Categories: News Tags: Becky Holmes Tags: Lock and Code S04E06 Tags: ransomware Tags: WhatsApp Tags: AI chatbot Tags: investment fraud Tags: Clop Tags: Microsoft zero-day Tags: Microsoft Tags: STALKER 2 Tags: Facebook Tags: Microsoft OneNote Tags: LockBit Tags: Rubrik The most interesting security related news from the week of March 13 to 19. |
The post A week in security (March 13 – 19) appeared first on Malwarebytes Labs.
Read more
Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month’s Patch Tuesday release to 84.
Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a “Patch Now” release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.
Credit to Author: Paul Ducklin| Date: Thu, 16 Mar 2023 17:56:56 +0000
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English… just like old times, with Duck and Chet!
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: March Tags: 2023 Tags: Microsoft Tags: Adobe Tags: Fortinet Tags: Android Tags: SAP Tags: CVE-2023-23397 Tags: CVE-2023-24880 Tags: CVE-2023-26360 Tags: CVE-2022-41328 This Patch Tuesday, Microsoft has released fixes for two actively exploited zero-days and Adobe has fixed one. |
The post Update now! Microsoft fixes two zero-day bugs appeared first on Malwarebytes Labs.
Read more
The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.
Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.
It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.
Credit to Author: Paul Ducklin| Date: Wed, 15 Mar 2023 00:06:08 +0000
An email you haven’t even looked at yet could be used to trick your mail server into helping crooks to logon as you.
Read more
Credit to Author: Angela Gunn| Date: Tue, 14 Mar 2023 18:58:33 +0000
Even MacOS, iOS, and Android get a piece of the pie in March
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Mon, 13 Mar 2023 16:00:00 +0000
DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, including an open-source kit capable of circumventing MFA through reverse-proxy functionality.
The post DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Mon, 06 Mar 2023 17:00:00 +0000
Microsoft discovered that the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.
The post Protecting Android clipboard content from unintended exposure appeared first on Microsoft Security Blog.
Read more
Microsoft has launched the general availability of Microsoft Intune Suite, a consolidation of its endpoint management and security solutions to streamline protection for cloud-connected and on-premises endpoints.
The consolidation is aimed to serve as a single vendor for all endpoint security needs for the customers to have single analytics, rather than multiple disparate datasets, with a consistent visibility to potential vulnerabilities and anomalies, according to a company blog post.