Microsoft

Windows Server 2025 gets hotpatching option, without reboots

data center, Don't miss, Hot stuff, Microsoft, News, patching, security update, Windows Server /

Windows Server 2025 gets hotpatching option, without reboots 2024-09-23 at 17:02 By Zeljka Zorz Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows Server 2022 Azure Edition, […]

React to this headline:

Loading spinner

Windows Server 2025 gets hotpatching option, without reboots Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel

CrowdStrike, EDR, Endpoint Security, Featured, kernel, Microsoft, Windows /

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel 2024-09-13 at 21:45 By Ryan Naraine Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe.  The post Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel Read More »

Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library

Data Protection, Microsoft, Post quantum cryptography, PQC, Quantum cryptography /

Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library 2024-09-11 at 14:01 By Ionut Arghire Microsoft has started introducing support for post-quantum algorithms in SymCrypt, its main cryptographic library. The post Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library Read More »

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

CVE-2024-38226, CVE-2024-43491, Featured, Microsoft, Patch Tuesday, Vulnerabilities, Windows Update /

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes 2024-09-10 at 23:31 By Ryan Naraine Patch Tuesday: Microsoft raises an alarm for in-the-wild exploitation of a critical flaw in Windows Update. The post Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes Read More »

September 2024 Patch Tuesday forecast: Downgrade is the new exploit

Adobe, apple, Chrome, cybersecurity, Don't miss, Expert analysis, Expert corner, Firefox, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, patching, Windows /

September 2024 Patch Tuesday forecast: Downgrade is the new exploit 2024-09-06 at 08:16 By Help Net Security I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities

React to this headline:

Loading spinner

September 2024 Patch Tuesday forecast: Downgrade is the new exploit Read More »

Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation

CLFS, exploit mitigation, HMAC, Microsoft, Ransomware, Security Architecture, Vulnerabilities /

Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation 2024-09-04 at 20:46 By Ryan Naraine Microsoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS). The post Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation Read More »

Veeam Software expands protection for Microsoft 365

Industry news, Microsoft, Veeam Software /

Veeam Software expands protection for Microsoft 365 2024-09-03 at 17:01 By Industry News Veeam Software announced Veeam Backup for Microsoft 365 v8, which delivers comprehensive and flexible immutability for Microsoft 365 data. Now organizations can ensure their Microsoft 365 data is resilient employing a zero-trust, multi-layered immutable strategy, making certain backup data is safe from

React to this headline:

Loading spinner

Veeam Software expands protection for Microsoft 365 Read More »

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day

Citrine Sleet, CVE-2024-7971, Google Chrome, Microsoft, Vulnerabilities /

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day 2024-08-31 at 00:01 By Ryan Naraine Redmond’s threat intel team said exploitation of CVE-2024-7971 can be attributed to a North Korean APT targeting the cryptocurrency sector for financial gain. The post Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day Read More »

Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE

Iran, Malware, Malware & Threats, Microsoft, Tickler /

Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE 2024-08-29 at 13:01 By Eduard Kovacs The Iran-linked state-sponsored hacker group tracked as Peach Sandstorm has started using a new backdoor in attacks aimed at the US and UAE. The post Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE

React to this headline:

Loading spinner

Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE Read More »

LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO

CISO, CISO Strategy, LinkedIn, Management & Strategy, Microsoft /

LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO 2024-08-28 at 19:01 By Ryan Naraine Lea Kissner replaces Geoff Belknap as Chief Information Security Officer (CISO) at Microsoft-owned LinkedIn. The post LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO Read More »

Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident

CrowdStrike, Endpoint, Endpoint Security, Microsoft /

Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident 2024-08-27 at 16:31 By Eduard Kovacs Microsoft has called together cybersecurity firms and government representatives for its Windows Endpoint Security Ecosystem Summit. The post Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident Read More »

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)

0-day, Chrome, CVE, Don't miss, Google, Hot stuff, Microsoft, Microsoft Edge, News /

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) 2024-08-22 at 12:01 By Zeljka Zorz A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript and WebAssembly engine developed by Google

React to this headline:

Loading spinner

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) Read More »

Microsoft Copilot Studio Vulnerability Led to Information Disclosure

Artificial Intelligence, Copilot, Microsoft, vulnerability /

Microsoft Copilot Studio Vulnerability Led to Information Disclosure 2024-08-21 at 16:01 By Ionut Arghire A vulnerability in Microsoft Copilot Studio exposed information on internal services shared among tenants, potentially impacting multiple customers. The post Microsoft Copilot Studio Vulnerability Led to Information Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Microsoft Copilot Studio Vulnerability Led to Information Disclosure Read More »

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities 

Cisco, Microsoft, Vulnerabilities, vulnerability /

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  2024-08-20 at 15:31 By Ionut Arghire Multiple vulnerabilities in Microsoft applications for macOS could be exploited to send emails, leak sensitive information, and escalate privileges. The post Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  Read More »

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

apple, Cisco, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, vulnerability /

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera 2024-08-20 at 13:46 By Zeljka Zorz Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft

React to this headline:

Loading spinner

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera Read More »

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Artificial Intelligence, conferences, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Microsoft, News, opinion, Privacy, SANS, Signal, software development, SonicWall, supply chain attacks /

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 2024-08-16 at 12:46 By Help Net Security I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world.

React to this headline:

Loading spinner

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 Read More »

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

IPv6, Malware & Threats, Microsoft, Patch Tuesday, TCP/IP, Vulnerabilities, Zero-Day /

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw 2024-08-15 at 20:01 By Ryan Naraine Security experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack. The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared first on

React to this headline:

Loading spinner

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw Read More »

Microsoft fixes 6 zero-days under active attack

0-day, CVE, Don't miss, Hot stuff, Immersive Labs, Microsoft, Microsoft Edge, MS Office, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

React to this headline:

Loading spinner

Microsoft fixes 6 zero-days under active attack Read More »

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

exploit, Featured, Microsoft, Patch Tuesday, Vulnerabilities, Windows, Zero-Day /

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited 2024-08-13 at 23:01 By Ryan Naraine Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category. The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited Read More »

Scroll to Top