RSS Reader for Computer Security Articles
Credit to Author: Angela Gunn| Date: Wed, 09 Aug 2023 18:28:41 +0000
A lighter month than July with just 73 fixes on tap, but a phalanx of advisories and third-party alerts will keep sysadmins bashing away
Read More
Credit to Author: BrianKrebs| Date: Wed, 09 Aug 2023 02:22:57 +0000
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.
Read More
Credit to Author: eschuman@thecontentfirm.com| Date: Mon, 07 Aug 2023 10:00:00 -0700
As Microsoft revealed tidbits of its post-mortem investigation into a Chinese attack against US government agencies via Microsoft, two details stand out: the company violated its own policy and did not store security keys within a Hardware Security Module (HSM) — and the keys were successfully used by attackers even though they had expired years earlier.
This is simply the latest example of Microsoft quietly cutting corners on cybersecurity and then only telling anyone when it gets caught.
Credit to Author: BrianKrebs| Date: Fri, 04 Aug 2023 13:49:15 +0000
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.
Read More
With this month’s Patch Tuesday update, Microsoft addressed 130 security vulnerabilities, published two advisories, and included four major CVE revisions. We also have four zero-days to manage for Windows (CVE-2023-32046, CVE-2023-32049, CVE-2023-36874 and CVE-2023-36884), bringing the Windows platform into a “patch now” schedule.
Categories: Business Tags: microsoft Tags: zero-day Tags: exploit Tags: CVE-2023-36884 Tags: storm-0978 Tags: email Tags: phish Tags: phishing Tags: Ukraine We take a look at reports of an exploit being deployed via booby trapped Word documents. |
The post Zero-day deploys remote code execution vulnerability via Word documents appeared first on Malwarebytes Labs.
Read MoreCategories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Apple Tags: Android Tags: Cisco Tags: Fortinet Tags: MOVEit Tags: Mozilla Tags: SAP Tags: VMware Tags: CVE-2023-32049 Tags: CVE-2023-35311 Tags: CVE-2023-32046 Tags: CVE-2023-36874 Tags: CVE-2023-36844 For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities, four of which are known to have been actively exploited. |
The post Update now! Microsoft patches a whopping 130 vulnerabilities appeared first on Malwarebytes Labs.
Read MoreCategories: Exploits and vulnerabilities Categories: News Tags: OAuth Tags: nOAuth Tags: IdP Tags: Azure Tags: Microsoft Tags: login with Researchers have found a flaw in Microsoft Azure AD which they claim can be used to take over accounts that rely on pre-established trust. |
The post Microsoft Azure AD flaw can lead to account takeover appeared first on Malwarebytes Labs.
Read More