Security News

Okta vs. Microsoft Entra ID (Azure Active Directory) 2024: IAM Software Comparison
2024-02-16 20:56

This all makes IAM solutions critical to any modern business, and two popular options in that category are Okta and Microsoft Entra ID. Okta vs. Microsoft Entra ID: Comparison. Entra ID Free Entra ID P1 Entra ID P2 Entra ID Governance Free $6.00 per user, per month $9 per user, per month $7 per user, per month Identity governance.

Microsoft says it fixed a Windows Metadata server issue that’s still broken
2024-02-15 20:03

Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware. When new hardware is added to a Windows computer, the operating system connects to a Microsoft-operated website called the Windows Metadata and Internet Services to download metadata packages associated with the particular hardware.

Microsoft: New critical Exchange bug exploited as zero-day
2024-02-14 23:29

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. "The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf."

New critical Microsoft Outlook RCE bug is trivial to exploit
2024-02-14 20:08

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.

Microsoft: New critical Outlook RCE bug exploited as zero-day
2024-02-14 20:08

Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday. Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.

Microsoft Exchange update enables Extended Protection by default
2024-02-14 17:34

Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update.Extended Protection will automatically be toggled on by default when installing Exchange Server 2019 CU14 to strengthen Windows Server auth functionality to mitigate authentication relay and man-in-the-middle attacks.

Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks
2024-02-14 14:39

Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber...

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability
2024-02-14 07:33

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting...

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
2024-02-14 05:01

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active...

Crims found and exploited these two Microsoft bugs before Redmond fixed 'em
2024-02-14 01:47

Patch Tuesday Microsoft fixed 73 security holes in this February's Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack. First up: CVE-2024-21412, an internet shortcut file security feature bypass vulnerability that earned an 8.1-out-of-10 CVSS severity rating though Redmond only considers it important.