Microsoft

Cloud Security

Issued by: Security Week

The new investment round was led by Pelion Venture Partners, with existing investors Kleiner Perkins and Upfront Ventures also participating. Founded in 2019 by Crowdstrike and Microsoft alums, the Los Angeles-based company emerged from stealth in February 2020 to provide data security tools designed to prevent leaks, breaches, and compliance issues. Open Raven says its…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2022-2587 (CVSS score of 9.8) and described as an out-of-bounds write, the vulnerability was addressed with the release of a patch in June. The issue was identified in the CRAS (ChromiumOS Audio Server) component, and could be triggered using malformed metadata associated with songs. CRAS resides between the operating system and ALSA (Advanced…

Vulnerabilities

Issued by: Kaspersky Blog

With this August patch Tuesday Microsoft fixed more than a hundred vulnerabilities. Some of the vulnerabilities require special attention from corporate cybersecurity personal. Among them there are 17 critical ones, two of which are zero-days. At least one vulnerability has already been actively exploited in the wild, so it would be wise not to delay…

Application Security

Issued by: Security Week

Symbols are pieces of information used during debugging, and are contained within Symbol files, which are created by the compiler during application build. Some of these symbols are called ‘public symbols’. They contain basic information, such as function names and global variables, and are used in all forms of debugging. Symbol files that contain only…

Malware & Threats

Issued by: Security Week

Microsoft’s security team earlier this week said it found that a malware called Subzero — developed by Vienna-based company DSIRF — was deployed in 2021 and 2022. “Observed victims to date include law firms, banks and strategic consultancies in countries such as Austria, the United Kingdom and Panama,” it wrote in a blog entry on…

Malware & Threats

Issued by: Security Week

Initially announced in February, the macro-blocking feature is meant to prevent phishing attacks by making it more difficult for users to enable macros in documents received from the internet. Small snippets of code embedded in Office documents, macros have long been abused by threat actors in phishing attacks and for malware delivery. In 2016, Microsoft…

Malware & Threats

Issued by: Dark Reading

Microsoft has revealed a now-fixed flaw in Apple’s macOS that allowed specific kinds of code to bypass the operating system’s App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads. Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement,…

Vulnerabilities

Issued by: Help Net Security

The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain…