Security

LATEST

Security

Microsoft Provides More Details About ‘Midnight Blizzard’ Attacks

Microsoft has recently published an initial analysis of the cyber-attack that was carried out by Russian state-sponsored hackers in late November of 2023. The company has raised concerns that the same threat actor is currently targeting other organizations and has provided detailed guidance to help organizations strengthen their defenses. Last week, Microsoft disclosed that a…

View Article
Security

Microsoft Defender Vulnerability Management Gets New Tool to Target Vulnerable Software Components

Microsoft has released a new dedicated inventory in public preview for its Defender Vulnerability Management solution. The new Vulnerable Components Inventory feature allows IT administrators to actively detect and address known vulnerabilities in software components used within their enterprise environments. Microsoft Defender Vulnerability Management is a security solution that enables organizations to discover, prioritize, and…

View Article
Security – 5

Microsoft’s Corporate Email Accounts Breached in Russian Espionage Attacks – What You Need to Know

Last week, Microsoft disclosed that Russian state-sponsored hackers exploited a weak password to infiltrate its corporate network. The threat actor (dubbed Midnight Blizzard) gained unauthorized access to the email accounts of its senior executives and employees working in legal and cybersecurity teams. Microsoft detailed that the Russian hacking group (also known as Nobelium or APT29)…

View Article
Security

Microsoft Defender for Cloud Gets New Agentless Malware Scanning Capabilities for VMs

Microsoft Defender for Cloud has introduced support for agentless malware scanning for servers hosting virtual machines. The new feature is designed to help organizations assess software vulnerabilities on VMs without requiring the installation of Defender for Endpoint. Microsoft Defender for Cloud already supports various agent-based vulnerability assessment solutions, such as Qualys, BYOL, and Microsoft Defender…

View Article
Security – 4

CISA: Androxgh0st Malware Poses Serious Threat to Microsoft 365 and AWS Credentials

The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI have issued a warning regarding the recently discovered Androxgh0st malware. This malicious campaign empowers threat actors to steal credentials and deploy malicious payloads, specifically targeting vulnerable Apache web servers and websites. The malware dubbed “Androxgh0st” was first discovered by the cybersecurity firm Lacework back in…

View Article
Network Security

Enhanced Cloud Protection: Microsoft’s Defender for Cloud Gets New Integration with Defender XDR

Microsoft has announced the general availability of Defender for Cloud’s integration with Microsoft Defender XDR. This release offers administrators direct access to investigate and manage Defender for Cloud alerts and incidents within the Microsoft Defender portal. Microsoft Defender for Cloud is a security solution that enables organizations to protect cloud-based applications from security threats and…

View Article
warning-cyber-attack

New Phemedrone Malware Exploits Windows Defender SmartScreen Flaw to Steal Sensitive Data

Cybersecurity researchers have disclosed a serious threat to Windows users, as hackers exploit a Windows Defender SmartScreen bypass vulnerability to deploy the Phemedrone Stealer malware. It could enable hackers to harvest sensitive information (such as cookies, passwords, and authentication tokens) from Windows machines. The security flaw, which is tracked as CVE-2023-36025, has a CVSS score…

View Article
Microsoft SharePoint

Critical Microsoft SharePoint Flaw Exploited: CISA Issues Warning for Organizations to Act Swiftly

The Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about the active exploitation of a critical vulnerability in Microsoft SharePoint. The security flaw (tracked as CVE-2023-29357) allows unauthenticated attackers to gain administrative privileges on unpatched servers. The Microsoft SharePoint vulnerability was first discovered by STAR Labs researcher Nguyễn Tiến Giang (Jang) during Vancouver’s Pwn2Own…

View Article
Security

How Microsoft Defender for Office 365 Protects Organizations Against QR Code Phishing Attacks

Microsoft has recently shared details about how Defender for Office 365 is effectively countering the rise of QR code phishing attacks. A QR code (Quick Response code) is a two-dimensional barcode capable of storing different types of information (such as product details, contact information, and website URLs). It can be easily scanned with smartphones or…

View Article
Security

Critical Perforce Server Vulnerability Opens Doors for Full System Control

Microsoft has recently disclosed four vulnerabilities in the Perforce Helix Core Server. These security flaws could enable threat actors to remotely execute commands in order to gain privileged access to the local Windows systems. The Perforce Helix Core Server (also known as Perforce Server) is a version control system that helps software development teams manage…

View Article
Go to page