Exploit kits: What are they and what is an exploit blocker?

What are exploit kits? Unwary internet users may not realize that in the course of normal browsing they can be exposed to malicious exploit kits that lurk on some websites. Exploit kits consist of malicious code to exploit one or more potential vulnerabilities in common web browsing and document viewing software. More sophisticated exploit kits … More Exploit kits: What are they and what is an exploit blocker?

Microsoft: 99.9 percent of hacked accounts didn’t use MFA

Only 11 percent of all enterprise accounts have multi-factor authentication enabled. More than 99.9 percent of Microsoft enterprise accounts that get invaded by attackers didn’t use multi-factor authentication (MFA). This stark, though not entirely surprising, finding comes from a presentation that Alex Weinert, the tech giant’s Director of Identity Security, delivered at the RSA 2020 security … More Microsoft: 99.9 percent of hacked accounts didn’t use MFA

PayPal remains the most‑spoofed brand in phishing scams

WhatsApp also emerges as a favorite target for brand impersonation amid a general spike in social media phishing. PayPal, Facebook, Microsoft, Netflix, and WhatsApp were the most commonly impersonated brands in phishing campaigns in the fourth quarter of 2019, a report by email security company Vade Secure has found. The payment services provider retained its top spot … More PayPal remains the most‑spoofed brand in phishing scams

Microsoft exposed 250 million customer support records

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection. Over 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection and … More Microsoft exposed 250 million customer support records

New Internet Explorer zero‑day remains unpatched

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a … More New Internet Explorer zero‑day remains unpatched

Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document. Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday. The zero-day … More Microsoft issues patch for Internet Explorer zero‑day