Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Cyera Survey Finds One in Three Respondents Want to Minimize Cloud Data Risk

Multiple providers say 'cloud data sprawl' makes managing cloud data risk a priority initiative within the next 12 months.

DARKReading
Open in Source
#web#google#microsoft#amazon#oracle#intel#aws#alibaba#ibm
Safous Adds Browser Isolation to Its Zero-Trust Network Access Service

This new function offers secure access to corporate applications and external SaaS through a virtual browser.

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For more information, review the Exchange Team blog. Summary Summary On November 8 Microsoft released security updates for two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

Microsoft Exchange サーバーのゼロデイ脆弱性報告に関するお客様向けガイダンス

本ブログは、Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Serverの抄訳版です。最新の情報は原文を参照してくだ

Intel Hardens Confidential Computing With Project Amber Updates

The chip giant has developed new features and services to make it tougher for malicious hackers and insiders to access sensitive data from applications in the cloud.

Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months - New Survey

Survey of over 2,000 IT pros revealed that a quarter either don't know or don't think Microsoft 365 data can be affected by ransomware.

Threat Source newsletter (Sept. 29, 2022) — Attackers are already using student loan relief for scams

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’ve spent the past few months with my colleague Ashlee Benge looking at personal health apps’ privacy policies. We found several instances of apps that carry sensitive information stating they would share certain information with third-party advertisers and even law enforcement agencies, if necessary.  One of the most popular period-tracking apps on the Google Play store, Period Calendar Period Tracker, has a privacy policy that states it will "share information with law enforcement agencies, public authorities, or other organizations if We’re [sic] required by law to do so or if such use is reasonably necessary. We will carefully review all such requests to ensure that they have a legitimate basis and are limited to data that law enforcement is authorized to access for specific investigative purposes only."  A report from the Washington Post also released last week found that this app, as well...

Fancy Bear Hackers Distributing Graphite Malware using PowerPoint Files

By Deeba Ahmed APT28 or Fancy Bear is linked with the Russian military intelligence unit called GRU. This is a post from HackRead.com Read the original post: Fancy Bear Hackers Distributing Graphite Malware using PowerPoint Files

Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange

APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.