Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Credit to Author: Microsoft Threat Intelligence| Date: Mon, 22 Apr 2024 16:00:00 +0000

Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028.

The post Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials appeared first on Microsoft Security Blog.

Read more

For March's Patch Tuesday, no zero-day flaws

Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they’re just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

To read this article in full, please click here

Read more

Microsoft fixes two zero-days with Patch Tuesday release

Microsoft on Tuesday released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe and two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).

Including the recent reports that the Windows SmartScreen vulnerability (CVE-2024-21351) is under active exploitation, we have added “Patch Now” schedules to Microsoft Office, Windows and Exchange Server. The team at Readiness has provided this detailed infographic outlining the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Read more

3 new ways the Microsoft Intune Suite offers security, simplification, and savings

Credit to Author: Michael Wallent and Dilip Radhakrishnan| Date: Thu, 01 Feb 2024 17:00:00 +0000

The main components of the Microsoft Intune Suite are now generally available. Read about how consolidated endpoint management adds value and functionality for security teams.

The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft Security Blog.

Read more

Best practices in moving to cloud native endpoint management

Credit to Author: Jason Roszak| Date: Mon, 29 Jan 2024 17:00:00 +0000

This blog is the second of three that details our recommendation to adopt cloud native device management. Understand the lessons from various Intune customers in their journeys and how they achieved greater security, cost savings, and readiness for the future through their cloud transformations.

The post Best practices in moving to cloud native endpoint management appeared first on Microsoft Security Blog.

Read more

Russia hacks Microsoft: It’s worse than you think

Another day, another hack of Microsoft technology. Ho-hum, you might think, this has happened before and will happen again — as surely as the sun rises in the morning and sets at night.

This time is different. Because this time the targets weren’t Microsoft customers, but rather the top echelons of Microsoft itself. And the hacker group, called Midnight Blizzard, or sometimes Cozy Bear, the Dukes, or A.P.T. 29, is sponsored by Russia’s Foreign Intelligence Service (and has been since at least 2008).

To read this article in full, please click here

Read more

For Patch Tuesday, 48 updates, no zero-day flaws

Microsoft has eased us into the new new year with just 48 updates for the Windows, Office and .NET platforms. There were no zero-days for January, and no reports of publicly exposed vulnerabilities or exploited security issues.

Developers of complex, line-of-business applications might need to pay particular attention to how Microsoft has updated the Message Queue system. Printing has been patched and minor updates to bluetooth and Windows shell sub-systems (shortcuts and wallpaper) require some testing before deployment.

The team at Readiness has crafted a useful infographic that outlines the risks associated with each of the updates for this January release.

To read this article in full, please click here

Read more

For December, an exceptionally light Patch Tuesday

Over the past year, we’ve seen Microsoft make radical improvements in its browser stability and significant positive changes to its Windows update communication and telemetry strategies.  And this month’s Patch Tuesday release brings with it an incredibly light set of updates — maybe the fewest number of updates I have ever seen.

There are no zero-days, which is a great finish to 2023, though Windows gets three critical updates and Visual Studio will require immediate attention due to several re-releases of past critical application patches.

The team at Readiness has created a helpful infographic to outline the risks associated with each update in this last release of 2023. One note of caution: we have seen several potential updates to older patches (October/November) potentially coming down the release pipeline from Microsoft. It might be worth checking in during the upcoming holiday break to see whether there are any out-of-band patches for the Windows ecosystem.

To read this article in full, please click here

Read more

Cerber Ransomware Exposed: A Comprehensive Analysis of Advanced Tactics, Encryption, and Evasion

Credit to Author: Quickheal| Date: Wed, 13 Dec 2023 13:06:59 +0000

Cerber is a strain of ransomware that was first identified in early 2016. It is a type of…

The post Cerber Ransomware Exposed: A Comprehensive Analysis of Advanced Tactics, Encryption, and Evasion appeared first on Quick Heal Blog.

Read more