Credit to Author: Paul Ducklin| Date: Wed, 15 Mar 2023 00:06:08 +0000
An email you haven’t even looked at yet could be used to trick your mail server into helping crooks to logon as you.
Read more
Credit to Author: Angela Gunn| Date: Tue, 14 Mar 2023 18:58:33 +0000
Even MacOS, iOS, and Android get a piece of the pie in March
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Mon, 13 Mar 2023 16:00:00 +0000
DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, including an open-source kit capable of circumventing MFA through reverse-proxy functionality.
The post DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Mon, 06 Mar 2023 17:00:00 +0000
Microsoft discovered that the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.
The post Protecting Android clipboard content from unintended exposure appeared first on Microsoft Security Blog.
Read more
Microsoft has launched the general availability of Microsoft Intune Suite, a consolidation of its endpoint management and security solutions to streamline protection for cloud-connected and on-premises endpoints.
The consolidation is aimed to serve as a single vendor for all endpoint security needs for the customers to have single analytics, rather than multiple disparate datasets, with a consistent visibility to potential vulnerabilities and anomalies, according to a company blog post.
Nearly every day, software updates of some kind roll out for our systems. From operating systems to antivirus software, to cloud services, to hardware devices, virtually none of the technology we use is static. And with these updates come side effects and problems that sometimes take a while to get fixed.
I recently found an interesting bug that hasn’t gotten a lot of attention when I purchased a Lexmark multi-function printer. As part of the installation process, I went online to download the latest printer driver. (I always recommend going to a vendor website to grab the latest drivers because, after all, the latest software should have the latest fixes, right?) I was able to set up the printer to print, scan, and electronically fax and figured I was done for the day.
Credit to Author: Microsoft Security Threat Intelligence| Date: Tue, 21 Feb 2023 18:00:00 +0000
With DDoS attacks becoming more frequent, sophisticated, and inexpensive to launch, it’s important for organizations of all sizes to be proactive and stay protected. In this blog, we detail trends and insights into DDoS attacks we observed and mitigated throughout 2022.
The post 2022 in review: DDoS attack trends and insights appeared first on Microsoft Security Blog.
Read more
Microsoft’s February Patch Tuesday update deals with 76 vulnerabilities that affect Windows, Exchange, Office, and Microsoft development tools — and three Windows vulnerabilities (CVE-2023-21823, CVE-2023-21715 and CVE-2023-23376) have been reported as exploited in the wild and require immediate attention.
Credit to Author: Paul Ducklin| Date: Thu, 16 Feb 2023 17:46:04 +0000
Latest episode – listen now! (Full transcript inside.)
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Apple Tags: Adobe Tags: SAP Tags: Citrix Tags: Cisco Tags: Atlassian Tags: Google Tags: Mozilla Tags: Forta Tags: OpenSSH Tags: CVE-2023-21823 Tags: CVE-2023-21715 Tags: OneNote Tags: CVE-2023-23376 Tags: CVE-2023-21706 Tags: CVE-2023-21707 Tags: CVE-2023-21529 Tags: CVE-2023-21716 Tags: CVE-2023-23378 Tags: CVE-2023-22501 Tags: CVE-2023-24486 Tags: CVE-2023-24484 Tags: CVE-2023-24484 Tags: CVE-2023-24483 Tags: CVE-2023-25136 Tags: GoAnywhere Microsoft has released updates to patch three zero-days and lots of other vulnerabilities and so have several other vendors |
The post Update now! February’s Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.
Read more