Tag: microsoft
-
SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/
-
Unauthenticated RCE in WSUS Puts Organizations at Risk
Microsoft patches WSUS RCE flaw letting attackers gain SYSTEM access. Learn how to secure servers and prevent exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/wsus-vulnerability/
-
CISA and NSA Outline Best Practices to Secure Exchange Servers
CISA and NSA have released a blueprint to enhance Microsoft Exchange Server security against cyber-attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-nsa-secure-exchange-servers/
-
Patch for WSUS flaw disabled Windows Server hotpatching
An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-patch-for-wsus-flaw-disabled-windows-server-hotpatching/
-
Microsoft bestätigt: Task-Manager-Bug müllt unter Windows 11 den Speicher voll
Das letzte Windows-11-Update bringt die Systeme der Nutzer an ihre Grenzen – zumindest wenn der Task-Manager häufig verwendet wird. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-task-manager-bremst-nach-update-windows-11-aus-2511-201782.html
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Microsoft bestätigt: Task-Manager bremst nach Update Windows 11 aus
Das letzte Windows-11-Update bringt die Systeme der Nutzer an ihre Grenzen – zumindest wenn der Task-Manager häufig verwendet wird. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-task-manager-bremst-nach-update-windows-11-aus-2511-201782.html
-
Windows Task Manager won’t quit after KB5067036 update
Microsoft has confirmed a known issue that is preventing users from quitting the Windows 11 Task Manager after installing the October 2025 optional update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-task-manager-wont-quit-after-kb5067036-update/
-
New BOF Tool Bypasses Microsoft Teams Cookie Encryption to Steal User Chats
Cybersecurity researchers at Tier Zero Security have released a specialised Beacon Object File (BOF) tool that exploits a critical weakness in Microsoft Teams cookie encryption, enabling attackers to steal user chat messages and other sensitive communications. The vulnerability stems from how Microsoft Teams handles cookie encryption compared to modern Chromium-based browsers. While contemporary browsers like…
-
Attacken auf EU: Ungepatchte Windows-Lücke wird seit Jahren ausgenutzt
Die Sicherheitslücke ist Microsoft schon seit über einem Jahr bekannt. Bisher lehnt der Konzern es jedoch ab, einen Patch bereitzustellen. First seen on golem.de Jump to article: www.golem.de/news/attacken-auf-eu-ungepatchte-windows-luecke-wird-seit-jahren-ausgenutzt-2511-201767.html
-
Attacken auf EU: Ungepatchte Windows-Lücke wird seit Jahren ausgenutzt
Die Sicherheitslücke ist Microsoft schon seit über einem Jahr bekannt. Bisher lehnt der Konzern es jedoch ab, einen Patch bereitzustellen. First seen on golem.de Jump to article: www.golem.de/news/attacken-auf-eu-ungepatchte-windows-luecke-wird-seit-jahren-ausgenutzt-2511-201767.html
-
Windows 11 24H2/25H2 Flaw Keeps Task Manager Running After You Close It
Microsoft has acknowledged a persistent bug affecting Windows 11 versions 24H2 and 25H2 that prevents Task Manager from properly terminating when users close the application. The issue causes multiple instances of the system monitoring tool to accumulate in the background, potentially degrading device performance over time. Background Processes Pile Up Unnoticed The problem occurs when…
-
Support-Ende: Zehntausende Exchange-Server gefährdet
Für die Mail-Server-Produkte Microsoft Exchange Server 2016 und 2019 ist Mitte Oktober planmäßig der Support des Herstellers ausgelaufen. Seitdem werden keine Sicherheitsupdates mehr für diese Versionen bereitgestellt. Dennoch werden nach Informationen des Bundesamts für Sicherheit in der Informationstechnik (BSI) weiterhin über 30.000 MS-Exchange-Server in Deutschland mit diesen oder noch älteren Versionen und einem offen über……
-
Exit zum AI-Training gewählt?
Kurze Erinnerung für Nutzer von LinkedIn, das ja seit einigen Jahren zu Microsoft gehört. Microsoft wird ab dem 3. November 2025 die Daten von Mitglieder durch deren KI verwenden, “um deren Generieren von Inhalten zu verbessern”. Wer also LinkedIn-Mitglied ist, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/02/linkedin-exit-zum-ai-training-gewaehlt/
-
International Criminal Court kicks Microsoft Office to the curb
Rough justice? Redmond out as Germany’s openDesk judged a better fit First seen on theregister.com Jump to article: www.theregister.com/2025/10/31/international_criminal_court_ditches_office/
-
MY TAKE: Microsoft pitches an AI ‘protopian’ future, while civic groups pedal to stay upright
SEATTLE “, At a well-meaning civic forum hosted inside a south Seattle community space yesterday (Oct. 30,) Microsoft’s Lorraine Bardeen coined a new term: protopian. Related: The workflow cadences of GenAI She said it three times, as if underlining… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/my-take-microsoft-pitches-an-ai-protopian-future-while-civic-groups-pedal-to-stay-upright/
-
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server
The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
-
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server
The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Microsoft Edge gets scareware sensor for faster scam detection
Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-scareware-sensor-for-faster-scam-detection/
-
Microsoft gives Windows 11 a fresh Start here’s how to get it
More convenient layout saves you a click First seen on theregister.com Jump to article: www.theregister.com/2025/10/29/microsofts_new_windows_start_menu/
-
Cyber agencies co-sign Exchange Server security guide
US and allied cyber agencies team up to try to nudge users to pay more attention to securing Microsoft Exchange Server First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366633916/Cyber-agencies-co-sign-Exchange-Server-security-guide
-
Transnational Organized Crime Gang Steals $1 Million from Ontario Couple
Today my LinkedIn feed and Google News filter is showing me several stories that illustrate how we are failing to stop online scammers from stealing from our elderly. It starts with the headlines. CTVNews: Ontario seniors GIVE AWAY MORE THAN $1 MILLION to scammers.CTVNews: Ontario couple LOSES MORE THAN $1 MILLION DOLLARS to fraud.Toronto Only:…
-
Internationaler Strafgerichtshof wechselt von Microsoft zu openDesk von ZenDIS
Wechsel in der IT-Infrastruktur beim Internationalen Strafgerichtshof (IStGH). Nachdem die Trump Administration Druck auf deren Chefankläger ausgeübt hat, schwenkt das Gericht bezüglich seiner IT-Infrastruktur laut einem Bericht des Handelsblatts um. US-Anbieter wie Microsoft werden durch openDesk-Software vom Zentrum für Digitale … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/31/internationaler-strafgerichtshof-wechselt-von-microsoft-zu-zendis/
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/