Tag: microsoft
-
CISA and partners take action as Microsoft Exchange security risks mount
In partnership with international cybersecurity agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) outlined … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/31/microsoft-exchange-on-premises-security/
-
Internationaler Strafgerichtshof wechselt von Microsoft zu openDesk von ZenDIS
Wechsel in der IT-Infrastruktur beim Internationalen Strafgerichtshof (IStGH). Nachdem die Trump Administration Druck auf deren Chefankläger ausgeübt hat, schwenkt das Gericht bezüglich seiner IT-Infrastruktur laut einem Bericht des Handelsblatts um. US-Anbieter wie Microsoft werden durch openDesk-Software vom Zentrum für Digitale … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/31/internationaler-strafgerichtshof-wechselt-von-microsoft-zu-zendis/
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
-
EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure
A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible onMicrosoft Azure. Cybersecurity firm Neo Security discovered a 4TB SQL Server backup belonging to accounting giant Ernst & Young (EY) publicly accessible on Microsoft Azure during a routine scan. Neo Security’s lead researcher identified a…
-
CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation.”By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security First seen on thehackernews.com Jump to article: thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html
-
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace.The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft’s…
-
CISA Publishes New Guidance to Strengthen Microsoft Exchange Server Security
Tags: best-practice, cisa, cyber, cybersecurity, guide, infrastructure, international, microsoft, networkThe Cybersecurity and Infrastructure Security Agency (CISA), working alongside the National Security Agency and international cybersecurity partners, has released a comprehensive security guidance document focused on hardening Microsoft Exchange servers against evolving threats. The Microsoft Exchange Server Security Best Practices guide aims to help network defenders and IT administrators strengthen their on-premises Exchange infrastructure and…
-
Warnungen für Explorer, Windows & Teams – Vier aktiv ausgenutzte Microsoft-Schwachstellen und Angriffe mit Teams
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-warnt-gefaelschte-teams-installation-ransomware-angriffe-a-31caea165dfee037a31c30cedd325e06/
-
CISA, NSA unveil best-practices guide to address ongoing Exchange Server risks
The guide follows CISA’s warnings in August about a high-severity vulnerability in Microsoft Exchange. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-nsa-best-practices-exchange-server-risks/804352/
-
Wie die Schwachstelle in Microsoft WSUS ausgenutzt wird
Forscher der Sophos Counter Threat Unit (CTU) haben eine Angriffswelle entdeckt, bei der Cyberkriminelle gezielt die Sicherheitslücke in Microsofts Windows Server Update Services (WSUS) ausnutzen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/kritische-schwachstelle-microsoft-wsus
-
Malicious packages in npm evade dependency detection through invisible URL links: Report
Tags: ai, application-security, attack, control, detection, edr, endpoint, exploit, flaw, github, governance, hacker, malicious, malware, microsoft, open-source, programming, service, software, supply-chain, threat, tool, trainingCampaign also exploits AI: The names of packages uploaded to npm aren’t typosquats of common packages, a popular tactic of threat actors. Instead the hackers exploit AI hallucinations. When developers ask AI assistants for package recommendations, the chatbots sometimes suggest plausible-sounding names that are close to those of legitimate packages, but that don’t actually exist.…
-
CISA, NSA offer guidance to better protect Microsoft Exchange Servers
The guide includes security advice previously shared by Microsoft, yet authorities felt it prudent to outline best practices for the critical and widely used technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-nsa-microsoft-exchange-server-guidance/
-
CISA Issues Guidance to Curb Microsoft Exchange Exploits
Tags: best-practice, cisa, cyber, defense, exploit, government, international, microsoft, vulnerabilityUS Cyber Defense Agency Releases Best Practices to Harden Exchange Environments. U.S. cyber defense officials and their international partners issued a new blueprint for mitigating Microsoft Exchange vulnerabilities on Thursday as governments worldwide continue to grapple with persistent intrusion campaigns targeting on-premises Microsoft Exchange servers in hybrid environments. First seen on govinfosecurity.com Jump to article:…
-
CISA, NSA offer guidance to better protect Microsoft Exchange Servers
The guide includes security advice previously shared by Microsoft, yet authorities felt it prudent to outline best practices for the critical and widely used technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-nsa-microsoft-exchange-server-guidance/
-
Microsoft seemingly just revealed that OpenAI lost $11.5B last quarter
Satya has also delivered Sam most of the cash he promised First seen on theregister.com Jump to article: www.theregister.com/2025/10/29/microsoft_earnings_q1_26_openai_loss/
-
Microsoft seemingly just revealed that OpenAI lost $11.5B last quarter
Satya has also delivered Sam most of the cash he promised First seen on theregister.com Jump to article: www.theregister.com/2025/10/29/microsoft_earnings_q1_26_openai_loss/
-
CISA and NSA share tips on securing Microsoft Exchange servers
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-and-nsa-share-tips-on-securing-microsoft-exchange-servers/
-
LinkedIn phishing targets finance execs with fake board invites
Hackers are abusing LinkedIn to target finance executives with direct-message phishing attacks that impersonate executive board invitations, aiming to steal their Microsoft credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-phishing-targets-finance-execs-with-fake-board-invites/
-
CISA and NSA share tips on securing Microsoft Exchange servers
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-and-nsa-share-tips-on-securing-microsoft-exchange-servers/
-
CISA updates guidance and warns security teams on WSUS exploitation
The agency urges users to apply emergency patches from Microsoft to counter a serious threat. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-guidance-warns-security-teams-wsus-exploitation/804257/
-
CISA updates guidance and warns security teams on WSUS exploitation
The agency urges users to apply emergency patches from Microsoft to counter a serious threat. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-guidance-warns-security-teams-wsus-exploitation/804257/
-
Schwachstelle bei Windows-Server-Updates im Visier der Cyberkriminellen
Forscher der Sophos-Counter-Threat-Unit (CTU) haben aufgedeckt, wie Angreifer eine Schwachstelle in Windows-Server-Update-Services (WSUS) ausnutzen, um sensible Daten von Unternehmen zu stehlen. Die Experten untersuchen die Ausnutzung einer Sicherheitslücke (CVE-2025-59287) zur Remotecodeausführung im WSUS von Microsoft, einem systemeigenen IT-Verwaltungstool für Windows-Systemadministratoren. Am 14. Oktober 2025 veröffentlichte Microsoft Patches für die betroffenen Windows-Server-Versionen. Nach der Veröffentlichung einer…
-
Eperi etabliert bei Sprinkenhof datenschutzkonforme Cloud-Kollaboration
Im Zuge der Digitalisierung der Hamburger Verwaltung setzte die Sprinkenhof GmbH als die zentrale gewerbliche Immobiliengesellschaft der Freien und Hansestadt Hamburg auf eine leistungsfähige, cloudbasierte Kollaborationsplattform. Ziel war es, Fachbereiche wie Polizei, Feuerwehr und Justiz mit modernen Tools wie Microsoft-Teams, Outlook, Sharepoint und Onedrive auszustatten bei gleichzeitig maximalem Schutz sensibler Daten. Die Herausforderung: maximaler […]…
-
WSUS-Schwachstelle CVE-2025-59287 wird angegriffen
Zum 23. Oktober 2025 hat Microsoft Out-of-Band-Updates für den Windows Server Update Services (WSUS) veröffentlicht. Die Updates patchen den WSUS um die Schwachstelle CVE-2025-59287 weiter abzusichern. Inzwischen mehren sich die Angriffe auf diese WSUS-Sicherheitslücke. Out-of-Band-Updates für WSUS Microsoft hatte zum … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/30/wsus-schwachstelle-cve-2025-59287-wird-angegriffen/
-
CISA-Warnung vor Angriffen auf Windows SMB-Schwachstelle CVE-2025-33073
Die US-Sicherheitsbehörde CISA hat zum 20. Oktober 2025 eine Warnung veröffentlicht, weil die Schwachstelle CVE-2025-33073 im Windows SMB Client wohl angegriffen wird. Zur Erinnerung: Die Schwachstelle im Windows Server Message Block (SMB) Protokoll war durch Microsoft bereits im Juni 2025 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/30/cisa-warnung-vor-angriffen-auf-windows-smb-schwachstelle-cve-2025-33073/
-
Microsoft Outage Hits Azure, 365, Xbox, Minecraft and More
A major Microsoft outage has disrupted Azure, Microsoft 365, Xbox, and Minecraft worldwide after a configuration failure, with services now gradually recovering. First seen on hackread.com Jump to article: hackread.com/microsoft-outage-azure-365-xbox-minecraft/
-
Microsoft Azure Cloud Apps Shut Down by Configuration Error
Azure Outage Comes a Week After a Cloud DNS Error Disrupted AWS Users. Microsoft’s Azure cloud and 365 systems suffered an outage at noon on Wednesday because of a configuration error – hours before its quarterly earnings call and about a week after rival AWS underwent a widespread outage that shut down applications and services…
-
The Microsoft Azure Outage Shows the Harsh Reality of Cloud Failures
The second major cloud outage in less than two weeks, Azure’s downtime highlights the “brittleness” of a digital ecosystem that depends on a few companies never making mistakes. First seen on wired.com Jump to article: www.wired.com/story/the-microsoft-azure-outage-shows-the-harsh-reality-of-cloud-failures/
-
Microsoft promises more Copilot features in Microsoft 365 companion apps
Tags: microsoftMicrosoft 365 companion apps will be getting more Copilot features in the coming weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-promises-more-copilot-features-in-microsoft-365-companion-apps/
-
Threat Actors Abuse AzureHound Tool to Enumerate Azure and Entra ID Environments
Tags: attack, cloud, cyber, cybersecurity, exploit, malicious, microsoft, penetration-testing, threat, toolThe cybersecurity landscape continues to shift toward cloud-based attacks, with threat actors increasingly exploiting legitimate security tools for malicious reconnaissance. AzureHound, a penetration testing utility designed for authorized security professionals, has become a weapon of choice for attackers seeking to understand and compromise Azure and Microsoft Entra ID environments. Understanding the Threat AzureHound is a…