Security Boulevard

JULY 28, 2022

Welcome to the latest edition of The Week in Cybersecurity , which brings you headlines and analysis of the most pressing topics in cybersecurity. This week: Austrian group KNOTWEED spreads malware via Microsoft products, new malware-infested apps pop up in the Google Play store, and more. .

Malware 97

Malware Cybersecurity 97

Krebs on Security

JANUARY 13, 2020

Sources tell KrebsOnSecurity that Microsoft Corp. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. dll , a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” 14, the first Patch Tuesday of 2020.

Internet 262

Internet Internet Software Cybersecurity 262

Daniel Miessler

MAY 18, 2020

THIS WEEK’S TOPICS: Feds Release Top Vulns, China Brainwave Tracking, Europe CISSP Masters, Army Electronic Warfare, Microsoft Third-largest Patch Tuesday, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. Subscribe To Podcast. Show Notes. Newsletter. All Episodes. —.

Technology 130

Technology Information Security 130

Malwarebytes

JULY 28, 2023

Frustratingly, it isn't, as the specific security loophole that was abused by the hackers has been around for years, and Microsoft's response, or lack thereof, is actually a telling illustration of the competing security environments within Windows and macOS. You're gonna break some eggs in the process, and Microsoft has not done that yet.

Marketing 80

Marketing Malware Government 80

CSO Magazine

JUNE 14, 2022

The committee discussed the topic with representatives from Google, Microsoft and the Center for Security and Emerging Technology at Georgetown University. Congressional hearings on artificial intelligence and machine learning in cyberspace quietly took place in the U.S.

Artificial Intelligence 107

Artificial Intelligence Cybersecurity Government Technology 107

Troy Hunt

NOVEMBER 19, 2020

For now, here's this week's update from my backyard: References The Cit0day collection of breaches is.

Mobile 208

Mobile Technology 208

Troy Hunt

DECEMBER 28, 2017

Most of the time, the courses I create are on topics I know well, primarily on security but occasionally with a bit of cloud and development practices sprinkled in for variety. This is a "Play by Play" course which means that both of us are on camera discussing a topic. This one, however, is different.

121

121

Troy Hunt

JUNE 11, 2020

The IoT topic got some good engagement as did the fact that we "magically" dropped over a hundred active cases of COVID-19 in Australia today (sounds like the gov just reclassifying what's still considered to be an active case). (but but seriously, telephone books are still a thing here) I've gone down a serious IoT rabbit hole.

IoT 164

IoT Data breaches Phishing Hacking 164

Schneier on Security

APRIL 20, 2020

Microsoft is training a machine-learning system to find software bugs : At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. Since 2001 Microsoft has collected 13 million work items and bugs. These items get stored across over 100 AzureDevOps and GitHub repositories.

Software 268

Software IoT Engineering Internet 268

CyberSecurity Insiders

JANUARY 26, 2022

Each year, O’Reilly gathers usage data across its publishing partners and learning modes, from books and videos to live online training courses, virtual events, practice exams, and interactive scenarios, to provide technology leaders with the trends, topics, and issues to watch in the coming year. For more information, visit www.oreilly.com.

Data breaches 84

Data breaches Cybersecurity Cryptocurrency Technology 84

Joseph Steinberg

DECEMBER 11, 2023

He will also review relevant materials and initiate topical recommendations. Earlier, he served in several senior capacities at Whale Communications, acquired by Microsoft. Steinberg, who is based in New York, is expected to serve on the committee through mid-2026.

Cybersecurity 250

Cybersecurity Artificial Intelligence CISO Technology 250

IT Security Guru

MAY 24, 2023

Enter Microsoft Teams Operator Connect, a new feature that lets you connect with external users seamlessly. In this article, we’ll explore how to streamline communication with Microsoft Teams Operator Connect and how it can help your team work more efficiently, whether you’re in the office or working remotely.

Internet 77

Internet Internet Technology 77

eSecurity Planet

JULY 18, 2023

Microsoft has hardened security following a Chinese hack of U.S. Even as the threat has passed, Microsoft officials are still analyzing how a Chinese threat group was able to access U.S. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. This issue has been corrected.”

Accountability 74

Accountability Government Authentication Telecommunications 74

The Last Watchdog

JANUARY 23, 2024

– Today, January 22nd, from 2:30 – 3:30 PM (ET), Jennifer Mahoney, Manager of Data Governance, Privacy and Protection at Optiv and Lisa Plaggemier, Executive Director, National Cybersecurity Alliance will do a deep dive into the topic of data sharing permissions.

Data privacy 100

Data privacy Education Artificial Intelligence Cybersecurity 100

Troy Hunt

AUGUST 3, 2022

I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. How best to punish spammers? And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time.

Passwords 363

Passwords Accountability 363

CyberSecurity Insiders

MARCH 26, 2023

Now part of OpenAI, the AI-based model is funded by Microsoft for further development. The bug also leaked data related to users who were using the search platform to generate content on various topics, and the content might have reached the desks of hackers, which is only a possibility.

Artificial Intelligence 85

Artificial Intelligence Education Media Cybersecurity 85

Security Affairs

APRIL 18, 2020

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. pic.twitter.com/V2JcZg2kjt — Microsoft Security Intelligence (@MsftSecIntel) April 17, 2020. reads the report published by Microsoft.

Malware 115

Malware Advertising Security Intelligence Phishing 115

Adam Shostack

APRIL 1, 2019

My first paper on this topic, “Breaking Up Is Hard to Do,” written with Bruce Schneier, analyzed smart-card security. ” Around the same time, on April 1, 1999, Loren Kohnfelder and Praerit Garg published a paper in Microsoft’s internal “Interface” journal called “The Threats to our Products.”

100

100

CyberSecurity Insiders

APRIL 8, 2022

Trending on a separate topic, Tim Cook seems to have reached the news headlines for the wrong reasons. FYI, Microsoft, Facebook, Google, and Amazon have already started such a work culture since February this year. And Twitter is intending to enforce the hybrid work culture from April end of this year. .

Government 125

Government Technology Cybersecurity 125

CyberSecurity Insiders

NOVEMBER 26, 2021

To borrow a poker metaphor, those topics are table stakes. Microsoft – Living with the Microsoft Risk. The simple truth is that one way or another, Microsoft products are directly involved in the vast majority of cyber attacks. Microsoft will continue to be the primary focus for cyber attacks in 2022.

Cybersecurity 129

Cybersecurity Ransomware Risk Artificial Intelligence 129

CyberSecurity Insiders

SEPTEMBER 27, 2021

Certificate of Cloud Security Knowledge- Shortly known as CCSK, this certification acts as a stepping stone for a great career in cloud security as it covers topics such as basic security knowledge in the cloud architecture and data security, management identification and access management and such.

Education 108

Education InfoSec Engineering Architecture 108

CyberSecurity Insiders

APRIL 23, 2021

Microsoft Exchange Server Cyber Attack- Cyber Threat actors somehow infiltrated the email servers of Microsoft Exchange operating across the world through a vulnerability and accessed data of many government and private companies.

Cyber Attacks 145

Cyber Attacks Insurance Cyber Insurance Ransomware 145

Security Affairs

JUNE 14, 2021

Microsoft spotted a series of attacks that use SEO poisoning to deliver a remote access trojan (RAT) used by threat actors to steal sensitive data. Microsoft is monitoring a wave of cyber attacks that leverages SEO poisoning to deliver a remote access trojan (RAT) to steal sensitive data from the infected systems. Pierluigi Paganini.

Antivirus 68

Antivirus Security Intelligence Malware Insurance 68

Security Affairs

SEPTEMBER 8, 2023

The cyberspies used to propose a collaboration with a security researcher on topics of mutual interest. ” North Korea-linked threat actors also used a custom standalone Windows tool that has the stated goal of ‘download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers.’

Cybersecurity 103

Cybersecurity Media Accountability Software 103

SecureWorld News

NOVEMBER 23, 2021

And the reason we know about it is because of what white hat hackers call shrinking bug bounty payments from Microsoft. Security researcher Abdelhamid Naceri was looking into a recent Microsoft patch known as CVE-2021-41379 when he found a work around to the patch and a more powerful vulnerability. And he's not the only one.

Accountability 63

Accountability Hacking 63

Thales Cloud Protection & Licensing

FEBRUARY 2, 2022

How Microsoft and Thales Offer Enhanced Security and Compliance for Microsoft Office 365. Our discussion covered topics like customer concerns and expectations, data sensitivity, regulatory compliance, and fully integrated security through DKE and Luna Key Broker. What is Microsoft Double Key Encryption?

Encryption 71

Encryption Government Accountability Cybersecurity 71

Thales Cloud Protection & Licensing

MAY 3, 2023

Digital sovereignty has become an important topic for individuals and a strategic issue for countries and businesses, allowing them to operate in an environment they trust and can control. Thales and Microsoft partner to help organizations going passwordless to fight against phishing attacks.

B2B 71

B2B Authentication Phishing Marketing 71

Security Affairs

JUNE 13, 2022

The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT). The malspam messages use the topic “LIST of links to interactive maps,” according to the CERT-UA, more malicious emails reached more than 500 recipients.

Media 94

Media Government Hacking Cybersecurity 94

Malwarebytes

MARCH 12, 2021

The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. The first is that as many as 68,500 servers may have been compromised by the so-called Hafnium threat actor before Microsoft released patches for its Exchange zero-days.

Ransomware 121

Ransomware Backups Encryption Internet 121

SC Magazine

MAY 5, 2021

In a blog post, the Proofpoint researchers said that while OAuth apps add business features and user interface enhancements to major cloud platforms such as Microsoft 365 and Google Workspace, they’re also a threat because bad actors now use malicious OAuth 2.0 applications – or cloud malware – to siphon data and access sensitive information.

Malware 113

Malware Engineering Social Engineering Phishing 113

Security Affairs

MAY 9, 2022

The malicious messages spotted by the Ukrainian CERT have the subject line “chemical attack” and contain a link to a weaponized Microsoft Excel file. The Computer Emergency Response Team of Ukraine (CERT-UA) has detected malspam campaigns aimed at spreading an info-stealer called Jester Stealer. ” .

Password Management 85

Password Management VPN Cryptocurrency Government 85

Thales Cloud Protection & Licensing

OCTOBER 5, 2022

Essential topics at it-sa are cloud and mobile security, data and network security, the protection of critical infrastructures, and Industrial Security. At our booth, we will cover topics such as digital sovereignty, the Schrems II ruling, and modern authentication, including FIDO2 for Microsoft. Use it when you register here.

Cybersecurity 87

Cybersecurity Digital transformation Mobile Technology 87

Hacker Combat

DECEMBER 6, 2021

Microsoft has been developing a project collaboration solution for enterprise projects. The Loop app is now accessible to Microsoft 365 commercial customers. . The Loop app is an independent software on the Microsoft Teams chat platform that can be integrated with other apps or used solely.

Software 59

Software Mobile Technology Risk 59

Security Boulevard

OCTOBER 31, 2022

The guides will not be limited to technology-related topics, Defender’s Guides to Detection Engineering and other process-style topics are on the horizon. The following table is provided by Microsoft as the standard hives and their supporting files: Standard Hives. Microsoft Securable Object Documentation - [link] - [link].

Technology 98

Technology Backups Information Security Malware 98

CyberSecurity Insiders

MAY 22, 2021

The new knowledge base, featuring papers, videos and articles by foremost industry professionals, covers leading-edge topics pertinent to cybersecurity for business and government. The cybersecurity knowledge base will be updated on an ongoing basis with new topics, as new trends and attacks evolve in the cybersecurity space.

Technology 52

Technology Cybersecurity Government Marketing 52

CyberSecurity Insiders

JULY 23, 2021

Through analyst-to-analyst sharing of threat and vulnerability information, CISCP helps partners manage cybersecurity risks and enhances the collective ability to proactively detect, prevent, mitigate, respond to and recover from cybersecurity incidents.

Government 118

Government Cybersecurity Digital transformation Technology 118

LRQA Nettitude Labs

MARCH 1, 2023

Aladdin exploits a deserialisation issue over.NET remoting in order to execute code inside addinprocess.exe , bypassing a 2019 patch released by Microsoft in.NET Framework version 4.8. The topic was also covered by other magicians more recently. Microsoft clearly state that BinaryFormatter cannot be made secure.

Software 52

Software Risk Cybersecurity 52