Tag: microsoft
-
Kein Fix erwartet: Uhr auf Windows-Sperrbildschirm geht absichtlich nach
Die Uhrzeit auf dem Lockscreen von Windows aktualisiert sich teilweise verzögert. Microsoft will daran nichts ändern. Das Verhalten sei beabsichtigt. First seen on golem.de Jump to article: www.golem.de/news/kein-fix-erwartet-uhr-auf-windows-sperrbildschirm-geht-absichtlich-nach-2604-207497.html
-
NHS pays £46K to prep next Microsoft licensing round
Benchmarking contract lays groundwork for renegotiating £774M software agreement First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/nhs_benchmarking_microsoft/
-
ADN CSP-Thementage 2026: Ein Juni voller Impulse für das Microsoft-Ökosystem
Tags: microsoftFünf Dienstage, fünf Schwerpunkte und ein klares Ziel: Microsoft-Partner fit für die nächste Evolutionsstufe ihres CSP-Geschäfts zu machen. Kostenlose Teilnahme. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/adn-csp-thementage-2026-ein-juni-voller-impulse-fuer-das-microsoft-oekosystem/a44559/
-
Microsoft’s Copilot strategy is just more user abuse from Redmond, says Mozilla
Firefox maker warns old web tactics are now shaping AI at the expense of user choice First seen on theregister.com Jump to article: www.theregister.com/2026/04/10/mozilla_microsofts_copilot_strategy/
-
Third-Party Android Vulnerability Leaves Over 50M Users Exposed
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-engagelab-sdk-android-vulnerability-malware-bridge/
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
Storm-2755 Uses AiTM Hijacking to Divert Employee Salaries
Hackers are abusing adversary-in-the-middle (AiTM) session hijacking to steal employee salaries in a new “payroll pirate” campaign tracked by Microsoft as Storm-2755 and targeting Canadian users. By hijacking live Microsoft 365 sessions, the group redirects payroll deposits to attacker-controlled bank accounts while bypassing multifactor authentication (MFA) and blending in with normal user activity. The group’s…
-
Canadian employees targeted in payroll pirate attacks
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees’ salary payments after hijacking their accounts in payroll pirate attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-canadian-employees-targeted-in-payroll-pirate-attacks/
-
EngageLab SDK flaw opens door to private data on 50M Android devices
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at…
-
Microsoft Recall Flaw Exposes Decrypted User Data, Researchers Find
When Microsoft reintroduced its redesigned Recall feature, security took center stage. The architecture was built around hardened components, including Virtualization-Based Security (VBS) enclaves, AES-256-GCM encryption, Windows Hello authentication, and a Protected Process Light (PPL) host. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/totalrecall-windows-recall-security-gap/
-
Microsoft Recall Flaw Exposes Decrypted User Data, Researchers Find
When Microsoft reintroduced its redesigned Recall feature, security took center stage. The architecture was built around hardened components, including Virtualization-Based Security (VBS) enclaves, AES-256-GCM encryption, Windows Hello authentication, and a Protected Process Light (PPL) host. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/totalrecall-windows-recall-security-gap/
-
New VENOM phishing attacks steal senior executives’ Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/
-
‘BlueHammer’ Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
Under the alias ‘Chaotic Eclipse,’ a researcher released a PoC exploit for a zero-day flaw that allows for system takeover by a local user, citing an undisclosed beef with Microsoft. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/bluehammer-windows-exploit-microsoft-bug-disclosure-issues
-
Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
No emails, no warnings, no humans just bots, catch-22s, and a 60-day appeals queue First seen on theregister.com Jump to article: www.theregister.com/2026/04/09/microsoft_dev_account_deactivations/
-
On Microsoft’s Lousy Cloud Security
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by…
-
On Microsoft’s Lousy Cloud Security
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by…
-
New Phishing Campaign Exploits Google Storage to Deliver Remcos RAT
A recently observed phishing campaign is abusing Google Cloud Storage to deliver the Remcos remote access trojan (RAT), relying on trusted Google infrastructure and a signed Microsoft binary to evade traditional defenses. Attackers host a fake Google Drive login page on the legitimate domain storage.googleapis.com, making the URL appear trustworthy to both users and security…
-
This fake Windows support website delivers password-stealing malware
A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/this-fake-windows-support-website-delivers-password-stealing-malware/
-
Microsoft Details How Defender Protects High-Value Assets in Real-World Attacks
Microsoft has significantly upgraded its Defender platform to automatically detect and block sophisticated cyberattacks targeting High-Value Assets (HVAs) like domain controllers and web servers. By leveraging the new Microsoft Security Exposure Management tool, the system now uses context-aware intelligence to easily distinguish normal administrative tasks from malicious activities on critical network infrastructure. As cyberattacks become…
-
TechTalk: »Unsere IT-Forensiker erkennen regelmäßig neue E-Mail-Angriffsvektoren«
Wieder einmal durften wir mit Hornetsecurity ein Videointerview aufzeichnen. Dieses Mal führte uns unserer Weg auf dem CloudFest 2026 an den Stand des Sicherheitsanbieters, wo Svenja Conrad auf unsere Fragen die passenden Antworten hatte. So wollten wir wissen, was die Standbesucher:innen am meisten interessiert hat, welche Bedrohungen Hornetsecurity derzeit im Microsoft 365-Umfeld wahrnimmt und welchen Tipp…
-
TechTalk: »Unsere IT-Forensiker erkennen regelmäßig neue E-Mail-Angriffsvektoren«
Wieder einmal durften wir mit Hornetsecurity ein Videointerview aufzeichnen. Dieses Mal führte uns unserer Weg auf dem CloudFest 2026 an den Stand des Sicherheitsanbieters, wo Svenja Conrad auf unsere Fragen die passenden Antworten hatte. So wollten wir wissen, was die Standbesucher:innen am meisten interessiert hat, welche Bedrohungen Hornetsecurity derzeit im Microsoft 365-Umfeld wahrnimmt und welchen Tipp…
-
Microsoft suspends dev accounts for high-profile open source projects
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-suspends-dev-accounts-for-high-profile-open-source-projects/
-
Nicht nur Veracrypt: Auch VPN-Entwickler von Microsoft ausgesperrt
Die Entwickler von Veracrypt, Wireguard und Windscribe können wegen gesperrter Microsoft-Accounts keine Updates bereitstellen. Microsoft reagiert. First seen on golem.de Jump to article: www.golem.de/news/nicht-nur-veracrypt-auch-vpn-entwickler-von-microsoft-ausgesperrt-2604-207360.html
-
Palo Alto Cortex XSOAR Flaw in Microsoft Teams Integration Lets Attackers Access Data
Palo Alto Networks has released a high-priority security update to address a serious vulnerability in its Cortex XSOAR and Cortex XSIAM platforms. Tracked as CVE-2026-0234, this security flaw exists within the Microsoft Teams integration. If successfully exploited, it allows an unauthenticated attacker to access and modify protected resources, prompting the vendor to assign the patch…
-
Microsoft Confirms Windows 11 Update Breaks Start Menu Search
Microsoft recently addressed a disruptive server-side flaw that completely disabled Start Menu search functionality for some Windows 11 23H2 users. The tech giant quickly acknowledged the incident and deployed an automatic fix behind the scenes. Because the repair happens directly on Microsoft’s servers, users do not need to search for or install any additional software…