Microsoft
December 2023 Patch Tuesday: 33 fixes to wind the year down
Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day …
“Pool Party” process injection techniques evade EDRs
SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool …
December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance
UPDATE: December 12, 12:12 PM PT – The news is live: December 2023 Patch Tuesday: 33 fixes to wind the year down The final Patch Tuesday of the year is almost upon us! …
Lenovo and Microsoft join forces to simplify security deployments
Lenovo and Microsoft are working together to help organizations operate more securely across their devices, users, apps, data, networks, and cloud services through a …
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and …
Microsoft announces Defender bug bounty program
Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to …
42Crunch and Microsoft partner for streamlined API security governance
42Crunch has unveiled the integration of 42Crunch’s API security audit and vulnerability testing solution with Microsoft Defender for Cloud to provide Microsoft customers …
Cohesity expands partnership with Microsoft to improve data restore capabilities for organizations
Cohesity announced it has deepened its relationship with Microsoft to help organizations more quickly respond to and recover from data loss within Microsoft 365 environments. …
November 2023 Patch Tuesday forecast: Year 21 begins
The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed …
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known …
Microsoft Authenticator suppresses suspicious MFA notifications
Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. …
Microsoft introduces new access policies in Entra to boost MFA usage
As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to …
Featured news
Resources
Don't miss
- Coinbase suffers data breach, gets extorted (but won’t pay)
- Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
- Building cybersecurity culture in science-driven organizations
- How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World”
- Google strengthens secure enterprise access from BYOD Android devices