Tag: microsoft
-
Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog
by
in SecurityNewsMicrosoft has patched potentially critical vulnerabilities in Update Catalog and Windows Defender on the server side. The post Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-patches-vulnerabilities-in-windows-defender-update-catalog/
-
Thales and Imperva Win Big in 2024
by
in SecurityNews
Tags: access, api, application-security, attack, authentication, banking, business, ciso, cloud, communications, compliance, conference, control, cyber, cybersecurity, data, ddos, defense, encryption, firewall, gartner, group, guide, iam, identity, infosec, insurance, intelligence, malicious, mfa, microsoft, monitoring, privacy, risk, saas, service, software, strategy, threat, usaThales and Imperva Win Big in 2024 madhav Fri, 12/13/2024 – 09:36 At Thales and Imperva, we are driven by our commitment to make the world safer, and nothing brings us more satisfaction than protecting our customers from daily cybersecurity threats. But that doesn’t mean we don’t appreciate winning the occasional award. In the year…
-
Microsofts verbessertes Recall zeichnet weiterhin sensitive Infos auf
by
in SecurityNewsWegen gravierender Mängel bezüglich der Sicherheit wurde Recall im Sommer 2024 durch Microsoft zurückgezogen. Nun ist Microsoft gerade dabei, seine über Monate überarbeitete “und wirklich abgesicherte” Version von Recall erneut an Windows Insider auszurollen. Was kann schon schief gehen? Tester … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/13/windows-microsofts-verbessertes-recall-zeichnet-weiterhin-sensitive-infos-auf/
-
Russia Used Borrowed Spyware to Target Ukrainian Troops
by
in SecurityNewsSecret Blizzard Used Third-party Amadey Bots to Hack Ukrainian Military Devices. A Russian state-backed hacker group used third-party data-stealing bots and possibly a backdoor used by another Russia-based threat group to infiltrate and spy on devices used by frontline Ukrainian military units, according to a report from the Microsoft threat intelligence team. First seen on…
-
Default NTLM relay attack protections introduced by Microsoft
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/default-ntlm-relay-attack-protections-introduced-by-microsoft
-
Critical ‘AuthQuake’ bug let attackers bypass Microsoft MFA
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/critical-authquake-bug-lets-attackers-bypass-microsoft-mfa
-
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’
by
in SecurityNews
Tags: api, application-security, attack, cve, exploit, flaw, injection, malicious, microsoft, mitigation, office, programming, software, switch, technology, tool, vulnerability, windowsSecurity researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows.The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set.However, application security experts Orange Tsai and Splitline Huang from Taiwanese firm DEVCORE used a presentation at Black…
-
Microsoft hijacks keyboard shortcut to bring Copilot to your attention
by
in SecurityNewsAI assistant goes native sort of for Windows Insiders First seen on theregister.com Jump to article: www.theregister.com/2024/12/11/microsoft_copilot_keyboard_shortcut/
-
Why did China hack the world’s phone networks?
by
in SecurityNews
Tags: access, breach, china, communications, cyberattack, cybercrime, cybersecurity, government, group, hacker, Internet, microsoft, network, phone, service, technologySalt Typhoon breached dozens of telecoms around the world<ul><li><a href=”https://www.theguardian.com/info/2022/sep/20/sign-up-for-the-techscape-newsletter-our-free-technology-email”>Don’t get TechScape delivered to your inbox? Sign up here</li></ul>Chinese hackers <a href=”https://www.theguardian.com/technology/2024/dec/04/chinese-hackers-american-cell-phones”>have breached dozens of telecommunications companies around the world. The breach, christened Salt Typhoon by Microsoft cybersecurity researchers, has afforded the cybercriminals unprecedented access not only to information on who has been texting or…
-
Microsoft MFA Bypassed via AuthQuake Attack
by
in SecurityNewsOasis Security has disclosed AuthQuake, a method for bypassing Microsoft MFA within an hour without user interaction. The post Microsoft MFA Bypassed via AuthQuake Attack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-mfa-bypassed-via-authquake-attack/
-
Per Brute Force: Forscher knacken Microsofts Multi-Faktor-Authentifizierung
by
in SecurityNewsDurch parallele Sitzungen konnte das Forscherteam unbegrenzt Fehleingaben tätigen. Oftmals gelang der Zugriff innerhalb von nur einer Stunde. First seen on golem.de Jump to article: www.golem.de/news/per-brute-force-forscher-knacken-microsofts-multi-faktor-authentifizierung-2412-191657.html
-
ConvoC2 A Red Teamers Tool To Execute Commands on Hacked Hosts Via Microsoft Teams
by
in SecurityNewsA stealthy Command-and-Control (C2) infrastructure Red Team tool named ConvoC2 showcases how cyber attackers can exploit Microsoft Teams to execute system commands on compromised hosts remotely. This innovative project, designed with Red Team operations in mind, uses Teams messages for hidden data exfiltration and command execution, demonstrating a significant security challenge for organizations relying on…
-
Das Ende von Windows Kalender, Kontakte und Mail naht schnell
by
in SecurityNewsDas neue Outlook soll nach Microsofts Willen die Apps Windows Kalender, Kontakte und Mail ersetzen. Deren Support endet in Kürze. First seen on heise.de Jump to article: www.heise.de/news/Das-Ende-von-Windows-Kalender-Kontakte-und-Mail-naht-schnell-10196840.html
-
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor
Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) was spotted using the Amadey malware to deploy the KazuarV2 backdoor on devices in Ukraine. The experts observed threat actors using the Amadey bot malware between March and April 2024. Microsoft highlights…
-
Attackers can abuse the Windows UI Automation framework to steal data from apps
by
in SecurityNewsAn accessibility feature built into Windows to facilitate the use of computers by people with disabilities can be abused by malware to steal data from other applications or control them in malicious ways that evades detection by most endpoint protection systems.The Windows UI Automation framework has existed since the days of Windows XP and provides…
-
Patchday: Microsoft Office Updates (10. Dezember 2024)
by
in SecurityNewsAm 10. Dezember 2024 (zweiter Dienstag im Monat, Microsoft Patchday) hat Microsoft mehrere sicherheitsrelevante Updates für Microsoft Office 2016, sowie die C2R-Varianten (Office 2016-2021 und 365) und andere Produkte veröffentlicht. Nachfolgend finden Sie eine Übersicht über die verfügbaren Updates. Eine … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/12/patchday-microsoft-office-updates-10-dezember-2024/
-
Microsoft rollt Windows-Härtung gegen Standard-NTLM-Relay-Angriffe aus
by
in SecurityNewsNTLM-Relaying ist eine beliebte Angriffsmethode, die von Bedrohungsakteuren zur Kompromittierung der Identität verwendet wird. Microsoft möchte dem einen Riegel vorschieben und hat damit begonnen, Schutzmaßnahmen in Windows auszurollen, die einen besseren Schutz vor Standard-NTLM-Relay-Angriffen bieten sollen. NTLM-Relay-Angriffe NTLM-Relaying ist eine … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/11/microsoft-rollt-windows-haertung-gegen-standard-ntlm-relay-angriffe-aus/
-
Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others
by
in SecurityNewsDecember marked a quiet month with 70 vulnerabilities patched, plus updates from outside of Microsoft. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/patch-tuesday-december-24/
-
The imperative for governments to leverage genAI in cyber defense
by
in SecurityNews
Tags: ai, attack, cyber, cyberattack, cybersecurity, dark-web, data, deep-fake, defense, detection, email, endpoint, gartner, government, incident response, infrastructure, intelligence, LLM, malicious, malware, microsoft, strategy, tactics, threat, tool, training, vulnerabilityIn an era where cyber threats are evolving at an unprecedented pace, the need for robust cyber defense mechanisms has never been more critical. Sixty-two percent of all cyberattacks focus on public sector organizations directly and indirectly. Nation-state actors, equipped with generative artificial intelligence (genAI) sophisticated tools and techniques, pose significant threats to national security,…
-
Chinese APT Groups Targets European IT Companies
by
in SecurityNewsEvidence Mounts for Chinese Hacking ‘Quartermaster’. A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure cloud infrastructure to target Western technology firms for espionage, security firms Tinexta Cyber and SentinelLabs said. The companies call the campaign Operation Digital Eye. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-apt-groups-targets-european-companies-a-27030
-
Microsoft fixes 72 vulnerabilities in final 2024 Patch Tuesday
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-fixes-72-vulnerabilities-in-final-2024-patch-tuesday
-
December Patch Tuesday shuts down Windows zero-day
by
in SecurityNewsMicrosoft addresses 72 vulnerabilities, including 17 rated critical. Administrators should focus on patching the Windows OS to stop a flaw that has been exploited in the wild. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366617192/December-Patch-Tuesday-shuts-down-Windows-zero-day
-
Microsoft lifts Windows 11 24H2 block on PCs with USB scanners
by
in SecurityNewsMicrosoft has lifted a compatibility block preventing Windows 11 24H2 upgrades after fixing a bug causing USB connection issues to some scanners. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-lifts-windows-11-24h2-block-on-pcs-with-usb-scanners/
-
U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver flaw CVE-2024-49138 (CVSS score: 7.8) to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft December 2024…
-
Microsoft closes 2024 with extensive security update
by
in SecurityNewsAdobe, too. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-december-2024/
-
Patchday: Windows 11/Server 2022-Updates (10. Dezember 2024)
by
in SecurityNewsAm 10. Dezember 2024 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft auch kumulative Updates für Windows 11 22H2 bis 24H2 veröffentlicht. Zudem erhielten Windows Server 2022 Windows Server 2025 Updates. Hier einige Details zu diesen Updates, die … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/11/patchday-windows-11-server-2022-updates-10-dezember-2024/
-
Microsoft Security Update Summary (10. Dezember 2024)
by
in SecurityNewsAm 10. Dezember 2024 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 70 Schwachstellen (CVEs), davon 16 kritische Sicherheitslücken, davon eine als 0-day klassifiziert (bereits ausgenutzt). Nachfolgend findet sich … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/microsoft-security-update-summary-10-dezember-2024/
-
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
by
in SecurityNewsMicrosoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day. Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. 16 vulnerabilities are rated Critical, 54 are rated Important, and…
-
Microsoft enhanced Recall security, but will it be enough?
by
in SecurityNewsMicrosoft’s controversial Recall feature began rolling out to certain Windows Insiders with Copilot+ PCs in November, with more expected to participate this month. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617052/Microsoft-enhanced-Recall-security-but-will-it-be-enough