Tag: microsoft
-
Microsoft Expanded Cloud Logs – So vermeiden Sie blinde Flecken in Microsofts Cloud-Diensten
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-microsoft-cisa-neue-cloud-protokolle-a-7e2b589ae417bc2a7ebc0f6cefb053ef/
-
BSI empfiehlt Abschied von Windows 10
by
in SecurityNewsWindows 10 vor dem Aus: Microsoft beendet am 14. Oktober 2025 den Support für das beliebte Betriebssystem. Ab diesem Zeitpunkt gibt es keine kostenlosen Sicherheitsupdates mehr ein offenes Tor für Cyberangriffe. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt und rät dringend zum Umstieg. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/bsi-empfiehlt-abschied-von-windows-10/
-
CVE-2025-24054 Under Active Attack”, Steals NTLM Credentials on File Download
by
in SecurityNews
Tags: credentials, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, technology, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure First seen on…
-
Will politicization of security clearances make US cybersecurity firms radioactive?
by
in SecurityNews
Tags: access, business, ceo, cisa, cisco, ciso, credentials, crowdstrike, cybersecurity, disinformation, election, government, infrastructure, intelligence, law, microsoft, network, office, risk, spyware, strategy, threatWhat brought this on: This is mostly a reaction to a White House order on Wednesday that tied security clearances to supporting political concepts. The order chastised Chris Krebs, the former head of Trump’s Cybersecurity and Infrastructure Security Agency (CISA). “Krebs’ misconduct involved the censorship of disfavored speech implicating the 2020 election and COVID-19 pandemic. CISA, under…
-
Maximize profits with Microsoft 365 Copilot for SMBs
by
in SecurityNews
Tags: microsoftFirst seen on scworld.com Jump to article: www.scworld.com/native/maximize-profits-with-microsoft-365-copilot-for-smbs
-
Microsoft Vulnerabilities Reach Record High with Over 1,300 Reported in 2024
by
in SecurityNewsThe 12th Edition of the Microsoft Vulnerabilities Report has revealed a significant surge in the number of vulnerabilities detected within Microsoft’s ecosystem, setting a new record with 1,360 vulnerabilities reported in 2024. This escalation marks the highest count since the initiation of the report, underscoring a year of intense scrutiny and attention to security within…
-
Die beliebte Spieler-Plattform Steam ist aktuell Phishing-Angriffsziel Nr. 1
by
in SecurityNewsVor wenigen Tagen wurde ein neuer vorgestellt, der die beliebtesten Phishing-Angriffsziele von Cyberkriminellen für das erste Quartal 2025 zusammengetragen hat. Das Ergebnis: erstmalig ist die unter Gamern beliebte Vertriebs-Plattform Steam auf dem ersten Platz gelandet mit deutlichem Abstand vor Microsoft, Facebook/Meta, Roblox und Sunpass. Bereits im vergangenen Jahr war in zahlreichen Medien […] First seen…
-
Node.js malvertising campaign targets crypto users
Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditional…
-
Office 2016 and Office 2019 reach end of support in October
by
in SecurityNewsMicrosoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-office-2019-reach-end-of-support-in-october/
-
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
by
in SecurityNewsCVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/windows-ntlm-vulnerability-exploited-in-multiple-attack-campaigns-cve-2025-24054/
-
Weaponized Amazon Gift Cards Used to Steal Microsoft Credentials
by
in SecurityNewsCybercriminals are exploiting the trust in e-gift cards and the prestige of Amazon to steal Microsoft credentials from unsuspecting employees. The attack begins with an email, disguised as a >>Reward Gateway
-
New Windows Server emergency updates fix container launch issue
by
in SecurityNewsMicrosoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-server-emergency-updates-fix-container-launch-issue/
-
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration.The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance…
-
Microsoft Thwarts $4bn in Fraud Attempts
by
in SecurityNewsMicrosoft has blocked fraud worth $4bn as threat actors ramp up AI use First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-thwarts-4bn-in-fraud/
-
Code-Panne bei Microsoft: Windows-11-Upgrade trotz Blockade verteilt
by
in SecurityNewsMicrosoft Intune hat aufgrund eines Fehlers einige Upgrade-Blockaden ignoriert, so dass Systeme unerwartet auf Windows 11 aktualisiert wurden. First seen on golem.de Jump to article: www.golem.de/news/code-panne-bei-microsoft-windows-11-upgrade-trotz-blockade-verteilt-2504-195445.html
-
Microsoft bestätigt: Neue Windows-11-Updates lösen Bluescreens aus
by
in SecurityNewsWer unter Windows 11 nach den jüngsten Updates mit Bluescreens konfrontiert wird, ist damit nicht allein. Auch Microsoft hat das Problem nun erkannt. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-neue-windows-11-updates-loesen-bluescreens-aus-2504-195440.html
-
Microsoft vulnerabilities: What’s improved, what’s at risk
by
in SecurityNewsMicrosoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/beyondtrust-microsoft-vulnerabilities-report-2024/
-
Multiple Groups Exploit NTLM Flaw in Microsoft Windows
by
in SecurityNewsThe attacks have been going on since shortly after Microsoft patched the vulnerability in March. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw
-
Free Blue Screens of Death for Windows 11 24H2 users
by
in SecurityNewsMicrosoft rewards those who patch early with bricks hurled through its operating system First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/microsofts_latest_windows_updates/
-
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems
by
in SecurityNewsA critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure through spoofing, allows attackers to harvest sensitive user credentials with minimal interaction, potentially leading to privilege escalation and full network compromise. Despite Microsoft releasing a…
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
by
in SecurityNewsThis is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
Hackers Weaponize Gamma Tool Through Cloudflare Turnstile to Steal Microsoft Credentials
by
in SecurityNewsCybercriminals are exploiting an AI-powered presentation tool called Gamma to launch a multi-stage attack aimed at stealing Microsoft credentials. This attack route is designed not only to evade traditional security measures but also to deceive human recipients by leveraging trusted platforms and services. Exploitation of Gamma and Cloudflare Turnstile Cyber attackers are taking advantage of…
-
Microsoft warns of blue screen crashes caused by April updates
by
in SecurityNewsMicrosoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/
-
Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins
by
in SecurityNewsThreat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages.”Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal,” Abnormal Security researchers Hinman Baron and Piotr Wojtyla said in First…
-
Some devices offered Windows 11 upgrades despite Intune blocks
by
in SecurityNewsMicrosoft is working to fix an ongoing issue causing some users’ Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-some-devices-offered-windows-11-upgrades-despite-intune-blocks/
-
Malicious Macros Return in Sophisticated Phishing Campaigns
by
in SecurityNewsThe cybersecurity landscape of 2025 is witnessing a troubling resurgence of malicious macros in phishing campaigns. Despite years of advancements in security measures and Microsoft’s decision to disable macros by default in Office applications, attackers have adapted their methods to exploit human vulnerabilities and technical loopholes. These malicious macros, embedded within seemingly legitimate documents, have…
-
Hackers Exploit Node.js to Spread Malware and Exfiltrate Data
by
in SecurityNewsThreat actors are increasingly targeting Node.js”, a staple tool for modern web developers”, to launch sophisticated malware campaigns aimed at data theft and system compromise. Microsoft Defender Experts (DEX) have reported a spike in such attacks since October 2024, especially focusing on malvertising and deceptive software installers. Node.js: From Developer Darling to Hacker’s Tool Node.js…
-
KB5002623 behebt Patchday-Fehler – Notfall-Update für Microsoft Office behebt kritischen Fehler
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/microsoft-office-2016-update-kb5002623-behebt-absturzprobleme-a-9084d0054e8510dae99ea82a1f954257/
-
Nerdio Manager for MSP 6.0 Brings Unified Microsoft 365 and AVD Management to the Forefront
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/nerdio-manager-for-msp-6-0-brings-unified-microsoft-365-and-avd-management-to-the-forefront