Microsoft Archives - Page 9 of 17 - Cyber Security Minute

How Advances in Cloud Security Can Help with Ransomware

Issued by: CIO Security

The ransomware scourge continues, with incidents hitting a U.S. record in the second quarter of 2021, as attackers expand into vertical industries and target critical infrastructure. Ransom demands have also been growing. According to IT Governance, the average decryption key rate from attackers is $140,000 yet many organizations end up paying much more than that….

Vulnerabilities

128 vulnerabilities in Microsoft products

Issued by: Kaspersky Blog

In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a…

Vulnerabilities

Microsoft Patches Critical Exchange Server Flaw

Issued by: Dark Reading

Microsoft today issued security updates for 71 software vulnerabilities, three of which were critical and one that has a known proof-of-concept available in the public domain. Among the most notable flaws fixed today by Microsoft are: CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability This is a critical bug that could allow an attacker who…

Application Security

Google Cuts User Account Compromises in Half With Simple Change

Issued by: Dark Reading

More than 150 million Google users have seen their chance of compromise drop by half following the adoption of two-step verification, a process where users logging in to a Google service will be asked to respond to a push notification sent to a second device, the company said today. The result is an early sign…

Vulnerabilities

Mac Malware-Dropping Adware Gets More Dangerous

Issued by: Dark Reading

The latest version of a Mac Trojan called UpdateAgent, aka WizardUpdate, provides fresh evidence of the growing effort that some threat actors are putting into targeting Apple technologies. The malware, which impersonates legitimate software, such as support agents and video software, first surfaced in September 2020. It is commonly distributed via drive-by downloads or pop-ups…

Vulnerabilities

Microsoft Patches 67 Security Flaws, Including Zero-Day Exploited by Emotet

Issued by: Security Week

In the final Patch Tuesday release for 2021, the Redmond, Wash. software giant called special attention to CVE-2021-43890, a spoofing vulnerability in the Microsoft Windows AppX installer and warned that the bug is being exploited in the wild by the Emotet malware operation. “Microsoft is aware of attacks that attempt to exploit this vulnerability by…

Malware & Threats

Microsoft Seizes Domains Used by China-Linked APT ‘Nickel’

Issued by: Security Week

The tech giant took over the websites after filing pleadings with the U.S. District Court for the Eastern District of Virginia, which quickly granted an order in this regard. While the move will prevent the group’s access to some of its victims, it is unlikely to put an end to Nickel’s activities. However, Microsoft does…

Malware & Threats

SideCopy APT: Connecting lures to victims, payloads to infrastructure

Issued by: Blog Malwarebytes

Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan. In this blog post we are providing additional details about SideCopy that have not been published before. We were able to…

Network Security

RPC Firewall Dubbed ‘Ransomware Kill Switch’ Released to Open Source

Issued by: Security Week

Today at Black Hat London, Zero Networks announced the release of its RPC firewall – also dubbed the ‘ransomware kill switch’ – into open source. The tool provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping almost all ransomware in its tracks. Microsoft’s Remote Procedure Call (MS-RPCE)…