Security News

Microsoft fixes Hyper-V VM problem caused by Patch Tuesday
2022-12-21 19:30

Microsoft has pushed out an emergency fix for a problem in Windows Server caused by patch updates that made it impossible for some organizations to create virtual machines on Hyper-V hosts. The issue arose after Windows Server 2019 and Windows Server 2022 users installed two updates that were part of this month's Patch Tuesday releases.

What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it?
2022-12-21 16:17

Software development isn't only about code; more importantly, it's driven by a set of best practices and guidelines that help us write better and more secure software. Like all large software companies, Microsoft has developed its own set of policies and procedures to implement approaches like its Secure Software Development Lifecycle.

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)
2022-12-21 13:24

Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities to achieve remote code execution on Microsoft Exchange servers.The ProxyNotShell exploit chain used CVE-2022-41040, a SSRF vulnerability in the Autodiscover endpoint of Microsoft Exchange, while this new one uses CVE-2022-41080 to achieve privilege escalation through Outlook Web Access.

Microsoft pushes emergency fix for Windows Server Hyper-V VM issues
2022-12-20 23:05

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Ransomware gang uses new Microsoft Exchange exploit to breach servers
2022-12-20 22:33

Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution on vulnerable servers through Outlook Web Access. Cybersecurity firm CrowdStrike spotted the exploit while investigating Play ransomware attacks where compromised Microsoft Exchange servers were used to infiltrate the victims' networks.

Microsoft will turn off Exchange Online basic auth in January
2022-12-20 20:22

Microsoft warned today that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. "Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope," The Exchange Team said on Tuesday.

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug
2022-12-20 19:59

When we woke up this morning, our cybersecurity infofeed was awash with "News" that Apple had just patched a security hole variously described a "Gnarly bug", a "Critical flaw" that could leave your Macs "Defenceless", and the "Achilles' heel of macOS". This isn't a new bug, it's just some new information about a bug that Apple fixed last week.

Microsoft reports macOS Gatekeeper has an 'Achilles' heel
2022-12-20 19:30

Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "For initial access by malware and other threats." Gatekeeper has been a part of macOS for a decade and is used to validate that apps are signed and notarized before allowing them to be launched.

Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems
2022-12-20 05:52

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles, was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.

Microsoft finds macOS bug that lets malware bypass security checks
2022-12-19 19:37

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. Found and reported by Microsoft principal security researcher Jonathan Bar Or, the security flaw is now tracked as CVE-2022-42821.