Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released. More about the new Windows zero-days According…

Many novice Office 365 (O365) shops do not know where platform-specific security vulnerabilities lie, or even that they exist. The threats that you are unaware exist do not cause pain until they rise up and bite – then the agony is fierce. Companies get themselves into trouble when they do not fully understand the way…

Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)? Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.

The flaw, tracked as CVE-2020-0674 and described as a memory corruption issue, affects the scripting engine in Internet Explorer, specifically a JScript component. The problematic component is a library named jscript.dll, which provides compatibility with a deprecated version of the JScript scripting language. According to Microsoft, the vulnerability can be exploited for remote code execution…

Today is the second Tuesday of the month, and Microsoft is right on schedule with 59 security fixes, nine of which are considered Critical in severity. None of the vulnerablities were previously known or exploited, and 49 are ranked Important and one as Moderate. The latest release affects Windows, Internet Explorer, Edge, ChakraCore, Microsoft Office…

INTEROP 2019 – LAS VEGAS – Endpoint security is a common concern among organizations, but security teams should be thinking more broadly about protecting data wherever it resides. “If you’re just focusing on device protection and not data protection, you’re missing a lot,” said Shawn Anderson, executive security advisor for Microsoft’s Cybersecurity Solutions Group, at…

Microsoft Launches New Solutions to Protect Elections From Hacking

The new solutions include ElectionGuard, a free open-source software development kit (SDK) developed in collaboration with Galois, and Microsoft 365 for Campaigns, a new service that brings high-end security capabilities to political campaigns. The new service, Microsoft says, can keep political campaigns safe from phishing attacks, provides easy to deploy advanced security features, and comes…

Social media phishing, primarily Facebook and Instagram, saw the highest quarter- over-quarter growth of any industry with a 74.7 percent increase, according to the Vade Secure Phishers’ Favorites report for Q1 2019. While Facebook has been in the top 10 since report’s inception, Instagram cracked the top 25 for the first time, taking the #24…

Azure AD Identity Protection now revolves around risky users and risky sign-ins

Launched in September 2018, Microsoft Threat Protection (MTP) integrates a number of Microsoft services to provide a fully integrated, end-to-end solution for securing the entire attack surface of enterprises: identities, endpoints, user data, cloud apps, and infrastructure. Since MTP’s launch, Microsoft has slowly been polishing the offering by adding new and improved features such as…