Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook. Cybercriminals often exploit victims’ familiarity with popular brands to manipulate them into falling for phishing campaigns. Microsoft is the most common brand to spoof, researchers report, with PayPal in second place and Facebook rapidly catching up in a close
Similar to the now-patched ‘BlueKeep’ vulnerability, two flaws fixed today could let malware spread across vulnerable computers. Microsoft today released 93 fixes and two advisories as part of its monthly Patch Tuesday update. Of these, 64 were categorized as Important in severity and 29 were ranked Critical. Patching priority should be given to two “wormable”
Microsoft has invited security experts to ‘come and do their worst’ to mimic cybercriminals in the Azure Security Lab. BLACK HAT USA 2019 – Las Vegas – Microsoft today launched the Azure Security Lab and doubled its top Azure bug-bounty reward in an effort to further strengthen cloud security. The Azure Security Lab is a
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation. Even companies that previously said “no” to cloud are migrating their services and resources to cloud-based infrastructure. As they do, many are concerned about maintaining the cloud’s rapid update pace and how the new paradigm exposes them to
If you are running Microsoft Office 365, someone is probably out to get you. One way to investigate questionable Office 365 and other cloud sign-in activity is to use Microsoft’s Cloud App Security add on. To enable Cloud App Security, you must have an E5 license or purchase the Cloud App Security add-on. To
Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild. Microsoft today patched 77 vulnerabilities and issued two advisories as part of its July security update. Two of these bugs are under active attack; six were publicly known at the time fixes were released.
Proof-of-concept, which allows remote code execution, is latest to exploit Dynamic Data Exchange (DDE) and is another reminder why organizations must ensure Office settings are secure. Organizations now have one more reason to pay attention to the security settings of their Microsoft Office applications. Researchers at Mimecast have developed a working proof of concept that
Attackers will go after weaker credentials and passwords to gain network access. Small businesses often set up shared mailboxes that are used for various functions. If one set of credentials for a shared mailbox is compromised, it could have a wide impact on the company. If you’ve enabled multi-factor authentication (MFA), you might think that