Microsoft - Security Ticks

Microsoft announces Zero Day Quest hacking event with big rewards

bug bounty, bug hunting, Don't miss, Microsoft, News / SecurityTicks

Microsoft announces Zero Day Quest hacking event with big rewards 2024-11-19 at 21:19 By Mirko Zorz Microsoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in critical areas such as cloud computing and AI. Event focus […]

React to this headline:

Microsoft announces Zero Day Quest hacking event with big rewards Read More »

Microsoft announces new and improved Windows 11 security features

Application Security, Data Protection, Don't miss, Hot stuff, Microsoft, News, privileged accounts, Windows / SecurityTicks

Microsoft announces new and improved Windows 11 security features 2024-11-19 at 21:04 By Zeljka Zorz Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that can be abused by attackers

React to this headline:

Microsoft announces new and improved Windows 11 security features Read More »

Windows 365 Link: Connect securely to Windows 365

Cloud, hardware, Microsoft, News / SecurityTicks

Windows 365 Link: Connect securely to Windows 365 2024-11-19 at 18:55 By Mirko Zorz Microsoft unveiled Windows 365 Link, their first purpose-built Cloud PC device for instant, secure connection to Windows 365. Sign-in screen with USB security key option (Source: Microsoft) Windows 365 Link prioritizes security “We have heard concerns from IT pros about the

React to this headline:

Windows 365 Link: Connect securely to Windows 365 Read More »

Using AI to drive cybersecurity risk scoring systems

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, Hot stuff, Microsoft, Risk Management, Video / SecurityTicks

Using AI to drive cybersecurity risk scoring systems 2024-11-15 at 07:18 By Help Net Security In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for cybersecurity threats, and how AI is revolutionizing risk assessment and management in cybersecurity. The post Using

React to this headline:

Using AI to drive cybersecurity risk scoring systems Read More »

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

0-day, Active Directory, CVE, Don't miss, Hot stuff, Immersive Labs, Ivanti, Microsoft, Microsoft Defender, News, OpenSSL, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows, Windows Server / SecurityTicks

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) 2024-11-12 at 23:03 By Zeljka Zorz November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is yet another

React to this headline:

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) Read More »

November 2024 Patch Tuesday forecast: New servers arrive early

apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions, Windows / SecurityTicks

November 2024 Patch Tuesday forecast: New servers arrive early 2024-11-11 at 08:03 By Help Net Security Microsoft followed their October precedent set with Windows 11 24H2 and announced Microsoft Server 2025 on the first of November. We were expecting the official announcement at Microsoft Ignite near the end of the month, but with the early

React to this headline:

November 2024 Patch Tuesday forecast: New servers arrive early Read More »

Russian hackers deliver malicious RDP configuration files to thousands

Amazon, APT, Australia, cyber espionage, Don't miss, Europe, Government, Hot stuff, Japan, Microsoft, News, RDP, Russian Federation, spear-phishing, UK / SecurityTicks

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based

React to this headline:

Russian hackers deliver malicious RDP configuration files to thousands Read More »

Microsoft lost some customers’ cloud security logs

cloud security, Don't miss, enterprise, Hot stuff, logging, Microsoft, Microsoft Azure, News / SecurityTicks

Microsoft lost some customers’ cloud security logs 2024-10-18 at 16:46 By Zeljka Zorz Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told them the failure was

React to this headline:

Microsoft lost some customers’ cloud security logs Read More »

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits

Ivanti, Microsoft, Qualcomm, vulnerability, Zimbra / SecurityTicks

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits 2024-10-15 at 12:52 By daksh sharma Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) investigated 22 vulnerabilities during the week of Oct. 2-8 and identified six products that security teams should prioritize for patching and mitigation. Additionally, Cyble researchers detected 14

React to this headline:

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

0-day, CVE, Don't miss, Hot stuff, Microsoft, NetSPI, News, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows / SecurityTicks

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

100+ domains seized to stymie Russian Star Blizzard hackers

APT, Don't miss, Hot stuff, Justice Department, Microsoft, News, phishing / SecurityTicks

100+ domains seized to stymie Russian Star Blizzard hackers 2024-10-04 at 14:18 By Zeljka Zorz Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks,

React to this headline:

100+ domains seized to stymie Russian Star Blizzard hackers Read More »

October 2024 Patch Tuesday forecast: Recall can be recalled

Don't miss, Expert analysis, Hot stuff, Ivanti, Microsoft, News, opinion, Patch Tuesday, predictions / SecurityTicks

October 2024 Patch Tuesday forecast: Recall can be recalled 2024-10-04 at 07:46 By Help Net Security October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Windows 11 24H2 and Microsoft

React to this headline:

October 2024 Patch Tuesday forecast: Recall can be recalled Read More »

Darktrace brings real-time cloud detection and response to Microsoft Azure customers

Darktrace, Industry news, Microsoft / SecurityTicks

Darktrace brings real-time cloud detection and response to Microsoft Azure customers 2024-10-03 at 16:31 By Industry News Darktrace announced the expansion of Darktrace / CLOUD to support Microsoft Azure environments. The AI-driven Cloud Detection and Response (CDR) system leverages Microsoft’s virtual network flow logs for agentless deployment, slashing deployment times by 95%. The need for

React to this headline:

Darktrace brings real-time cloud detection and response to Microsoft Azure customers Read More »

Microsoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall Debacle

AI, Artificial Intelligence, Copilot Vision, generative AI, Microsoft, Privacy, security / SecurityTicks

Microsoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall Debacle 2024-10-01 at 17:31 By Eduard Kovacs Microsoft has unveiled a new AI-based web content analysis tool, underscoring safety and security to address potential concerns. The post Microsoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall Debacle appeared first on SecurityWeek. This

React to this headline:

Microsoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall Debacle Read More »

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts

account hijacking, Cloud, credentials, Don't miss, Hot stuff, Microsoft, Microsoft Entra ID, News, privileged accounts, Ransomware / SecurityTicks

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts 2024-09-30 at 17:01 By Zeljka Zorz Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’

React to this headline:

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts Read More »

Microsoft revised the controversial Copilot+ Recall feature

Artificial Intelligence, data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows / SecurityTicks

Microsoft revised the controversial Copilot+ Recall feature 2024-09-30 at 13:46 By Zeljka Zorz Microsoft has made changes to Recall – the screenshot-taking, AI-powered search feature for Copilot+ PCs running Windows 11 – to reassure users worried about security and privacy. The security of the feature has been assessed by Microsoft’s Offensive Research & Security Engineering

React to this headline:

Microsoft revised the controversial Copilot+ Recall feature Read More »

Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation

Artificial Intelligence, Encryption, Endpoint Security, Featured, Microsoft, Privacy & Compliance, Proof-of-Presence, Windows Hello, Windows Recall / SecurityTicks

Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation 2024-09-27 at 21:01 By Ryan Naraine Microsoft reboots controversial Windows Recall with proof-of-presence encryption, anti-tampering checks, and secure enclave data management. The post Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation appeared first on SecurityWeek. This article is an

React to this headline:

Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation Read More »

Portnox enhances passwordless risk-based access for enterprise applications

Industry news, Microsoft, Portnox / SecurityTicks

Portnox enhances passwordless risk-based access for enterprise applications 2024-09-25 at 13:03 By Industry News Portnox announced support for Microsoft External Authentication Methods (EAM) for its Conditional Access for Applications solution. This new integration extends Portnox’s commitment to delivering phishing-resistant passwordless authentication with risk-based assessment and compliance validation for enterprise applications. Microsoft’s EAM capability allows users to

React to this headline:

Portnox enhances passwordless risk-based access for enterprise applications Read More »

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes

BSOD, buggy update, CrowdStrike, Featured, Incident Response, Microsoft, Windows / SecurityTicks

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes 2024-09-24 at 23:16 By Ryan Naraine CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident. The post CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes appeared first on SecurityWeek. This article

React to this headline:

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes Read More »

Microsoft Names Deputy CISOs, Governance Council to Manage Security Push

CISO, CSRB, Management & Strategy, Microsoft, SFI / SecurityTicks

Microsoft Names Deputy CISOs, Governance Council to Manage Security Push 2024-09-24 at 19:01 By Ryan Naraine Microsoft says each Deputy CISO will oversee specific domains, ranging from gaming and cloud security to AI and government systems. The post Microsoft Names Deputy CISOs, Governance Council to Manage Security Push appeared first on SecurityWeek. This article is

React to this headline:

Microsoft Names Deputy CISOs, Governance Council to Manage Security Push Read More »