How to prevent attackers from using Windows against you
One of the topics covered In a recent RSA Conference presentation was how attackers are using the victims’ own Windows operating system against them to avoid detection. This concept of “living off the land” (LotL) — the use of binaries, DLLs and other computer code that is already on our system — makes it harder…
The top four Office 365 security pain points
Many novice Office 365 (O365) shops do not know where platform-specific security vulnerabilities lie, or even that they exist. The threats that you are unaware exist do not cause pain until they rise up and bite – then the agony is fierce. Companies get themselves into trouble when they do not fully understand the way…
Which vulnerabilities were most exploited by cybercriminals in 2019?
Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)? Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.
Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks
The flaw, tracked as CVE-2020-0674 and described as a memory corruption issue, affects the scripting engine in Internet Explorer, specifically a JScript component. The problematic component is a library named jscript.dll, which provides compatibility with a deprecated version of the JScript scripting language. According to Microsoft, the vulnerability can be exploited for remote code execution…
Microsoft Issues 9 Critical Security Patches
Today is the second Tuesday of the month, and Microsoft is right on schedule with 59 security fixes, nine of which are considered Critical in severity. None of the vulnerablities were previously known or exploited, and 49 are ranked Important and one as Moderate. The latest release affects Windows, Internet Explorer, Edge, ChakraCore, Microsoft Office…
Think Data Security, Not Endpoint Security
INTEROP 2019 – LAS VEGAS – Endpoint security is a common concern among organizations, but security teams should be thinking more broadly about protecting data wherever it resides. “If you’re just focusing on device protection and not data protection, you’re missing a lot,” said Shawn Anderson, executive security advisor for Microsoft’s Cybersecurity Solutions Group, at…
Microsoft Launches New Solutions to Protect Elections From Hacking
The new solutions include ElectionGuard, a free open-source software development kit (SDK) developed in collaboration with Galois, and Microsoft 365 for Campaigns, a new service that brings high-end security capabilities to political campaigns. The new service, Microsoft says, can keep political campaigns safe from phishing attacks, provides easy to deploy advanced security features, and comes…
Cybercriminals targeting social media: Facebook and Instagram are becoming phishers’ favorites
Social media phishing, primarily Facebook and Instagram, saw the highest quarter- over-quarter growth of any industry with a 74.7 percent increase, according to the Vade Secure Phishers’ Favorites report for Q1 2019. While Facebook has been in the top 10 since report’s inception, Instagram cracked the top 25 for the first time, taking the #24…
Azure AD Identity Protection now revolves around risky users and risky sign-ins
Launched in September 2018, Microsoft Threat Protection (MTP) integrates a number of Microsoft services to provide a fully integrated, end-to-end solution for securing the entire attack surface of enterprises: identities, endpoints, user data, cloud apps, and infrastructure. Since MTP’s launch, Microsoft has slowly been polishing the offering by adding new and improved features such as…
43% of businesses are still running Windows 7, security threats remain
With one year to go until Microsoft ends support for its ten-year-old operating system Windows 7, as many as 43% of enterprises are still running the outdated platform. Kollective’s research found that nearly a fifth (17%) of IT departments don’t know when the end of support deadline is, while 6% are aware of the end…