#microsoft

Analysis of the top-50 multiparty attacks over the past decade finds that nation-state-linked hackers focused on disruption and using stolen credentials cause the most damage.

TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.

Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation

Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.

*Which Surface devices are affected by this vulnerability?* The Surface Pro 3. *Are any other devices vulnerable?* Microsoft has confirmed that the Surface Pro 3 is vulnerable. However, it is possible that other devices, including non-Microsoft devices, using a similar BIOS may also be vulnerable. The Surface Pro 4, Surface Book, and more recent Surface devices are not vulnerable. *What can an attacker do with this vulnerability?* Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. *How do I protect myself?* This technique requires physical access to a target victim’s device, or an attacker would already have had to compromise a legitimate user's credentials. We encourage custom...

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.

Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 (840

October 2021's Patch Tuesday includes some patches to block potentially dangerous vulnerabilities. We made a selection of the most "promising" ones. Categories: Exploits and vulnerabilities Tags: microsoft patch tuesday patches vulnerabilities *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/patch-now-microsoft-fixes-71-windows-vulnerabilities-in-october-patch-tuesday/ ) )* The post Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday appeared first on Malwarebytes Labs.