Microsoft fixes vulnerability affecting all Windows versions since 1996

Another vulnerability in the same Windows component was abused by Stuxnet a decade ago. A vulnerability in a decades-old Windows component that controls printing on machines running the operating system could be abused by malicious actors to gain elevated privileges on the targeted system, according to security researchers Yarden Shafir and Alex Ionescu. The flaw, which … More Microsoft fixes vulnerability affecting all Windows versions since 1996

Exploit kits: What are they and what is an exploit blocker?

What are exploit kits? Unwary internet users may not realize that in the course of normal browsing they can be exposed to malicious exploit kits that lurk on some websites. Exploit kits consist of malicious code to exploit one or more potential vulnerabilities in common web browsing and document viewing software. More sophisticated exploit kits … More Exploit kits: What are they and what is an exploit blocker?

Microsoft: 99.9 percent of hacked accounts didn’t use MFA

Only 11 percent of all enterprise accounts have multi-factor authentication enabled. More than 99.9 percent of Microsoft enterprise accounts that get invaded by attackers didn’t use multi-factor authentication (MFA). This stark, though not entirely surprising, finding comes from a presentation that Alex Weinert, the tech giant’s Director of Identity Security, delivered at the RSA 2020 security … More Microsoft: 99.9 percent of hacked accounts didn’t use MFA

First BlueKeep attacks prompt fresh warnings

The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store. Ever since it was discovered six months ago, the BlueKeep vulnerability has had (not only) the cybersecurity community concerned about impending WannaCryptor-style attacks. Earlier in November, Microsoft together with security researchers Kevin Beaumont and Marcus Hutchins shed light on … More First BlueKeep attacks prompt fresh warnings

What exactly is a file-less malware attack and how could it affect your business?

File-less malware attacks leave little trace, which makes them all the more threatening. A file-less malware attack doesn’t even need to install software on a victim’s machine and is instead based on an attacker taking control of something already installed on your computer. A file-less malware attack often latches onto a built-in component of Windows … More What exactly is a file-less malware attack and how could it affect your business?

Microsoft warns of new BlueKeep‑like flaws

Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10. Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by … More Microsoft warns of new BlueKeep‑like flaws