A new report by cybersecurity firm Mandiant details an ongoing hacking campaign targeting Microsoft 365. The threat actor behind this campaign is an advanced persistent threat (APT) known as “Cozy Bear” or simply “APT29.” APT29 is thought to be a Russian hacking group sponsored by the Russian Foreign Intelligence...Read more...
Anyone with an iPhone in their pocket or a Mac on their desk should be hitting that update button today. Apple has announced an emergency patch for iPhones, iPads, and macOS computers, an increasingly common event. The update addresses a pair of zero-day vulnerabilities in Apple's software, meaning they are already...Read more...
Microsoft has finally released a security update that addresses a zero-day vulnerability that went unpatched for more than two years. The vulnerability, known as DogWalk, appears in the national vulnerability index as CVE-2022-34713. Microsoft has assigned the vulnerability a high severity rating of 7.8. The company’s...Read more...
WordPress is one of the most popular and thus commonly used content management systems (CMS) on the web. However, it has a particular problem with add-on, extension, and plug-in authors abandoning their projects, and subsequently leaving gaping holes in site security. A case in point has been highlighted by the...Read more...
It's been three or four days since Microsoft rolled back the macro blocking update on "Current Channel" for Microsoft Office 365 users. Finally, we have a confirmed reason and some more information about the future of macros in Microsoft Office.
According to a recent post the reasoning for rolling back the change...Read more...
In February security firms, researchers, infosec employees, antivirus, and malware organizations rejoiced. Why? Microsoft was finally disabling Visual Basic for Applications (VBA) macros on Microsoft Office. However, the Redmond software giant just took a step back and reversed course on the change, but why?
What...Read more...
Last month, a ransomware gang known as ALPHV struck The Allison Inn & Spa, stealing employee and customer data. ALPHV then published this information to the open web, where it could be indexed by search engines and viewed without the use of the Tor network. While the website that presented the data for download wasn’t...Read more...
There's a good chance that you're running multiple operating systems across your various electronic devices. Perhaps Windows or macOS on your main desktop PC or laptop, and iOS or Android on your smartphone. And maybe your significant other is entrenched in a different ecosystem than you. Whatever the case, Microsoft...Read more...
We're halfway into 2022 and security researchers have started to publish data on emerging trends in cyber-security. The emerging trend that seems to be catching researchers attention today happens to be related to the largest, widest, and most diverse distribution of computing devices on the planet, mobile...Read more...
No one in computer security can catch a break lately, it seems, as yet another two major cybersecurity flaws have been found related to web servers.
Named Sysrv-K by security researchers on Microsoft's Security Intelligence Twitter, te vulnerabilities install botnets, which will run a crypto-coin miner on infected...Read more...
Many are aware by now, second Tuesday of every month is Patch Tuesday for Microsoft Windows. This is when Microsoft rolls out major and critical updates to its ubiquitous operating system, Windows. Much like many Patch Tuesdays before, there are problems with the latest one.
Specifically, the patch has problems...Read more...
AV Comparatives has posted the results of its latest performance impact test of over a dozen popular antivirus programs, and unfortunately for Microsoft, its Defender program that's built into Windows only narrowly avoided coming in dead last. On the bright side, though, Defender moved up from taking the last spot in...Read more...
Microsoft will be retiring Internet Explorer once and for all on June 15. However, Microsoft won’t be out of the web browser game with this retirement. The company has shifted its focus to maintaining and developing the Chromium-based Edge browser. Microsoft rolls out new Edge features fairly often, though some of...Read more...
Microsoft's Windows has plenty of reason to be proud of its status as the desktop operating system of choice for personal computers, but Linux drives a massive portion of the processing that lies beneath the surface of the internet at large. Ultimately, it's to everyone's benefit if security holes are closed, so we...Read more...
Passwords get compromised every day through devices, services, and operating systems. Microsoft's operating system, Windows, is no different. To help combat this, Microsoft's antivirus utility, Defender, is getting a new (and much welcomed) default policy setting.
Building on Microsoft's efforts in security as of...Read more...
Since their beginning, macros in Office applications have been both a blessing and a curse for users and system administrators alike. The feature causes significant security woes due to many methods of exploitation in the macro system. Now Microsoft has stated that its popular productivity suite is getting extra...Read more...
A trojan known as UpdateAgent began infecting Mac computers back in September 2020, but this infection was relatively innocuous at the time, doing nothing other than collecting some basic system and device information and broadcasting its presence to the command-and-control (C2) server. However, Microsoft has been...Read more...
Some people may find this hard to believe, but the built-in antivirus protection in Windows is pretty good these days, and has been for quite some time. Defender routine passes musters by independent AV testing agencies. Unlike other AV solutions, though, it is exclusive to the Windows platform for consumers. Perhaps...Read more...
Many people have returned to work after a long holiday break only to discover that their messages are not sending, their computer is behaving slowly, and/or they are faced with a black screen. There is thankfully an end in sight. Microsoft recently issued patches for the “YSK22” Exchange mail and black screen...Read more...
An Android malware analyst at Kaspersky continues to expose apps in Google play that may appear legitimate at first glance, but actually have a sinister underside. Each of the nearly two dozen apps (so far) identified since late July contain a Joker trojan, which itself features a bag of devious tricks to swindle...Read more...
This weekend, cyber-security firm Palo Alto Networks released a detailed analysis of an ongoing hacking campaign targeting technology, defense, healthcare, energy, and education industries. The attack targets Zoho's ManageEngine ADSelfService Plus password management system and uses vulnerability CVE-2021-40539 to...Read more...
If you thought being in the swanky C-suite of a major company kept you safe from hackers, think again. Those positions, among other high-ranking posts, are the latest targets in the ongoing infosec war between businesses and hackers. Many of us worry about getting our Amazon Prime account or our bank account hacked...Read more...