Tag: Microsoft

October 23, 2023

Microsoft is opening up the early access program for its flagship cybersecurity AI product, which marks the inevitable folding in of Copilot into its infosec suite. First teased in March, Security Copilot is embedded within the Microsoft 365 Defender XDR […]

October 17, 2023

US authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation. The joint cybersecurity advisory from CISA, FBI, and Multi-State Information Sharing and Analysis Center […]

October 16, 2023

Microsoft announced that its Microsoft Defender for Endpoint helped to block a large-scale hacking campaign carried out by Akira ransomware operators (tracked by Microsoft as Storm-1567) The attack took place in early June 2023 and aimed at an industrial engineering […]

October 13, 2023

Perceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Developed by Zhiniang Peng, principal security researcher and chief architect of security at Sangfor, the proof of concept […]

October 11, 2023

After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as “probably […]

October 10, 2023

A previously undetected cyberespionage group spied against Taiwanese government agencies and the island-country’s manufacturing sector, say cybersecurity researchers. The Symantec Threat Hunter Team doesn’t attribute the threat group to any particular country, other than noting it likely operates “from a […]

October 4, 2023

Microsoft has officially unveiled the next generation of OneDrive, which is set to bring the cloud storage solution more closely in line with the rest of the company’s offerings, including Microsoft 365 apps like Teams and Outlook. The company is […]

September 29, 2023

Microsoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs. However, some of those adverts served by Microsoft’s own ad platform have turned out to be malicious. […]

September 28, 2023

Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer. “No classified systems were hacked,” said State Department spokesperson Matthew Miller during a press […]

September 22, 2023

Microsoft is expanding passkey support with Windows 11, meaning users will soon be able to take better advantage of the new technology. In a blog post on its site, the company said that with the upcoming update to the operating […]

September 20, 2023

Cyber security remains a top three priority for most, if not all, organisations. The risks associated with failure to implement adequate defences were once again highlighted by the ransomware incident which impacted several hospital computer systems across the US last […]

September 8, 2023

Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging […]

September 7, 2023

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that […]

August 29, 2023

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services […]

August 28, 2023

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to […]

August 22, 2023

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its […]

August 9, 2023

Microsoft has patched a total of 74 flaws in its software as part of the company’s Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important […]

August 8, 2023

Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could be maliciously abused by threat actors to conduct post-exploitation activities. “LOLBAS is an attack method that uses binaries and scripts that are already part of the system […]

August 8, 2023

Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend […]

August 4, 2023

When Fortanix launched in 2016, the company made a decision: It would commit to the one-year-old Rust’s programming language to benefit from its security strengths and performance. Seven years later, Fortanix’s commitment to Rust has proved to be a success. […]