Microsoft

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities 

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  2024-08-20 at 15:31 By Ionut Arghire Multiple vulnerabilities in Microsoft applications for macOS could be exploited to send emails, leak sensitive information, and escalate privileges. The post Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from […]

React to this headline:

Loading spinner

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  Read More »

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera 2024-08-20 at 13:46 By Zeljka Zorz Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft

React to this headline:

Loading spinner

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera Read More »

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 2024-08-16 at 12:46 By Help Net Security I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world.

React to this headline:

Loading spinner

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 Read More »

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw 2024-08-15 at 20:01 By Ryan Naraine Security experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack. The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared first on

React to this headline:

Loading spinner

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw Read More »

Microsoft fixes 6 zero-days under active attack

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

React to this headline:

Loading spinner

Microsoft fixes 6 zero-days under active attack Read More »

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited 2024-08-13 at 23:01 By Ryan Naraine Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category. The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited Read More »

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains 2024-08-12 at 19:01 By Ryan Naraine The vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks. The post Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains Read More »

August 2024 Patch Tuesday forecast: Looking for a calm August release

August 2024 Patch Tuesday forecast: Looking for a calm August release 2024-08-09 at 13:01 By Help Net Security July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to

React to this headline:

Loading spinner

August 2024 Patch Tuesday forecast: Looking for a calm August release Read More »

CrowdStrike engages external experts, details causes of massive outage

CrowdStrike engages external experts, details causes of massive outage 2024-08-07 at 16:01 By Zeljka Zorz CrowdStrike has published a technical root cause analysis of what went wrong when a content update pushed to its Falcon sensors borked over 8.5 million Windows machines around the world on July 19, and has confirmed that it has hired

React to this headline:

Loading spinner

CrowdStrike engages external experts, details causes of massive outage Read More »

Microsoft Hits Back at Delta After the Airline Said Last Month’s Tech Outage Cost It $500 Million

Microsoft Hits Back at Delta After the Airline Said Last Month’s Tech Outage Cost It $500 Million 2024-08-07 at 05:16 By Associated Press Microsoft is trying to determine “why other airlines were able to fully restore business operations so much faster than Delta.” The post Microsoft Hits Back at Delta After the Airline Said Last

React to this headline:

Loading spinner

Microsoft Hits Back at Delta After the Airline Said Last Month’s Tech Outage Cost It $500 Million Read More »

CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash 2024-08-06 at 21:16 By Ryan Naraine CrowdStrike says the Falcon sensor crash that blue-screened Windows machines was caused by a “confluence” of vulnerabilities and testing gaps. The post CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year

Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year 2024-08-06 at 13:16 By Eduard Kovacs Microsoft paid out $16.6 million to over 340 security researchers through its bug bounty programs over the past year. The post Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year Read More »

Alex Stamos Named CISO at SentinelOne

Alex Stamos Named CISO at SentinelOne 2024-08-01 at 19:16 By Ryan Naraine Longtime security executive Alex Stamos tapped by SentinelOne to manage its security engineering and operations teams. The post Alex Stamos Named CISO at SentinelOne appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Alex Stamos Named CISO at SentinelOne Read More »

Microsoft Says Azure Outage Caused by DDoS Attack Response

Microsoft Says Azure Outage Caused by DDoS Attack Response 2024-07-31 at 16:06 By Eduard Kovacs Microsoft’s response to a DDoS attack on Azure amplified the impact of the attack instead of mitigating it, causing outages. The post Microsoft Says Azure Outage Caused by DDoS Attack Response appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Microsoft Says Azure Outage Caused by DDoS Attack Response Read More »

Microsoft: DDoS defense error amplified attack on Azure, leading to outage

Microsoft: DDoS defense error amplified attack on Azure, leading to outage 2024-07-31 at 13:46 By Zeljka Zorz A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft’s mitigation statement on the Azure status history page Microsoft Azure, 365 outage triggered

React to this headline:

Loading spinner

Microsoft: DDoS defense error amplified attack on Azure, leading to outage Read More »

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) 2024-07-30 at 14:01 By Zeljka Zorz Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner Broadcom has released a fix for CVE-2024-37085 on

React to this headline:

Loading spinner

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) Read More »

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw 2024-07-29 at 21:46 By Ryan Naraine VMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw. The post Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw Read More »

Some good may come out of the CrowdStrike outage

Some good may come out of the CrowdStrike outage 2024-07-29 at 19:31 By Zeljka Zorz Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well. Some silver linings As CrowdStrike was forced to explain,

React to this headline:

Loading spinner

Some good may come out of the CrowdStrike outage Read More »

CrowdStrike blames buggy testing software for disastrous update

CrowdStrike blames buggy testing software for disastrous update 2024-07-24 at 15:32 By Zeljka Zorz A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is (partly) why the faulty update wasn’t caught in time, the company said. In a

React to this headline:

Loading spinner

CrowdStrike blames buggy testing software for disastrous update Read More »

Scroll to Top