Security News
Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms. The company explains on the Windows health dashboard that "Windows devices might face VPN connection failures after installing the April 2024 security update or the April 2024 non-security preview update."
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. Latrodectus is an increasingly distributed Windows malware downloader first discovered by Walmart's security team and later analyzed by ProofPoint and Team Cymru that acts as a backdoor, downloading additional EXE and DLL payloads or executing commands.
Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. "Affected environments are those with the 'Enforce drive encryption type on operating system drives' or 'Enforce drive encryption on fixed drives' policies set to enabled and selecting either 'full encryption' or 'used space only'."
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on...
The number of Microsoft vulnerabilities has mostly flattened in 2023, with elevation of privilege and identity attacks being particularly common, according to BeyondTrust's annual Microsoft Vulnerabilities report. The total number of Microsoft vulnerabilities has remained mostly steady for the past four years, with a slight dip in 2023 from 1,292 to 1,228 reported vulnerabilities.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Microsoft has rolled back a fix for a known Outlook issue that was causing incorrect security alerts when opening ICS calendar files after installing the December Outlook Desktop security updates. Affected Microsoft 365 users are seeing unexpected warnings that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe" when double-clicking ICS files saved on their devices.
Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates.Although the April 2024 HU is optional, it also adds support for ECC certificates and Hybrid Modern Authentication for OWA/ECP. If you have installed the March 2024 SU and have not experienced any known issues fixed in the optional update and do not need the new features, you can wait for the next Exchange Server SU, which will also include these hotfixes.
Grotto told us Microsoft had to be "Dragged kicking and screaming" to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. "The government needs to focus on encouraging and catalyzing competition," Grotto said.