
in SecurityNewsAngreifer versuchen, via Password Spraying fremde Microsoft-365-Accounts zu infiltrieren. Dabei gehen sie der MFA gezielt aus dem Weg. First seen on golem.de Jump to article: www.golem.de/news/password-spraying-130-000-bots-attackieren-microsoft-365-konten-2502-193693.html
-
Passwortlose Anmeldung – Mit Passkeys an Microsoft 365 und Azure anmelden
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/passkeys-microsoft-365-entra-id-a-ca581638dcdb16665e0f490cc26496c2/
-
Hackers Evade Outlook Spam Filters to Deliver Malicious ISO Files
A newly discovered technique allows threat actors to circumvent Microsoft Outlook’s spam filters to deliver malicious ISO files, exposing organizations to sophisticated phishing campaigns. The bypass leverages hyperlink obfuscation to disguise malicious links as benign URLs, enabling attackers to distribute malware-laden disk image files directly to victims’ inboxes. As per a report by Afine, Security…