Microsoft
Portnox enhances passwordless risk-based access for enterprise applications
Portnox announced support for Microsoft External Authentication Methods (EAM) for its Conditional Access for Applications solution. This new integration extends …
Windows Server 2025 gets hotpatching option, without reboots
Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. …
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering web pages on Windows – “was …
September 2024 Patch Tuesday forecast: Downgrade is the new exploit
September 2024 Patch Tuesday is now live: Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes I asked for a calm August 2024 Patch …
Veeam Software expands protection for Microsoft 365
Veeam Software announced Veeam Backup for Microsoft 365 v8, which delivers comprehensive and flexible immutability for Microsoft 365 data. Now organizations can ensure their …
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity …
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, …
Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32
I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security …
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly …
August 2024 Patch Tuesday forecast: Looking for a calm August release
August 2024 Patch Tuesday is now live: Microsoft fixes 6 zero-days under active attack July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the …
CrowdStrike engages external experts, details causes of massive outage
CrowdStrike has published a technical root cause analysis of what went wrong when a content update pushed to its Falcon sensors borked over 8.5 million Windows machines around …
Researchers unearth MotW bypass technique used by threat actors for years
Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping …
Featured news
Resources
Don't miss
- Building cybersecurity culture in science-driven organizations
- How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World”
- Google strengthens secure enterprise access from BYOD Android devices
- Southwest Airlines CISO on tackling cyber risks in the aviation industry
- Insider risk management needs a human strategy