Microsoft – Page 23 – PossibleThreat Articles

May's Patch Tuesday updates make urgent patching a must

May 14, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Credit to Author: Greg Lambert| Date: Sat, 14 May 2022 05:51:00 -0700

This past week’s Patch Tuesday started with 73 updates, but ended up (so far) with three revisions and a late addition (CVE-2022-30138) for a total of 77 vulnerabilities addressed this month. Compared with the broad set of updates released in April, we see a greater urgency in patching Windows — especially wiith three zero-days and several very serious flaws in key server and authentication areas. Exchange will require attention, too, due to new server update technology.

To read this article in full, please click here

Security Sophos

Hyper-V and Active Directory Front and Center for May Patch Tuesday

May 10, 2022 0 Comments Hyper-V, Microsoft, Patch Tuesday, SophosLabs Uncut, threat research, Windows

Credit to Author: Christopher Budd| Date: Tue, 10 May 2022 17:47:43 +0000

Organizations should look at last month’s and this month’s bulletins and put their Hyper-V and Active Directory servers and infrastructure at the top of the priority list.

MalwareBytes Security

A week in security (May 2 – 8)

May 9, 2022 0 Comments A week in security, airdrop phishing, Apple, business email compromise, cyberpunk ape executives, declaration for the future of the internet, discord, facebook, get rich with bitcoin, Google, google pixel, Instagram, Microsoft, nigerian tesla, opensea, Ransomware, revil

Credit to Author: Malwarebytes Labs| Date: Mon, 09 May 2022 10:20:30 +0000

The most important and interesting stories in security from the last seven days.

The post A week in security (May 2 – 8) appeared first on Malwarebytes Labs.

MalwareBytes Security

Google, Apple, and Microsoft step hand in hand into a passwordless future

May 8, 2022 0 Comments Apple, authentication, fido, Google, MFA, Microsoft, passwordless, pin, Reports

Credit to Author: Pieter Arntz| Date: Sun, 08 May 2022 11:51:58 +0000

Three tech giants used World Password Day to announce their commitment to a passwordless future using FIDO Alliance standards.

The post Google, Apple, and Microsoft step hand in hand into a passwordless future appeared first on Malwarebytes Labs.

MalwareBytes Security

Google, Apple, and Microsoft walk hand-in-hand into a passwordless future

May 8, 2022 0 Comments Apple, authentication, fido, Google, MFA, Microsoft, passwordless, pin, Reports

Credit to Author: Pieter Arntz| Date: Sun, 08 May 2022 11:51:58 +0000

Three tech giants used World Password Day to announce their commitment to a passwordless future using FIDO Alliance standards.

The post Google, Apple, and Microsoft walk hand-in-hand into a passwordless future appeared first on Malwarebytes Labs.

Independent Krebs Security

Your Phone May Soon Replace Many of Your Passwords

May 7, 2022 0 Comments A Little Sunshine, Apple, fido alliance, Google, johannes ullrich, Microsoft, nicholas weaver, sampath srinivas, sans, security tools, spycloud, steve bellovin, world wide web consortium

Credit to Author: BrianKrebs| Date: Sat, 07 May 2022 13:31:17 +0000

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

ComputerWorld Independent

Download: UEM vendor comparison chart 2022

May 3, 2022 0 Comments blackberry, enterprise mobile management, Google, IBM, IDG Insider, Microsoft, Security, unified endpoint management, vmware

Credit to Author: Bob Violino, Valerie Potter| Date: Tue, 03 May 2022 03:00:00 -0700

Unified endpoint management (UEM) is a strategic IT approach that consolidates how enterprises secure and manage an array of deployed devices including phones, tablets, PCs, and even IoT devices.

To read this article in full, please click here

(Insider Story)

Security Sophos

GitHub issues final report on supply-chain source code intrusions

April 29, 2022 0 Comments data loss, github, Microsoft, oauth, supply chain, Zero Trust

Credit to Author: Paul Ducklin| Date: Fri, 29 Apr 2022 16:15:20 +0000

Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.

Independent Krebs Security

Fighting Fake EDRs With ‘Credit Ratings’ for Police

April 27, 2022 0 Comments A Little Sunshine, Apple, AT&T, Coinbase, discord, emergency data request, FBI, github, Google, kodex, LinkedIn, matt donahue, meta, Microsoft, snapchat, T-Mobile, The Coming Storm, TikTok, twilio, twitter, verizon, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.

Microsoft Security

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

April 26, 2022 0 Comments cybersecurity, Linux, Microsoft, microsoft defender for endpoint, Microsoft security intelligence, Security, Vulnerabilities

Credit to Author: Katie McCafferty| Date: Tue, 26 Apr 2022 16:00:00 +0000

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.

The post Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn appeared first on Microsoft Security Blog.