Microsoft – Page 9 – PossibleThreat Articles

Chrome zero-day: “This exploit is in the wild”, so check your version now

June 6, 2023 0 Comments chrome, cve-2023-3079, Edge, Google, Google Chrome, Microsoft, Microsoft Edge, type confusion, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Tue, 06 Jun 2023 16:28:43 +0000

Chrome 0-day patched now, Edge patch coming soon.

ComputerWorld Independent

May's Patch Tuesday update includes 3 zero-day flaws; fix them ASAP

May 11, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

In it’s May update, Microsoft addressed 51 vulnerabilities in Windows, Microsoft Office, and Visual Studio. And with three zero-day flaws to urgently address in Windows (CVE-2023-24932, CVE-2023-29325 and CVE-2023-29336), the focus this month needs to be on rapidly updating both Windows and Microsoft Office. Both platforms get our “Patch Now” recommendation.

To read this article in full, please click here

MalwareBytes Security

Update now! May 2023 Patch Tuesday tackles three zero-days

May 11, 2023 0 Comments Android, Apple, bootkit, Cisco, cve-2023-24932, cve-2023-24941, cve-2023-29325, cve-2023-29336, Exploits and vulnerabilities, Google, Microsoft, Mozilla, news, outlook, preview, sap, vmware

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: CVE-2023-29336

Tags: CVE-2023-24932

Tags: bootkit

Tags: CVE-2023-29325

Tags: Outlook

Tags: preview

Tags: CVE-2023-24941

Tags: Apple

Tags: Cisco

Tags: Google

Tags: Android

Tags: VMWare

Tags: SAP

Tags: Mozilla

Microsoft’s Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability

MalwareBytes Security

Microsoft vs Google spat sees users rolling back security updates to fix browser issues

May 9, 2023 0 Comments browser, chrome, default, Edge, install, Microsoft, news, update, Windows

Categories: News

Tags: Chrome

Tags: Windows

Tags: Edge

Tags: browser

Tags: update

Tags: Microsoft

Tags: default

Tags: install

We take a look at trouble brewing in browser land after a controversial Windows update leaves Chrome fans without a useful feature.

Security Sophos

S3 Ep132: Proof-of-concept lets anyone hack at will

April 27, 2023 0 Comments chrome, Cybercrime, Edge, Google, Google Chrome, Microsoft, Microsoft Edge, papercut, Podcast, Privacy, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 27 Apr 2023 16:55:18 +0000

When Doug says, “Happy Remote Code Execution Day, Duck”… it’s irony. For the avoidance of all doubt 🙂

Security Sophos

Double zero-day in Chrome and Edge – check your versions now!

April 24, 2023 0 Comments chrome, chromium, Edge, Google, Google Chrome, Microsoft, Microsoft Edge, Patch, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Mon, 24 Apr 2023 16:59:17 +0000

Wouldn’t it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Independent Krebs Security

3CX Breach Was a Double Supply Chain Compromise

April 24, 2023 0 Comments 3cx, A Little Sunshine, clearsky security, diamond sleet, double supply chain breach, elastic security, eset, iconicstealer, kaspersky lab, kim zetter, Latest Warnings, MacOS, mandiant, marc-etienne m.leveille, Microsoft, Ne'er-Do-Well News, peter kalnai, supply chain, The Coming Storm, trading technologies, x_trader, zero day, zinc

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Microsoft Security

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

April 18, 2023 0 Comments cybersecurity, Microsoft, Microsoft security intelligence, mint sandstorm, nation-state actor, phosphorus, Security

Credit to Author: Microsoft Security Threat Intelligence| Date: Tue, 18 Apr 2023 15:00:00 +0000

Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing recently disclosed vulnerabilities.

The post Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets appeared first on Microsoft Security Blog.

ComputerWorld Independent

Patch now to address a Windows zero-day

April 14, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Microsoft has addressed 97 existing vulnerabilities this April Patch Tuesday, with a further eight previously released patches updated and re-released. There have been reports of a vulnerability (CVE-2023-28252) exploited in the wild, making it a “Patch Now” release.

This update cycle affects Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this April update cycle.

To read this article in full, please click here

Security Sophos

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

April 13, 2023 0 Comments Apple, Cybercrime, exoploit, Hacking, IoT, Microsoft, Naked Security Podcast, Podcast, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Thu, 13 Apr 2023 16:54:01 +0000

I’m sorry, Dave. I’m afraid I can’t… errr, no, hang on a minute, I can do that easily! Worldwide! Right now!