Microsoft – Page 6 – PossibleThreat Articles

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

MalwareBytes Security

QR codes used to phish for Microsoft credentials

August 21, 2023 0 Comments attachment, bing, credentials, Microsoft, news, phishing, QR codes

Categories: News

Tags: QR codes

Tags: attachment

Tags: phishing

Tags: Bing

Tags: Microsoft

Tags: credentials

Researchers have been monitoring a phishing campaign that uses QR codes and Bing redirects to lead targets to phishing sites.

(Read more…)

The post QR codes used to phish for Microsoft credentials appeared first on Malwarebytes Labs.

ComputerWorld Independent

China hacks the US military and government — the Feds blame Microsoft

August 17, 2023 0 Comments Government IT, Microsoft, Security

Hidden in the basic infrastructure that runs the US military is a powerful piece of Windows-borne Chinese malware that can disrupt the communications systems, power grids, and water supplies at the military’s bases around the world. One US congressional aide calls it a “ticking time bomb” that as The New York Times put it, “could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to US military bases.”

To read this article in full, please click here

ComputerWorld Independent

China hacks the US military and government— the Feds blame Microsoft

August 17, 2023 0 Comments Government IT, Microsoft, Security

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday: Microsoft rolls out 90 updates for Windows, Office

August 11, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

With its August Patch Tuesday release, Microsoft pushed out 90 updates for the Windows and Office platforms. The latest fixes include another update for Microsoft Exchange (along with with a warning about failed updates to Exchange Server 2016 and 2019) and a “Patch Now” recommendation from us for Office.

The team at Application Readiness has crafted this useful infographic outlining the risks associated with each of the updates for this month.

To read this article in full, please click here

Security Sophos

A piñata of patches for Microsoft in August

August 9, 2023 0 Comments amd, cve-2023-20569, cve-2023-38180, featured, Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Wed, 09 Aug 2023 18:28:41 +0000

A lighter month than July with just 73 fixes on tap, but a phalanx of advisories and third-party alerts will keep sysadmins bashing away

Security Sophos

Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

August 9, 2023 0 Comments Microsoft, Patch Tuesday, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Wed, 09 Aug 2023 18:34:44 +0000

74 CVEs, and two “Exploitation Detected” advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.

Independent Krebs Security

Microsoft Patch Tuesday, August 2023 Edition

August 8, 2023 0 Comments Adobe, cve-2023-21709, cve-2023-36884, cve-2023-36910, cve-2023-38180, immersive labs, Microsoft, microsoft patch tuesday august 2023, nikolas cemerikic, satnam narang, security tools, tenable, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 09 Aug 2023 02:22:57 +0000

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.

ComputerWorld Independent

Has Microsoft cut security corners once too often?

August 7, 2023 0 Comments Microsoft, Security

Credit to Author: eschuman@thecontentfirm.com| Date: Mon, 07 Aug 2023 10:00:00 -0700

As Microsoft revealed tidbits of its post-mortem investigation into a Chinese attack against US government agencies via Microsoft, two details stand out: the company violated its own policy and did not store security keys within a Hardware Security Module (HSM) — and the keys were successfully used by attackers even though they had expired years earlier.

This is simply the latest example of Microsoft quietly cutting corners on cybersecurity and then only telling anyone when it gets caught.

To read this article in full, please click here