Microsoft – Page 26 – PossibleThreat Articles

Take your time testing these February Patch Tuesday updates

February 11, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Credit to Author: Greg Lambert| Date: Fri, 11 Feb 2022 12:21:00 -0800

There are (as of now) 51 patches to the Windows ecosystem for February, but no critical updates and no “Patch Now” recommendations from the Readiness team. I’m hoping that with this month’s list of Patch Tuesday updates, we can enjoy the quiet after the storm. January was tough for a lot of folks. And, with this month’s very light release from Microsoft, corporate security and systems administrators can take the time needed to test their applications and desktop/server builds. It’s also important to invest in their testing methodologies, release practices, and how their applications may be affected by OS-level updates and patches.

To read this article in full, please click here

Security Sophos

S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript]

February 9, 2022 0 Comments bust, cryptocurrency, Cybercrime, Law & order, Microsoft, Naked Security Podcast, Podcast, security threats

Credit to Author: Paul Ducklin| Date: Thu, 10 Feb 2022 01:15:56 +0000

Latest episode – listen now!

MalwareBytes Security

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

February 9, 2022 0 Comments 2fa, azure active directory, cyber signal, Google, grzegorz milka, MFA, Microsoft, multi-factor authentication, npm, security world, twitter, two-factor authentication

Credit to Author: Malwarebytes Labs| Date: Wed, 09 Feb 2022 11:55:24 +0000

Microsoft says its corporate users are not using MFA, another layer of security that keeps accounts safe. Unfortunately, this is not an isolated problem.

Categories: Security world

Tags: 2fa Azure Active Directory Cyber Signal Google Grzegorz Milka mfa microsoft multi-factor authentication npm twitter two-factor authentication

Security Sophos

At last! Office macros from the internet to be blocked by default

February 8, 2022 0 Comments macroi viruses, malware, melissa virus, Microsoft, office, security threats, vba

Credit to Author: Paul Ducklin| Date: Tue, 08 Feb 2022 16:34:30 +0000

It’s been a long time coming, and we’re not there yet, but at least Microsoft Office will be a bit safer against macro malware…

MalwareBytes Security

Microsoft takes macros out of the equation for five Office apps

February 8, 2022 0 Comments ads, macros, Microsoft, motw, Reports, vba

Credit to Author: Pieter Arntz| Date: Tue, 08 Feb 2022 15:16:00 +0000

Microsoft says it is going to disable macros in five Office apps by default.

Categories: Reports

Tags: ads macros microsoft motw VBA

Independent Krebs Security

How Phishers Are Slinking Their Links Into LinkedIn

February 3, 2022 0 Comments A Little Sunshine, amazon, avanan, check point, fortinet, irs, jeremy fuchs, Latest Warnings, LinkedIn, Microsoft, Paypal, slinks, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 03 Feb 2022 18:49:38 +0000

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft).

ComputerWorld Independent

Start-up emerges with an ‘enterprise browser'

February 2, 2022 0 Comments Browsers, Google, Internet, Microsoft, Microsoft Edge, Security

Credit to Author: Lucas Mearian| Date: Wed, 02 Feb 2022 04:00:00 -0800

A start-up has emerged from stealth mode to announce what it describes as one of the world’s first enterprise-specific browsers, capable of governing how users interact with all SaaS and web applications.

The new Island web browser is based on the widely used Chromium open-source platform. Launched by a company with the same name, Island offers users a familiar online experience while governing what sites they can visit, the data they can view, and what files they can download or upload. Restrictions can be dialed up or down and can be specific to a user’s role in an organization.

For example, a user could be surfing the web with the standard Chrome, Edge, or Safari browsers, but if they try to access a site that’s off-limits based on the Island settings, they’d be blocked and told to use their secure browser. The Island browser can even stop an employee from taking screenshots of sensitive data, depending on the settings IT admins choose to implement.

To read this article in full, please click here

ComputerWorld Independent

Will World War III begin in cyberspace?

February 2, 2022 0 Comments Government, Microsoft, Security

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 25 Jan 2022 03:00:00 -0800

People die because of cyber wars, even if no bullets are ever fired. Instead, they die in emergency rooms that no longer have power, from broken medical communication networks, and from riots. All of this has happened before. It will happen again. And now, with Russia poised to invade Ukraine and Russian cyberattacks already in motion, we can only hope and pray that what promises to be the first major European war since World War II doesn’t spark the next World War.

If it does, I fear the proximate cause won’t be Russian T-90 main battle tanks trying to smash their way into Ukraine’s capital, Kyiv. It will be the Russian GRU Sandworm hacking group launching a cyberattack that perhaps wrecks the European Union power grid; or knocks out major US internet sites such as Google, Facebook, and Microsoft; or stops 4G and 5G cellular services in their tracks.

To read this article in full, please click here

ComputerWorld Independent

VPNs and browsers — staying secure while online

February 2, 2022 0 Comments Browsers, Microsoft, Security

Credit to Author: Susan Bradley| Date: Mon, 24 Jan 2022 09:08:00 -0800

In business, we’ve used Virtual Private Networks (VPNs) for years. But I’m now seeing recommendations that consumers use VPN software to make internet connections more private so sites can’t snoop on your surfing and other communications. As someone who runs a website that uses IP address reputation as a guide to know who is and is not reputable on my site, I can tell you that using a VPN often assigns you an IP address that’s less than stellar. As a result, if you attempt to access sites that check for reputation, such as your bank, you may find yourself blocked.

I’m not against the concept of consumer-based VPN software, but I’m not convinced it’s the security panacea many think it is. Users think it’s keeping sites from tracking them, or keeping them safe when surfing on coffee shop Wi-Fi. They think it keeps prying eyes from reviewing our web traffic. But all VPN software is not created equal. I recently read new research from Consumer Reports that tested various VPN platforms; I was surprised to find that the top VPN providers included vendors I’ve not even heard of.

To read this article in full, please click here

ComputerWorld Independent

Microsoft beefs up Edge's security against zero-day attacks

February 2, 2022 0 Comments Microsoft, Microsoft Edge, Security

Credit to Author: Lucas Mearian| Date: Thu, 20 Jan 2022 13:16:00 -0800

In the latest release of its Edge beta, Microsoft introduced a new way for IT admins to better secure the Chromium-based browser against web-based attacks.

The release notes for Microsoft Edge Beta Channel describe the new security features as employing several techniques to guard against so-called zero-day exploits; Zero-day exploits are software or network vulnerabilities developers are unaware of, and so they’ve not been patched.

Imagine if the keylock mechanism on your home’s backdoor was faulty and jiggling the doorknob released the latch. Burglars could walk door to door looking for that particular vulnerability and jiggle doorknobs until one opened. Zero days are the same concept, but in cyberspace.

To read this article in full, please click here