Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

IR Trends: Ransomware on the rise, while technology becomes most targeted sector

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row.

TALOS
Open in Source
#sql#vulnerability#web#ios#mac#windows#microsoft#linux#cisco#dos#git#c++#perl#samba#auth#ssh
CVE-2024-38103: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-39379: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**Why is this Adobe CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Small Businesses Need Default Security in Products Now

Small businesses are increasingly being targeted by cyberattackers. Why, then, are security features priced at a premium?

How a Trust Center Solves Your Security Questionnaire Problem

Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.

A (somewhat) complete timeline of Talos’ history

Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years.

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s [Microsoft Researcher Recognition Program](https://www.microsoft.com/en-us/msrc/researcher-recognition-program) leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen, Lewis Lee & Ver & Zhiniang Peng, and Wei!

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity