security - WMPoweruser

security

Google’s Project Zero will now finally give companies a 30 days grace period to roll out patches

3 days

The release of patches of the recent Hafnium Exchange exploit let to a further massive wave of Exchange server exploits as non-state threat actors reverse-engineered the patches to hack servers for non-political ransomware attacks...

Pwn2Own 2021 – Security researchers hack Exchange, Teams, Zoom, Safari, Chrome, Edge, Parallels, Windows...

by Surur

2 weeks

Pwn2Own is back again, and once again the hacking contest has managed to destroy our illusions that there is such a thing as a secure software product. Competing for $1.5 million in prizes, by Day 2 of the 3 day event the teams ha...

Hackers are using LinkedIn info to bait spearfishing attacks

by Surur

2 weeks

Security firm eSentire is warning of a new hacking campaign which cruelly takes advantage of jobseekers to hack company networks. The spearfishing attackers are being perpetrated by hacking group Golden Chickens and send fake job ...

Microsoft reveals this week’s 2 hour Azure outage was caused by DNS DDOS

by Surur

2 weeks

It’s getting pretty scary out there for service providers and users alike, with the number of attacks on electronic devices and services appearing to be increasing exponentially. Microsoft’s cloud services appear to be...

Apple release iPhone and iPad security update for “actively exploited” universal cross site script...

by Surur

3 weeks

Apple has released an urgent security update for iOS and iPad OS which takes the operating systems to 14.4.2 and 14.4.2 respectively. The update is to address a security flaw in webkit which would allow a website to read data from...

Microsoft brings back DNS-over-HTTPS to Edge

by Surur

1 month

In February Microsoft disabled DNS-over-HTTPS (DoH) in all Edge channels due to performance issues. With regular DNS, if you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. That means that e...

Microsoft patches Chromium flaw in Edge Stable being exploited in the wild

by Surur

1 month

Chromium 89 has a zero-day flaw that is currently being exploited in the wold. CVE-2021-21193 is a flaw in Google’s Blink rendering engine. It is a “use-after-free” vulnerability which means Blink has difficulty ...

Microsoft release tool to help you see if your Exchange server has been compromised by Hafnium

by Surur

1 month

A series of flaws in stand-alone installations of Microsoft Exchange server has seen several hundreds of thousands of installations of Exchange Server being compromised by Chinese hacker group Hafnium. Krebs on Security reports th...

Microsoft Exchange flaw may have led to 30,000+ US organizations being hacked

by Surur

1 month

The quiet release of an out of band patch for a flaw in Microsoft’s Exchange server is rapidly turning into a major story, with credible reports of at least 30,000 organizations in the USA, and possibly hundreds of thousands...

Microsoft release out of band patch for Exchange Server which admins need to apply urgently

by Surur

2 months

If you are administering an on-premise Exchange Server (2013, 2016, 2019) you need to urgently apply a set of patches Microsoft released today for vulnerabilities in the OS which are being actively exploited. The vulnerabilities h...

Google release exploit code for just patched Windows 10 Remote Code Execution bug

by Surur

2 months

Better make sure your Windows 10 patches are up to date, as Google’s Project Zero has just released Proof of Concept code for a just-patched Windows 10 flaw which can be exploited by simply visiting a web page. Microsoft Dir...

Microsoft fixes the NTFS corruption bug

by Surur

2 months

We reported in January on a long-standing bug in Windows 10 which would allow a short string of characters to corrupt your NTFS file system, forcing Windows to repair it on next boot. The short string can be delivered to the OS in...