What exactly is a file-less malware attack and how could it affect your business?

File-less malware attacks leave little trace, which makes them all the more threatening. A file-less malware attack doesn’t even need to install software on a victim’s machine and is instead based on an attacker taking control of something already installed on your computer. A file-less malware attack often latches onto a built-in component of Windows … More What exactly is a file-less malware attack and how could it affect your business?

Microsoft warns of new BlueKeep‑like flaws

Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10. Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by … More Microsoft warns of new BlueKeep‑like flaws

BlueKeep patching isn’t progressing fast enough

Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations … More BlueKeep patching isn’t progressing fast enough

Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows. In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once … More Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

Microsoft enhances OneDrive to secure your sensitive files

Microsoft will soon add a new feature to its OneDrive cloud storage that is designed to ramp up security for your most sensitive files. Dubbed OneDrive Personal Vault, this ‘partition’ of your OneDrive account will only be accessible using “a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or … More Microsoft enhances OneDrive to secure your sensitive files

NSA joins chorus urging Windows users to patch ‘BlueKeep’

The alert comes on the heels of Microsoft’s second advisory calling on people to take action before it’s too late. The United States’ National Security Agency (NSA) has issued a rare alert urging Windows users and administrators to waste no time in patching the critical ‘BlueKeep’ security flaw in older Windows systems. “This is the … More NSA joins chorus urging Windows users to patch ‘BlueKeep’

Microsoft reveals breach affecting webmail users

Some users of Microsoft’s web-based email services such as Outlook.com had their account information exposed in an incident that, as it later emerged, also impacted email contents. Microsoft has acknowledged a security incident that, for almost three months, gave hackers access to information related to an unknown number of email accounts on the tech giant’s … More Microsoft reveals breach affecting webmail users