In it’s May update, Microsoft addressed 51 vulnerabilities in Windows, Microsoft Office, and Visual Studio. And with three zero-day flaws to urgently address in Windows (CVE-2023-24932, CVE-2023-29325 and CVE-2023-29336), the focus this month needs to be on rapidly updating both Windows and Microsoft Office. Both platforms get our “Patch Now” recommendation.
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: CVE-2023-29336 Tags: CVE-2023-24932 Tags: bootkit Tags: CVE-2023-29325 Tags: Outlook Tags: preview Tags: CVE-2023-24941 Tags: Apple Tags: Cisco Tags: Google Tags: Android Tags: VMWare Tags: SAP Tags: Mozilla Microsoft’s Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability |
The post Update now! May 2023 Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Chrome Tags: Windows Tags: Edge Tags: browser Tags: update Tags: Microsoft Tags: default Tags: install We take a look at trouble brewing in browser land after a controversial Windows update leaves Chrome fans without a useful feature. |
The post Microsoft vs Google spat sees users rolling back security updates to fix browser issues appeared first on Malwarebytes Labs.
Read more
Credit to Author: Alanna Titterington| Date: Fri, 05 May 2023 10:57:32 +0000
In its February update, Microsoft appeared to finally bury Internet Explorer. However, we explain why it’s still too early to… crack open the champagne.
Read more
Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Tue, 18 Apr 2023 15:00:00 +0000
Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing recently disclosed vulnerabilities.
The post Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets appeared first on Microsoft Security Blog.
Read more
Credit to Author: Alanna Titterington| Date: Tue, 18 Apr 2023 12:44:25 +0000
A newly discovered serious vulnerability means Google Chrome, Microsoft Edge, Opera, Yandex Browser, Vivaldi and other Chromium-based browsers should be updated immediately
Read more
Microsoft has addressed 97 existing vulnerabilities this April Patch Tuesday, with a further eight previously released patches updated and re-released. There have been reports of a vulnerability (CVE-2023-28252) exploited in the wild, making it a “Patch Now” release.
This update cycle affects Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this April update cycle.