Microsoft asks Windows 10 Enterprise customers to test new anti-exploit tech
Microsoft today asked enterprise customers to test a new anti-malware, anti-exploit technology in Windows 10’s baked-in browser. Windows 10’s latest preview, tagged as build 16188 and released Thursday, includes Windows Defender Application Guard, a virtualization-based feature that isolates the contents of a tab in Edge, the OS’s default browser, from the rest of the system. […] more…Iranian Hackers Exploit Recent Office 0-Day in Attacks: Report
A recently patched vulnerability in Microsoft Office has been abused by Iranian threat actors in attacks against Israeli organizations, researchers from security firm Morphisec reveal. read more more…Corporate Users Increasingly Targeted With Exploits: Kaspersky
A report published by Kaspersky Lab on Thursday shows that the number of attacks involving exploits increased significantly in 2016 compared to the previous year, but the number of attacked users actually dropped. read more more…Exploits: how great is the threat?
How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Several zero-days, as well as a bunch of merely ‘severe’ exploits apparently used in-the-wild were disclosed, and it is not yet clear whether this represents […] more…Oracle fixes Struts and Shadow Brokers exploits in huge patch release
Oracle has released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security Agency. The Struts vulnerability allows for remote code execution on Java web servers and was patched on March 6. […] more…Experts contend Microsoft canceled Feb. updates to patch NSA exploits
Microsoft delayed its February security update slate to finish patching critical flaws in Windows that a hacker gang tried to sell, several security experts have argued. “Looks like Microsoft had been informed by ‘someone,’ and purposely delayed [February’s] Patch Tuesday to successfully deliver MS17-010,” tweeted Matt Suiche, founder of Dubai-based security firm Comae Technologies. MS17-010, […] more…Microsoft: Latest ‘Shadow Brokers’ Exploits Already Patched
The hacker group calling itself “Shadow Brokers” has made public another batch of files allegedly obtained from the NSA-linked threat actor tracked as the Equation Group. Microsoft has assured customers that these new exploits don’t affect up-to-date systems. read more more…Microsoft confirms it’s patched most of the NSA’s Windows exploits
Microsoft on Friday said it had patched most of the Windows vulnerabilities purportedly exploited by the National Security Agency (NSA) using tools that were leaked last week. The Windows flaws were disclosed by the hacking gang Shadow Brokers in a large data dump earlier Friday. The group has released several collections of documents about the […] more…Microsoft: Past patches address leaked NSA exploits
Microsoft said it has already patched vulnerabilities revealed in Friday’s high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they’ve kept their software up-to-date. Friday’s leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such […] more…Leaked NSA exploits plant a bull’s-eye on Windows Server
Friday’s release of suspected NSA spying tools is bad news for companies running Windows Server. The cyberweapons, which are now publicly available, can easily hack older versions of the OS. The Shadow Brokers, a mysterious hacking group, leaked the files online, setting off worries that cybercriminals will incorporate them in their own hacks. […] more…New NSA leak may expose its bank spying, Windows exploits
A hacking group has released suspected U.S. government files that show the National Security Agency may have spied on banks across the Middle East. Numerous Windows hacking tools are also among the new batch of files the Shadow Brokers dumped Friday. In recent months, the mysterious group has been releasing hacking tools allegedly taken from […] more…Microsoft Word exploit linked to cyberspying in Ukraine conflict
A previously unknown Microsoft Office vulnerability was recently used to deliver spyware to Russian-speaking targets, in a possible case of cyberespionage. Security firm FireEye noticed the intrusion attempt, which taps a critical software flaw that hackers are using to craft malicious Microsoft Word documents. On Wednesday, FireEye said it uncovered one attack that weaponized a […] more…Terror Exploit Kit Rising as Sundown Disappears
One year after the exploit kit (EK) landscape was shaken by the sudden disappearance of the Angler and Nuclear kits, another change is happening in the segment. While the Sundown EK has been inactive for the past month or so, the recent Terror EK is being used in new campaigns, researchers say. read more more…Microsoft fixes 45 flaws, including three actively exploited vulnerabilities
Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers. The top priority this month should be given to the Microsoft Office security update because one of the fixed flaws has been actively exploited by attackers since January to infect computers with malware. Over […] more…Adobe Patches Flash, Reader Flaws Exploited at Pwn2Own
Adobe released security updates for several of its products on Tuesday to address a total of 59 vulnerabilities, including flaws disclosed last month at the Pwn2Own 2017 hacking competition. read more more…More information
- Understanding Targeted Attacks: How Do We Defend Ourselves?
- Several Flaws Found in WD, Seagate Storage Devices
- Australian security board survives members’ vote
- Apple Pay Cash hits Apple Watches with watchOS 4.2 release
- Huawei Says Nine-Month Revenue Up Despite US Pressure
- Schneider Electric Development Tools Affected by Critical Flaw
- Counterfeit Cisco gear ended up in US military bases, used in combat operations
- The Loudest Voices in Security Often Have the Least to Lose
- Planned Maintenance Willard Wireless Aggregate Switch
- Inside The Competitive Testing Battlefield of Endpoint Security