October 23, 2023
Via: The RegisterMicrosoft is opening up the early access program for its flagship cybersecurity AI product, which marks the inevitable folding in of Copilot into its infosec suite. First teased in March, Security Copilot is embedded within the Microsoft 365 Defender XDR […]
Threats & Malware, Vulnerabilities
October 17, 2023
Via: The RegisterUS authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation. The joint cybersecurity advisory from CISA, FBI, and Multi-State Information Sharing and Analysis Center […]
October 16, 2023
Via: Security AffairsMicrosoft announced that its Microsoft Defender for Endpoint helped to block a large-scale hacking campaign carried out by Akira ransomware operators (tracked by Microsoft as Storm-1567) The attack took place in early June 2023 and aimed at an industrial engineering […]
Threats & Malware, Vulnerabilities
October 13, 2023
Via: The RegisterPerceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Developed by Zhiniang Peng, principal security researcher and chief architect of security at Sangfor, the proof of concept […]
Threats & Malware, Vulnerabilities
October 11, 2023
Via: The RegisterAfter a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as “probably […]
October 10, 2023
Via: DataBreach TodayA previously undetected cyberespionage group spied against Taiwanese government agencies and the island-country’s manufacturing sector, say cybersecurity researchers. The Symantec Threat Hunter Team doesn’t attribute the threat group to any particular country, other than noting it likely operates “from a […]
October 4, 2023
Via: TechRadarMicrosoft has officially unveiled the next generation of OneDrive, which is set to bring the cloud storage solution more closely in line with the rest of the company’s offerings, including Microsoft 365 apps like Teams and Outlook. The company is […]
Threats & Malware, Virus & Malware
September 29, 2023
Via: The RegisterMicrosoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs. However, some of those adverts served by Microsoft’s own ad platform have turned out to be malicious. […]
September 28, 2023
Via: The RegisterChinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer. “No classified systems were hacked,” said State Department spokesperson Matthew Miller during a press […]
September 22, 2023
Via: TechRadarMicrosoft is expanding passkey support with Windows 11, meaning users will soon be able to take better advantage of the new technology. In a blog post on its site, the company said that with the upcoming update to the operating […]
September 20, 2023
Via: The RegisterCyber security remains a top three priority for most, if not all, organisations. The risks associated with failure to implement adequate defences were once again highlighted by the ransomware incident which impacted several hospital computer systems across the US last […]
September 8, 2023
Via: The Hacker NewsMicrosoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging […]
September 7, 2023
Via: The Hacker NewsMicrosoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that […]
Threats & Malware, Virus & Malware
August 29, 2023
Via: The Hacker NewsMicrosoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services […]
Threats & Malware, Vulnerabilities
August 28, 2023
Via: The Hacker NewsCybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to […]
August 22, 2023
Via: The Hacker NewsA previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its […]
Threats & Malware, Vulnerabilities
August 9, 2023
Via: The Hacker NewsMicrosoft has patched a total of 74 flaws in its software as part of the company’s Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important […]
August 8, 2023
Via: The Hacker NewsCybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could be maliciously abused by threat actors to conduct post-exploitation activities. “LOLBAS is an attack method that uses binaries and scripts that are already part of the system […]
August 8, 2023
Via: The Hacker NewsIntroduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend […]
Application security, Security
August 4, 2023
Via: Dark ReadingWhen Fortanix launched in 2016, the company made a decision: It would commit to the one-year-old Rust’s programming language to benefit from its security strengths and performance. Seven years later, Fortanix’s commitment to Rust has proved to be a success. […]