Tag: microsoft
-
Eye Security verwandelt KI-Angriffsmethode in Schutztool
Das Forschungsteam von Eye Security testete den Ansatz auf Plattformen wie Microsoft 365 (Office und E-Mail), Google (Docs und Gmail) und Confluence. Defensive Prompts wurden in Dateiköpfe, Exporte und E-Mail-Signaturen integriert. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/eye-security-verwandelt-ki-angriffsmethode-in-schutztool/a42544/
-
Old threats, new consequences: 90% of cyber claims stem from email and remote access
Tags: access, ai, attack, awareness, cisco, ciso, citrix, cloud, communications, control, credentials, cve, cyber, cybersecurity, data, defense, detection, email, encryption, finance, fraud, hacker, insurance, mail, malicious, microsoft, network, phishing, phone, ransomware, risk, sophos, tactics, threat, tool, update, vpn, vulnerability2025 InsurSec Rankings Report, email and remote access remain the most prominent cyber threat vectors, accounting for 90% of cyber insurance claims in 2024.And, no surprise, larger companies continue to get hit hardest. But, interestingly, the virtual private networks (VPNs) many rely on are anything but secure, despite assumptions to the contrary.”We know from our…
-
Schwachstelle bei Windows Server Update Services im Visier der Cyberkriminellen
Forscher der Sophos Counter Threat Unit (CTU) haben aufgedeckt, wie Angreifer eine Schwachstelle in Windows Server Update Services (WSUS) ausnutzen, um sensible Daten von Unternehmen zu stehlen. Die Experten untersuchen die Ausnutzung einer Sicherheitslücke (CVE-2025-59287) zur Remotecodeausführung im Windows Server Update Service (WSUS) von Microsoft, einem systemeigenen IT-Verwaltungstool für Windows-Systemadministratoren. Am 14. Oktober 2025 veröffentlichte…
-
Schwachstelle bei Windows-Server-Updates im Visier der Cyberkriminellen
Forscher der Sophos-Counter-Threat-Unit (CTU) haben aufgedeckt, wie Angreifer eine Schwachstelle in Windows-Server-Update-Services (WSUS) ausnutzen, um sensible Daten von Unternehmen zu stehlen. Die Experten untersuchen die Ausnutzung einer Sicherheitslücke (CVE-2025-59287) zur Remotecodeausführung im WSUS von Microsoft, einem systemeigenen IT-Verwaltungstool für Windows-Systemadministratoren. Am 14. Oktober 2025 veröffentlichte Microsoft Patches für die betroffenen Windows-Server-Versionen. Nach der Veröffentlichung einer…
-
Eperi etabliert bei Sprinkenhof datenschutzkonforme Cloud-Kollaboration
Im Zuge der Digitalisierung der Hamburger Verwaltung setzte die Sprinkenhof GmbH als die zentrale gewerbliche Immobiliengesellschaft der Freien und Hansestadt Hamburg auf eine leistungsfähige, cloudbasierte Kollaborationsplattform. Ziel war es, Fachbereiche wie Polizei, Feuerwehr und Justiz mit modernen Tools wie Microsoft-Teams, Outlook, Sharepoint und Onedrive auszustatten bei gleichzeitig maximalem Schutz sensibler Daten. Die Herausforderung: maximaler […]…
-
WSUS-Schwachstelle CVE-2025-59287 wird angegriffen
Zum 23. Oktober 2025 hat Microsoft Out-of-Band-Updates für den Windows Server Update Services (WSUS) veröffentlicht. Die Updates patchen den WSUS um die Schwachstelle CVE-2025-59287 weiter abzusichern. Inzwischen mehren sich die Angriffe auf diese WSUS-Sicherheitslücke. Out-of-Band-Updates für WSUS Microsoft hatte zum … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/30/wsus-schwachstelle-cve-2025-59287-wird-angegriffen/
-
CISA-Warnung vor Angriffen auf Windows SMB-Schwachstelle CVE-2025-33073
Die US-Sicherheitsbehörde CISA hat zum 20. Oktober 2025 eine Warnung veröffentlicht, weil die Schwachstelle CVE-2025-33073 im Windows SMB Client wohl angegriffen wird. Zur Erinnerung: Die Schwachstelle im Windows Server Message Block (SMB) Protokoll war durch Microsoft bereits im Juni 2025 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/30/cisa-warnung-vor-angriffen-auf-windows-smb-schwachstelle-cve-2025-33073/
-
Microsoft Outage Hits Azure, 365, Xbox, Minecraft and More
A major Microsoft outage has disrupted Azure, Microsoft 365, Xbox, and Minecraft worldwide after a configuration failure, with services now gradually recovering. First seen on hackread.com Jump to article: hackread.com/microsoft-outage-azure-365-xbox-minecraft/
-
Microsoft Azure Cloud Apps Shut Down by Configuration Error
Azure Outage Comes a Week After a Cloud DNS Error Disrupted AWS Users. Microsoft’s Azure cloud and 365 systems suffered an outage at noon on Wednesday because of a configuration error – hours before its quarterly earnings call and about a week after rival AWS underwent a widespread outage that shut down applications and services…
-
The Microsoft Azure Outage Shows the Harsh Reality of Cloud Failures
The second major cloud outage in less than two weeks, Azure’s downtime highlights the “brittleness” of a digital ecosystem that depends on a few companies never making mistakes. First seen on wired.com Jump to article: www.wired.com/story/the-microsoft-azure-outage-shows-the-harsh-reality-of-cloud-failures/
-
Microsoft promises more Copilot features in Microsoft 365 companion apps
Tags: microsoftMicrosoft 365 companion apps will be getting more Copilot features in the coming weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-promises-more-copilot-features-in-microsoft-365-companion-apps/
-
Threat Actors Abuse AzureHound Tool to Enumerate Azure and Entra ID Environments
Tags: attack, cloud, cyber, cybersecurity, exploit, malicious, microsoft, penetration-testing, threat, toolThe cybersecurity landscape continues to shift toward cloud-based attacks, with threat actors increasingly exploiting legitimate security tools for malicious reconnaissance. AzureHound, a penetration testing utility designed for authorized security professionals, has become a weapon of choice for attackers seeking to understand and compromise Azure and Microsoft Entra ID environments. Understanding the Threat AzureHound is a…
-
Microsoft DNS Outage Disrupts Azure and Microsoft 365 Services Worldwide
Microsoft experienced a widespread service outage on Wednesday, October 29, 2025, affecting its Azure cloud platform and Microsoft 365 suite, leaving thousands of users unable to access critical business services. The disruption, which began around 16:00 UTC (approximately 9:30 PM IST), was attributed to Domain Name System (DNS) configuration issues that crippled connectivity across Microsoft’s…
-
Microsoft Security Change for Azure VMs Creates Pitfalls
Firms using Azure infrastructure gained a reprieve from a security-focused switch that could have broken apps that relied on public Internet access. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-security-change-azure-vms-creates-pitfalls
-
Microsoft fixes Media Creation Tool broken on some Windows PCs
Microsoft has confirmed that the Windows 11 Media Creation Tool (MCT) is working again on Windows 10 22H2 and Windows 11 25H2 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-media-creation-tool-broken-on-some-windows-pcs/
-
DNS outage impacts Azure and Microsoft 365 services
Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-dns-outage-impacts-azure-and-microsoft-365-services/
-
DNS outage impacts Azure and Microsoft 365 services
Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-dns-outage-impacts-azure-and-microsoft-365-services/
-
Zehntausende Exchange-Server in Deutschland gefährdet
Tags: access, bsi, cyberattack, DSGVO, germany, Internet, microsoft, ransomware, update, vpn, vulnerabilityDas BSI warnt vor der weiteren Verwendung von Microsofts Exchange-Server 2016 und 2019.Der Support für Microsofts Exchange-Server 2016 und 2019 endete planmäßig am 14. Oktober 2025. Seitdem werden keine Sicherheitsupdates mehr für diese Versionen bereitgestellt. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat allerdings festgestellt, dass hierzulande die Mehrheit der rund 33.000 öffentlich zugänglichen…
-
Microsoft fixes 0x800F081F errors causing Windows update failures
Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-0x800f081f-errors-causing-windows-update-failures/
-
Massive 4TB EY Database Backup Found Publicly Accessible on Azure
A critical security vulnerability was discovered when a complete 4-terabyte SQL Server backup belonging to Ernst & Young (EY), one of the world’s Big Four accounting firms, was found publicly accessible on Microsoft Azure. The exposure was identified by security researchers during routine internet mapping operations and has since been remediated following responsible disclosure protocols.…
-
Massive 4TB EY Database Backup Found Publicly Accessible on Azure
A critical security vulnerability was discovered when a complete 4-terabyte SQL Server backup belonging to Ernst & Young (EY), one of the world’s Big Four accounting firms, was found publicly accessible on Microsoft Azure. The exposure was identified by security researchers during routine internet mapping operations and has since been remediated following responsible disclosure protocols.…
-
Teams-News: Schwachstelle; Home-Office-Überwachung; Unified App-Management
Ich fasse mal einige Informationen rund um Microsoft Teams, die mir in den letzten Tagen untergekommen sind, in einem Sammelbeitrag zusammen. Teams kann ab Dezember 2025 den Aufenthaltsort des Benutzers über die WLAN-Verbindung erfassen was als Home Office-Überwachung durch … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/29/teams-news-schwachstelle-home-office-ueberwachung-unified-app-management/
-
BSI schlägt Alarm: 92 Prozent aller deutschen Exchange-Server ohne Support
Microsoft Exchange Server 2016 und 2019 erhalten keine Sicherheitsupdates mehr. In Deutschland basieren aber noch unzählige Server auf diesen Versionen. First seen on golem.de Jump to article: www.golem.de/news/bsi-schlaegt-alarm-92-prozent-aller-deutschen-exchange-server-ohne-support-2510-201630.html
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Microsoft Issues Alert on ASP.NET Flaw Allowing HTTP Request Smuggling Attacks
Microsoft has released a critical security update addressing a severe vulnerability in ASP.NET Core that could enable attackers to execute HTTP request smuggling attacks. On October 14, 2025, the company issued patches for CVE-2025-55315, a security feature bypass flaw affecting the Kestrel web server component with an alarming CVSS score of 9.9, placing it in…
-
Microsoft Edge: Mehrere Löschverläufe erforderlich
Ich kippe mal eine Beobachtung hier in den Blog ein, die mir Thomas B. Mitte Oktober 2025 per E-Mail zukommen ließ. Es geht um das Löschen des Verlaufs im Microsoft Edge-Browser sowie in ChatGPT. Die Anwendungen synchronisieren auch nach dem … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/29/microsoft-edge-mehrere-loeschverlaeufe-erforderlich/
-
Windows 11 KB5067036 update rolls out Administrator Protection feature
Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5067036-update-rolls-out-administrator-protection-feature/
-
Warnings Mount Over Windows Server Update Services Hacks
Thousands of Windows Server Update Services Observed Online. Warnings over hackers exploiting a Windows Server Update have compounded since Microsoft rushed out a patch Friday against a flaw allowing unauthenticated attackers to execute arbitrary code. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/warnings-mount-over-windows-server-update-services-hacks-a-29869
-
Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions
The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-sued-for-allegedly-tricking-millions-into-copilot-m365-subscriptions/