Bleeping Computer

MARCH 21, 2023

Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority (LSA) Protection is off. [.]

Antivirus 93

Antivirus 93

Krebs on Security

MAY 10, 2022

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022.

Authentication 269

Authentication Engineering Internet Internet 269

Bleeping Computer

JULY 6, 2023

Microsoft is again pushing a Defender Antivirus update (first issued in April and pulled in May) that fixes a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off. [.]

Antivirus 99

Antivirus 99

Dark Reading

MAY 11, 2023

As a way to enhance the security of MFA, Microsoft will require users to authorize login attempts by entering a numeric code into the Microsoft Authenticator app.

Authentication 86

Authentication 86

The Last Watchdog

FEBRUARY 20, 2024

Related: The security case for AR, VR AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. Microsoft Bot Framework: Microsoft’s offering is a robust platform providing bot development, deployment and management tools.

Cybersecurity 218

Cybersecurity Penetration Testing Authentication Social Engineering 218

Bleeping Computer

APRIL 26, 2023

Microsoft has fixed a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off by removing the feature's UI from settings. [.]

98

98

InfoWorld on Security

NOVEMBER 7, 2023

NET 8 , a planned upgrade to Microsoft’s cross-platform, open source development platform, is set to improve identity management, authentication, and authorization thanks to enhancements in the security vein delivered by the ASP.NET Core team. Identity features in.NET 8 are positioned to make it easier to secure applications.

Authentication 76

Authentication 76

The Hacker News

JUNE 21, 2023

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth.

Accountability 92

Accountability Authentication 92

Security Affairs

MARCH 8, 2021

The European Banking Authority (EBA) disclosed a cyberattack that resulted in the hack of its Microsoft Exchange email system. The European Banking Authority announced that it was the victim of a cyber attack against its email system that exploited recently disclosed zero-day vulnerabilities in Microsoft Exchange.

Banking 124

Banking Cyber Attacks Hacking Accountability 124

Security Affairs

FEBRUARY 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. Microsoft released Patch Tuesday security updates for February 2024 that resolved a total of 72 vulnerabilities, including the above vulnerabilities that are actively exploited in the wild.

Internet 115

Internet Internet Information Security Hacking 115

Troy Hunt

NOVEMBER 22, 2019

i speak at conferences around the world and run workshops on how to build more secure software within organisations. i'm a pluralsight author, microsoft regional director and most valued professional (mvp) specialising in online security and cloud development.

Data breaches 361

Data breaches Technology Software Accountability 361

Bleeping Computer

MARCH 8, 2023

Microsoft says the latest Windows 11 build that is rolling out to Insiders in the Canary channel will try to enable Local Security Authority (LSA) protection by default. [.]

88

88

Security Boulevard

JULY 10, 2023

Microsoft has admitted that a vulnerability has been discovered in its Azure Active Directory (AD) Open Authorization (OAuth) process which facilitates hackers a complete account takeover. The post Microsoft Fixes NoAuth Flaws, Prevents Account Takeover appeared first on Security Boulevard.

Accountability 78

Accountability Cyber Attacks 78

Krebs on Security

MAY 5, 2021

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. ” Since then, Microsoft added a policy that allows Office 365 administrators to block users from consenting to an application from a non-verified publisher.

Accountability 316

Accountability Passwords Advertising Phishing 316

Security Boulevard

JULY 7, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies and private organizations to switch to Modern authentication in Exchange Online before the deadline of October 1, 2022. The post CISA Urges Adoption of Microsoft Modern Auth appeared first on Security Boulevard.

Authentication 103

Authentication Passwords Cybersecurity 103

Krebs on Security

JANUARY 13, 2020

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S.

Internet 262

Internet Internet Software Cybersecurity 262

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let’s just get this out of the way right now: It wasn’t me. krebsonsecurity[.]top top (NOT a safe domain, hence the hobbling).

Hacking 347

Hacking Cybercrime DNS Antivirus 347

Security Affairs

AUGUST 27, 2021

Microsoft has fixed a critical flaw in Cosmos DB that allowed any Azure user to remotely take over other users’ databases without any authorization. ” reads the post published by the security firm, Azure Cosmos Darabase is Microsoft’s globally-distributed multi-model database service.

Accountability 119

Accountability Firewall Hacking Risk 119

Bleeping Computer

MARCH 1, 2022

Microsoft shared info on a now-fixed known issue leading to Local Security Authority Subsystem Service (LSASS) crashes and Windows Server domain controller. [.].

98

98

Malwarebytes

FEBRUARY 14, 2024

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security Agency’s catalog of Known Exploited Vulnerabilities , based on evidence of active exploitation.

Internet 93

Internet Internet Cybersecurity Technology 93

The Hacker News

JULY 9, 2021

While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers.

Phishing 136

Phishing Malware 136

Security Affairs

NOVEMBER 2, 2023

Researchers speculate that the recent shutdown of the Mozi botnet was the response of its authors to the pressure from Chinese law enforcement. ESET researchers speculate that the recent shutdown of the Mozi botnet was the result of its operators’ choice, possibly due to pressure from Chinese authorities.

IoT 102

IoT Manufacturing Malware Hacking 102

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. ” As ZDNet notes , Apple, Google and Microsoft already support these passwordless standards (e.g.

Passwords 231

Passwords Authentication Accountability Mobile 231

Security Boulevard

JULY 18, 2021

authorities, attacked Microsoft customer support systems. They installed malicious information-stealing software into Microsoft’s systems and then used that stolen data to attack Microsoft customers. While Microsoft reports that most of the attacks on its […].

Passwords 104

Passwords Hacking Software 104

Threatpost

SEPTEMBER 15, 2020

Security researchers and U.S. government authorities alike are urging admins to address Microsoft's critical privilege escalation flaw.

Government 129

Government Authentication 129

Security Affairs

OCTOBER 20, 2022

Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. Pierluigi Paganini.

Authentication 124

Authentication Internet Internet Hacking 124

Security Affairs

FEBRUARY 28, 2024

Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection, warns a joint advisory published by authorities. ” In February 2024, a court order allowed US authorities to neutralize the Moobot botnet, a network of hundreds of small office/home office (SOHO) routers under the control of the Russia-linked group APT28.

Energy and Utilities 103

Energy and Utilities Government Firewall Malware 103

Security Affairs

APRIL 27, 2023

Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware. Microsoft linked the recent attacks against PaperCut servers to a financially motivated threat actor tracked as Lace Tempest (formerly DEV-0950 ). Since April 13, Lace Tempest added the PaperCut exploits to its arsenal.

Ransomware 91

Ransomware Education Media Malware 91

CyberSecurity Insiders

OCTOBER 20, 2022

Microsoft has suffered a data breach that leads to leak of sensitive information of some of its customers. Email addresses, names, email content, phone numbers, some business files related to Microsoft’s authorized partners were apparently accessed by hackers.

Data breaches 116

Data breaches Artificial Intelligence Cyber Attacks Internet 116

Heimadal Security

AUGUST 30, 2021

Microsoft Azure customers have been informed of a newly found critical bug in Cosmos DB that enables intruders to remotely take control over databases by giving them complete admin access with no authorization requested. Anyone can read, change, or delete databases as they please, according to Microsoft. What Happened?

Cybersecurity 93

Cybersecurity 93

Security Boulevard

JUNE 17, 2022

Co-author: Den Jones Do your employees complain about needing to use their corporate VPNs to access SaaS applications such as Microsoft Office 365, Google Workspace and Salesforce? Does your enterprise security model require backhauling traffic destined for SaaS applications through corporate VPN gateways or concentrators?

VPN 109

VPN 109

Bleeping Computer

AUGUST 30, 2021

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without authorization. [.].

Accountability 95

Accountability 95

Security Affairs

APRIL 14, 2021

FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors. “Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States. .

Small Business 111

Small Business Malware Government Hacking 111

Malwarebytes

NOVEMBER 24, 2023

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. Microsoft’s Offensive Research and Security Engineering (MORSE) asked the researchers to evaluate the security of the top three fingerprint sensors embedded in laptops.

Authentication 123

Authentication Manufacturing Engineering Risk 123

Security Affairs

FEBRUARY 8, 2024

authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” reads the alert. “the U.S. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities 116

Energy and Utilities VPN Manufacturing Firewall 116

Security Boulevard

MAY 6, 2022

The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. The post Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity IoT Malware 98

Security Affairs

APRIL 8, 2022

Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine. ” reads the announcement published by Microsoft.

Government 116

Government Media Malware Hacking 116