Microsoft – Page 17 – PossibleThreat Articles

MalwareBytes Security

Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected

October 12, 2022 0 Comments Adobe, Android, Apple, cve-2022-41033, cve-2022-41040, Exploits and vulnerabilities, fortinet, Google, Microsoft, news, Samsung, sap, vmware, xiaomi, zero day

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Apple

Tags: Google

Tags: Android

Tags: Samsung

Tags: Xiaomi

Tags: Adobe

Tags: SAP

Tags: VMWare

Tags: Fortinet

Tags: CVE-2022-41033

Tags: CVE-2022-41040

Tags: zero-day

No fix for ProxyNotShell

(Read more…)

The post Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected appeared first on Malwarebytes Labs.

Security Sophos

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

October 12, 2022 0 Comments 0 day, Exploit, Microsoft, Patch Tuesday, vulnerability, Windows

Credit to Author: Paul Ducklin| Date: Wed, 12 Oct 2022 16:58:26 +0000

There’s a zero-day patch, but it’s not for the zero-day you thought.

Security Sophos

You can’t always get what you want on Patch Tuesday

October 11, 2022 0 Comments Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Tue, 11 Oct 2022 17:47:47 +0000

No joy for Exchange admins looking to seal off two widely reported Server vulns

Security Sophos

Serious Security: OAuth 2 and why Microsoft is finally forcing you into it

October 10, 2022 0 Comments Cryptography, exchange, Microsoft, modern auth, oath, oauth, Podcast, totp

Credit to Author: Paul Ducklin| Date: Mon, 10 Oct 2022 14:02:13 +0000

Microsoft calls it “Modern Auth”, though it’s a decade old, and is finally forcing Exchange Online customers to switch to it.

Security Sophos

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

October 6, 2022 0 Comments :proxynotshell, BEC, bust, exchange, Exploit, Law & order, Microsoft, Naked Security Podcast, Podcast, robocalls, romance scam, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 06 Oct 2022 14:43:53 +0000

Latest episode – listen and learn now (or read and revise, if the written word is your thing)…

MalwareBytes Security

Bogus job offers hide trojanised open-source software

October 5, 2022 0 Comments C&C, fake, infection, job offer, LinkedIn, malware, Microsoft, news, open-source, zinc

Categories: News

Tags: malware

Tags: ZINC

Tags: microsoft

Tags: infection

Tags: C&C

Tags: open source

Tags: job offer

Tags: fake

Tags: LinkedIn

A North Korean ZINC group is accused of creating compromised versions of KiTTY, PuTTY, TightVNC, and other popular open-source software apps

(Read more…)

The post Bogus job offers hide trojanised open-source software appeared first on Malwarebytes Labs.

Security Sophos

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

October 1, 2022 0 Comments :proxynotshell, chester wisniewski, cve-2022-41040, cve-2022-41042, exchange, Microsoft, Podcast, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Sat, 01 Oct 2022 14:05:59 +0000

Who’s affected, what you can do while waiting for Microsoft’s patches, and how to plan your threat hunting…

Microsoft Security

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

September 30, 2022 0 Comments cybersecurity, exchange server, Microsoft, Microsoft security intelligence, Security, Vulnerabilities

Credit to Author: Katie McCafferty| Date: Sat, 01 Oct 2022 04:21:00 +0000

MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.

The post Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 appeared first on Microsoft Security Blog.

Security Sophos

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Microsoft, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Fri, 30 Sep 2022 13:25:11 +0000

Double-play 0-day in Exchange – what you need to know, and what you can do

Microsoft Security

ZINC weaponizing open-source software

September 29, 2022 0 Comments cybersecurity, Microsoft, Microsoft security intelligence, nation-state actor, Security, Social engineering, zinc

Credit to Author: Katie McCafferty| Date: Thu, 29 Sep 2022 16:00:00 +0000

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.

The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog.