Showing only posts tagged Microsoft. Show all posts.

Microsoft finally explains cause of Azure breach: An engineer’s account was hacked

Source

Enlarge (credit: Getty Images) Microsoft said the corporate account of one of its engineers was hacked by a highly skilled threat actor that acquired a signing key used to hack dozens of Azure and Exchange accounts belonging to high-profile users. The disclosure solves two mysteries at the center of …

Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors

Source

Enlarge (credit: Getty Images) In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by Microsoft itself. On Tuesday, a different set of researchers made a similarly solemn announcement …

Microsoft finds vulnerabilities it says could be used to shut down power plants

Source

Enlarge (credit: Rockwell Automation) On Friday, Microsoft disclosed 15 high-severity vulnerabilities in a widely used collection of tools used to program operational devices inside industrial facilities such as plants for power generation, factory automation, energy automation, and process automation. The company warned that while exploiting the code-execution and denial-of-service …

How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever

Source

Enlarge / Building with Microsoft logo. (credit: Getty Images) It’s looking more and more likely that a critical zero-day vulnerability that went unfixed for more than a month in Microsoft Exchange was the cause of one of the UK’s biggest hacks ever—the breach of the country’s …

Microsoft Patch Tuesday, August 2023 Edition

Source

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. Six of the flaws fixed today earned Microsoft’s “critical” rating, meaning malware or miscreants could use them …

Microsoft Signing Key Stolen by Chinese

Source

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “ negligent security practices ” is being tossed about—and with good reason …

Teach a Man to Phish and He’s Set for Life

Source

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes …

Microsoft comes under blistering criticism for “grossly irresponsible” security

Source

Enlarge (credit: Drew Angerer | Getty Images ) Microsoft has once again come under blistering criticism for the security practices of Azure and its other cloud offerings, with the CEO of security firm Tenable saying Microsoft is “grossly irresponsible” and mired in a “culture of toxic obfuscation.” The comments from Amit …

« newer articles | page 8 | older articles »