Tag: microsoft
-
Microsoft fixes exploited zero-day (CVE-2024-49138)
by
in SecurityNewsOn December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/10/december-2024-patch-tuesday-microsoft-zero-day-cve-2024-49138/
-
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
by
in SecurityNewsThe Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/december-patch-tuesday-release/
-
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
by
in SecurityNewsTwas the night before Christmas, and all through the house, patching was done with the click of a mouse First seen on theregister.com Jump to article: www.theregister.com/2024/12/10/microsoft_patch_tuesday/
-
Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
Patch Tuesday: Redmond patches 71 security flaws and calls immediate attention to an exploited Windows zero-day reported by CrowdStrike. The post Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-ships-urgent-patch-for-exploited-windows-clfs-zero-day/
-
Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day
by
in SecurityNewsIn its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical vulnerabilities and 1 zero-day. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance the security of its products and protect users from potential cyber threats. Critical Zero-Day Vulnerability…
-
Windows 10 KB5048652 update fixes new motherboard activation bug
by
in SecurityNewsMicrosoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device’s motherboard. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-kb5048652-update-fixes-new-motherboard-activation-bug/
-
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Today is Microsoft’s December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/
-
Windows 11 KB5048667 & KB5048685 cumulative updates released
by
in SecurityNewsMicrosoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5048667-and-kb5048685-cumulative-updates-released/
-
Microsoft Patch Tuesday December 2024, Patch for 16 Critical Security Flaws
by
in SecurityNewsIn its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical flaws. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance the security of its products and protect users from potential cyber threats. Critical Vulnerabilities Patched The 16 critical…
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
Microsoft Challenge Will Test LLM Defenses Against Prompt Injections
Microsoft is calling out to researchers to participate in a competition that is aimed at testing the latest protections in LLMs against prompt injection attacks, which OWASP is calling the top security risk facing the AI models as the industry rolls into 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/microsoft-challenge-will-test-llm-defenses-against-prompt-injections/
-
SPA is for Single-Page Abuse! Using Single-Page Application Tokens to Enumerate Azure
by
in SecurityNewsAuthor: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology needs to include identity, authentication, storage, application management, and web services. One of the most common methods for organizations to begin…
-
Satya Nadella’s Vision for Microsoft: AI, AI and AI
by
in SecurityNewsCopilot Enhancements and Other Key Announcements From Microsoft Ignite 2024. Advanced AI took the center stage at Microsoft Ignite 2024. Reflecting on AI as the most transformative technology of our time, CEO Satya Nadella set the tone for Microsoft’s future where every facet of technology is integrated with AI in all key aspects – productivity,…
-
NTLM-Relay-Angriffe: Microsoft ergreift Gegenmaßnahmen
by
in SecurityNewsEin Angriffsvektor zum Erlangen von Zugriff im Netz ist sogenanntes NTLM-Relaying. Das erschwert Microsoft nun mit neuen Maßnahmen. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-ergreift-Massnahmen-gegen-NTLM-Relay-Angriffe-10194220.html
-
Microsoft ergreift Maßnahmen gegen NTLM-Relay-Angriffe
by
in SecurityNewsEin Angriffsvektor zum Erlangen von Zugriff im Netz ist sogenanntes NTLM-Relaying. Das erschwert Microsoft nun mit neuen Maßnahmen. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-ergreift-Massnahmen-gegen-NTLM-Relay-Angriffe-10194220.html
-
Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client
by
in SecurityNewsMicrosoft offers $10,000 in rewards to researchers who can manipulate a realistic simulated LLM-integrated email client. The post Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-bets-10000-on-prompt-injection-protections-of-llm-email-client/
-
Microsoft 365 outage takes down Office web apps, admin center
by
in SecurityNewsMicrosoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-office-web-apps-admin-center/
-
Microsoft Rolls Out Default NTLM Relay Attack Mitigations
by
in SecurityNewsMicrosoft has rolled out new default security protections that mitigate NTLM relaying attacks across on-premises Exchange, AD CS, and LDAP services. The post Microsoft Rolls Out Default NTLM Relay Attack Mitigations appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-rolls-out-default-ntlm-relay-attack-mitigations/
-
Microsoft NTLM Zero-Day to Remain Unpatched Until April
by
in SecurityNews
Tags: attack, credentials, cyberattack, microsoft, mitigation, ntlm, update, vulnerability, windows, zero-dayThe second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april
-
Digitale (Un-)Souveränität – Die bittersüße Abhängigkeit von Microsofts Cloud
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/digitale-abhaengigkeit-microsoft-risiken-eu-wirtschaft-a-9fad6b2b35449560543d9a81f0ca0e1a/
-
EDR-Software ein Kaufratgeber
by
in SecurityNews
Tags: ai, android, api, backup, browser, chrome, cloud, computing, crowdstrike, cyberattack, detection, edr, endpoint, firewall, identity, incident response, intelligence, iot, kubernetes, linux, macOS, mail, malware, microsoft, network, ransomware, risk, siem, soar, software, sophos, threat, tool, windows, zero-day -
Ubisoft fixes Windows 11 24H2 conflicts causing game crashes
by
in SecurityNewsMicrosoft has now partially lifted a compatibility hold blocking the Windows 24H2 update on systems with some Ubisoft games after the French video game publisher has fixed bugs causing crashes, freezes, and audio issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/ubisoft-fixes-windows-11-24h2-conflicts-causing-game-crashes/
-
Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades
Microsoft now blocks the Windows 11 24H2 update on computers with outdated Google Workspace Sync installs because they’re causing Outlook launch issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/outdated-google-workspace-sync-blocks-windows-11-24h2-upgrades/
-
>>Hack<< this LLM-powered service and get paid
by
in SecurityNewsMicrosoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/llm-prompt-injection-attacks-challenge/
-
Microsoft dangles $10K for hackers to hijack LLM email service
Outsmart an AI, win a little Christmas cash First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/microsoft_llm_prompt_injection_challenge/
-
Microsoft teases Copilot Vision, the AI sidekick that judges your tabs
by
in SecurityNewsEdge-exclusive tool promises ‘second set of eyes’ for browsing First seen on theregister.com Jump to article: www.theregister.com/2024/12/07/microsoft_copilot_vision/
-
Veteran Microsoft engineer shares some enterprise support tips
by
in SecurityNews
Tags: microsoftHow to tell a customer they’re an idiot without telling them they’re an idiot First seen on theregister.com Jump to article: www.theregister.com/2024/12/06/raymond_chen_support_desk_advice/