Login

Register

Login

Register

Tag

microsoft
What’s the difference between a scheduled security update and one that’s out-of-band? In the case of the critical Windows 10 Server Message Block (SMB) vulnerability (CVE-2020-0796) left unpatched in March’s otherwise bumper Windows Patch Tuesday update, the answer is two days. That’s how long it took Microsoft to change its mind about releasing a fix...
Read More
Microsoft announced on Tuesday that it was in on the busting-up of Necurs: one of the world’s biggest, baddest, busiest botnets. Some consider Necurs to be the largest botnet ever, with estimates from 2017 indicating that, at the time, it consisted of more than 6,000,000 infected computers. It’s metastasized in the last three years: Microsoft...
Read More
Microsoft has been forced to patch a vulnerability in the Server Message Block (SMB) protocol which was accidentally disclosed by some of its security partners earlier this week. The fix, KB4551762, is an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909. It addresses a remote code execution...
Read More
Years after it was first identified as a possibility, researchers have found it’s still child’s play to hijack subdomains from companies such as Microsoft to use in phishing and malware attacks. Researchers at Vullnerability.com were able to grab more than 670 subdomains that had previously been used by Microsoft but subsequently forgotten about, including: identityhelp.microsoft.com...
Read More
Microsoft has a neat web page that helps you get Outlook set up on your phone. You can either scan in a QR code off the web page, which takes you to the relevant download link… …or put in your phone number and get an SMS with the link in it: Just like Italian security...
Read More
A former Microsoft engineer faces 20 years behind bars after being found guilty of attempting to defraud his ex-employer of $10m. Ukrainian citizen Volodymyr Kvashuk, 25, from Renton, Washington, was initially a contractor for the tech giant before going full time there from August 2016 until he was fired in June 2018. He was convicted...
Read More
Microsoft has fixed almost a century of CVEs this month, although experts suggest the workload shouldn’t be too hard on admins. The 99 vulnerabilities fixed this month feature 12 critical CVEs, including one zero-day, and another four that have been publicly disclosed and so will also need to be prioritized. The zero-day being exploited in...
Read More
Microsoft has warned that inadequate security on web applications and internet-facing servers is allowing hackers to use web shells in their tens of thousands each month to launch attacks. Web shells are pieces of malicious code typically implanted onto web servers to execute commands, steal data and help hackers launch additional raids on the victim...
Read More
Microsoft has today announced a data breach that affected one of its customer databases. The blog article, entitled Access Misconfiguration for Customer Support Databases, admits that between 05 December 2019 and 31 December 2019, a database used for “support case analytics” was effectively visible from the cloud to the world. Microsoft didn’t give details of...
Read More
Microsoft briefly exposed call center data on almost 250 million customers via several unsecured cloud servers late last year, according to researchers. Bob Diachenko spotted the major privacy snafu a day after databases across five Elasticsearch servers were indexed by the BinaryEdge search engine on December 28. Each contained a seemingly identical trove of Microsoft...
Read More
Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm (Node Package Manager). The problem package, 1337qq-js, was uploaded to npm on 31 December, after which it was downloaded at least 32 times according to figures from npm-stat. According to a security advisory announcing its removal, the package’s...
Read More
The CryptoAPI cryptographic bug that Microsoft reported in its Patch Tuesday release yesterday was so big that it warranted its own story. Here, we look at some of the other nasties that Microsoft fixed. Among the most serious bugs were remote code execution (RCE) flaws affecting the Windows Remote Desktop Gateway, which is a Microsoft...
Read More
Microsoft has kicked off the new decade with fixes for half a century of vulnerabilities, including one discovered by the NSA that could allow hackers to spoof digital certificates to bypass security measures. This month’s Patch Tuesday focused around the CVE-2020-0601 flaw, which security experts praised the NSA for disclosing responsibly rather than trying to...
Read More
The burning question of the moment is, “What about CVE-2020-0601?” That’s the bug number assigned to one of the security holes fixed in Microsoft’s January 2020 Patch Tuesday updates. Of the 50 bugs patched this month, that’s the Big One, officially described by Microsoft as a “Windows CryptoAPI Spoofing Vulnerability“. To explain. The CryptoAPI, partly...
Read More
Microsoft has seized scores of domains thought to have been used by a North Korean threat group to support a spear-phishing and information-stealing campaign. The tech giant secured a court order after filing against the “Thallium” group (aka APT37), enabling it to take control of 50 domains it said were being used to execute attacks...
Read More
Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW