News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: Microsoft

China malware: Volt Typhoon targets critical US infrastructure
June 3, 2023
| No comments
| PR News
China malware: Volt Typhoon targets critical US infrastructure

Microsoft has investigated the Volt Typhoon malware and determined that it originated from a state-sponsored actor based in China. Volt Typhoon targets critical infrastructure in the United States using "living-off-the-land" techniques. Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise access to credentials and discovery of network systems, targeting critical infrastructure organizations in the United States. US KRITIS Targeted The attack is being carried out by Volt Typhoon, a China-based state-sponsored actor that typically focuses on espionage…

Read more

Microsoft can open encrypted ZIP files
22 May 2023
| No comments
| PR News
Microsoft can open encrypted ZIP files

Security researchers have found that Microsoft is probably able to open and scan encrypted ZIP archives stored on Onedrive or Sharepoint - as long as they were created using Windows. There is no official information from Microsoft on the subject. It is a popular tool for cyber attacks via email: the attackers attach an encrypted ZIP file and security programs cannot scan the ZIP file. However, this does not seem to be the case for files created and encrypted under Windows. Accidental discovery: ZIPs are decrypted Some security researchers have accidentally discovered that…

Read more

Critical 9,8 vulnerability in Microsoft Message Queuing Service
12 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A vulnerability in the Microsoft Message Queuing Service (MSMQ) allows attackers to take control of a server using just a single packet of data. The component is also part of MS Exchange. A patch for the vulnerability is available and should be installed immediately. A service neglected by Microsoft called Microsoft Message Queuing Service can currently be exploited by criminal hackers to attack corporate networks. Dubbed Queue Jumper, the vulnerability allows attackers to remotely inject and execute arbitrary code. Microsoft has already responded...

Read more

AI controls Microsoft Security Copilot for cyber defense
13 April 2023
| No comments
| PR News
AI controls Microsoft Security Copilot for cyber defense

Microsoft has introduced the integration of the AI-supported service in the field of cybersecurity. Trained in security and network disciplines, Microsoft Security Copilot is armed with trillions of data signals. This should give SOCs and cyber defense systems a head start in terms of speed and effectiveness. Microsoft Security Copilot gives security professionals an easy-to-use AI wizard to quickly identify and respond to threats. He combines Microsoft's extensive threat data with industry-leading expertise to better understand the overall threat landscape. Security Copilot helps admins monitor what's going on around them...

Read more

Bing & Office 365: Errors in Azure allow data theft
4 April 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Microsoft has fallen victim to its own Azure Active Directory – AAD configuration challenges. Due to the misconfiguration, experts managed to add malicious code to some Bing search results, which exposed Microsoft 365 users. Wiz Research experts found the configuration errors and exploited them for testing. Microsoft rewarded the experts with a BugBounty and fixed the bugs immediately. What happened? The experts describe the incident: Manipulated Bing search results including malicious code “These applications allowed us to view and change various types of sensitive Microsoft data. In one particular case, we were unable to find search results on…

Read more

Microsoft 365 is stalling old Exchange servers
2 April 2023
| No comments
| PR News
Microsoft 365 is stalling old Exchange servers

Only recently, thousands of Exchange servers were attacked because they were not patched. This is how many infected emails got to Microsoft 365 and Exchange online. Microsoft is now checking these insecure linked servers, warning the administrators and pinching them off with a countdown of up to 90 days. According to Microsoft's new approach, there should be no more outdated and insecure Exchange servers in the future. The on-premises Exchange servers, which deliver to Exchange-Online and thus to Microsoft 365 via a connector, are now checked for their update status and security. Outdated servers threatened by…

Read more

Vulnerability in Outlook - business at risk
March 22, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A security lab has discovered a serious vulnerability in Microsoft Outlook that is being used against European government, military, energy and transport companies. The vulnerability has the designation CVE-2023-23397 and is classified according to the Common Vulnerability Scoring System (CVSS) with a value of 9.8. The BSI also says: The attack occurs before the e-mail is opened or before it is displayed in the preview window - no action by the recipient is necessary! The vulnerability allows an unauthorized attacker to compromise systems with a specially crafted email. Through this malicious email he receives…

Read more

BSI warns: exploitation of a vulnerability in MS Outlook
March 16, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI warns of a vulnerability in Outlook that is apparently already being actively exploited. The CVSS value of the vulnerability is 9.8 and is therefore considered critical. Microsoft is already providing an update that should be installed immediately if it didn't happen automatically. On March 14, 2023, Microsoft released updates for numerous vulnerabilities as part of its monthly Patch Days - including several patches for security vulnerabilities that are classified as "critical" according to the Common Vulnerability Scoring System (CVSS) with values ​​of 9.0 and higher. Important patch ready In the…

Read more

Microsoft Word with critical 9.8 vulnerability
March 8, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Every Word user should check whether their Word has already been updated by Microsoft. CVE-2023-21716 describes a critical vulnerability with a severity level of 9.8 out of 10 according to CVSS 3.1. Checking the version is quite simple. Incidentally, Microsoft released a Word vulnerability with a severity level of 9.8 out of 10 according to CVSS 3.1. This critical vulnerability allows opening a manipulated Rich Text Format (.rtf) document to allow malicious code injection. Although Microsoft describes the danger of the vulnerability on its website, it does not provide any further information. This information can be found at…

Read more

Patches for 75 vulnerabilities
25. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The February 2023 Patchday release contains patches for 75 CVEs - nine rated critical and 66 rated important. Also included: Elevation of rights error in Windows, circumvention of security functions in Microsoft Office or security gaps in Microsoft Exchange Server. This month Microsoft fixed three zero-day vulnerabilities exploited by attackers in the wild, including two elevation of privilege bugs and one security feature bypass bug. CVE-2023-23376 Microsoft has patched CVE-2023-23376, an elevation of privilege bug in the Common Log File System (CLFS) driver. Its discovery will bring researchers at the Microsoft Threat Intelligence Center (MSTIC)…

Read more

© 2024 MedPressIT GbR
Cookie Settings