Microsoft – Page 15 – PossibleThreat Articles

Credit to Author: eschuman@thecontentfirm.com| Date: Wed, 07 Dec 2022 04:32:00 -0800

If there are two things that should never mix, it’s cybersecurity/privacy compliance and corporate politics. And yet, that’s at the heart of a compliance fight between Microsoft and German authorities that might wind up punishing the company’s customers.

The German Datenschutzkonferenz — the regulatory body entrusted to handle Germany’s flavor of the European Union’s General Data Protection Regulation (GDPR) — has publicly declared that “no data protection-compliant use of Microsoft Office 365 was possible.”

To read this article in full, please click here

Microsoft Security

DEV-0139 launches targeted attacks against the cryptocurrency industry

December 6, 2022 0 Comments cybersecurity, malware, Microsoft, Microsoft security intelligence, Security

Credit to Author: Katie McCafferty| Date: Tue, 06 Dec 2022 17:00:00 +0000

Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.

The post DEV-0139 launches targeted attacks against the cryptocurrency industry appeared first on Microsoft Security Blog.

Security Sophos

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

December 5, 2022 0 Comments chrome, chromium, cve-2022-4262, Edge, Google, Google Chrome, Microsoft, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Mon, 05 Dec 2022 00:58:04 +0000

Ninth more unto the breach, dear friends, ninth more.

Security Sophos

Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet

December 4, 2022 0 Comments chrome, chromium, cve-2022-4262, Edge, Google, Google Chrome, Microsoft, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Mon, 05 Dec 2022 00:58:04 +0000

Ninth more unto the breach, dear friends, ninth more.

Security Sophos

How to hack an unpatched Exchange server with rogue PowerShell code

November 22, 2022 0 Comments :proxynotshell, 0 day, cve-2022-41040, cve-2022-41082, Microsoft, Uncategorized, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Tue, 22 Nov 2022 17:54:04 +0000

Review your servers, your patches and your authentication policies – there’s a proof-of-concept out

Microsoft Security

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

November 22, 2022 0 Comments cybersecurity, IoT, Microsoft, Microsoft security intelligence, Security, vulnerability

Credit to Author: Katie McCafferty| Date: Tue, 22 Nov 2022 17:00:00 +0000

As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.

The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog.

ComputerWorld Independent

Patch Tuesday includes 6 Windows zero-day flaws; patch now!

November 11, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Microsoft on Tuesday released a tightly focused but still significant update that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a new record: six zero-day flaws affecting Windows. As a result, we have added both the Windows and Exchange Server updates to our “Patch Now” schedule. Microsoft also published a “defense in depth” advisory (ADV220003) to help secure Office deployments. And there are a small number of Visual Studio, Word, and Excel updates to add to your standard patch release schedule.

To read this article in full, please click here

Security Sophos

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

November 10, 2022 0 Comments bust, cryptocurrency, Exploit, Law & order, Microsoft, Naked Security Podcast, Patch Tuesday, Podcast, Privacy, vulnerability, Windows

Credit to Author: Paul Ducklin| Date: Thu, 10 Nov 2022 17:26:34 +0000

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks – listen now!

Security Sophos

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

November 9, 2022 0 Comments 0 day, exchange, Exploit, Microsoft, Patch Tuesday, Privacy, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Wed, 09 Nov 2022 17:58:37 +0000

In all the excitement, we kind of lost count ourselves. Were there six 0-days, or only four?

Independent Krebs Security

Patch Tuesday, November 2022 Election Edition

November 8, 2022 0 Comments askwoody, cve-2022-41073, cve-2022-41080, cve-2022-41082, cve-2022-41091, cve-2022-41125, cve-2022-41128, immersive labs, kevin breen, Microsoft, microsoft patch tuesday november 2022, sans internet storm center, satnam narang, tenable, Time to Patch, Windows, windows print spooler

Credit to Author: BrianKrebs| Date: Wed, 09 Nov 2022 01:50:14 +0000

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.