Tag: office
-
Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days
Microsoft Patch Tuesday security updates for March 2025 address 56 security vulnerabilities in its products, including six actively exploited zero-days. Microsoft Patch Tuesday security updates for March 2025 addressed 56 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. This Patch…
-
Schadcodeausführung möglich: Sicherheitslücke in Microsoft Office gefährdet Nutzer
Ein Pufferüberlauf in Microsoft Office lässt Angreifer Schadcode einschleusen. Patches stehen bereit. Die lohnen sich auch wegen anderer Lücken. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-schadcode-luecke-gefaehrdet-unzaehlige-office-nutzer-2503-194215.html
-
Microsoft Security Update Summary (11. März 2025)
Microsoft hat am 11. März 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 56 Schwachstellen (CVEs), sieben davon wurden als 0-day klassifiziert. Sechs Schwachstellen werden bereits angegriffen. Nachfolgend findet sich … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/12/microsoft-security-update-summary-11-maerz-2025/
-
UK government under-prepared for catastrophic cyber attack, hears PAC
The Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the government’s cyber resilience is under par First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620361/UK-government-under-prepared-for-catastrophic-cyber-attack-hears-PAC
-
Post Office scandal data leak interim compensation offers made
Some subpostmasters affected by Post Office data breach offered interim compensation payments First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620384/Post-Office-scandal-data-leak-interim-compensation-offers-made
-
White House cyber director’s office set for more power under Trump, experts say
The Trump administration appears to be positioning the Office of the National Cyber Director to operate as the executive branch cybersecurity policy lead that Congress envisioned when establishing it in 2021, experts say. First seen on therecord.media Jump to article: therecord.media/trump-white-house-office-national-cyber-director
-
Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks
Tags: attack, conference, cyber, firmware, office, rce, remote-code-execution, risk, router, vulnerabilityA recent security analysis of Draytek Vigor routers has uncovered severe vulnerabilities that could allow attackers to hijack devices, execute arbitrary code, and bypass critical security controls. These findings, disclosed by researchers at DEFCON 32 HHV and Ekoparty 2024, highlight systemic risks in widely used small office/home office (SOHO) routers due to outdated firmware, weak…
-
Apple withdraws encrypted iCloud storage from UK after government demands ‘backdoor’ access
After the Home Office issued a secret order for Apple to open up a backdoor in its encrypted storage, the tech company has instead chosen to withdraw the service from the UK First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619614/Apple-withdraws-encrypted-iCloud-storage-from-UK-after-government-demands-back-door-access
-
UK cyber security damaged by ‘clumsy Home Office political censorship’
Britain’s National Cyber Security Centre secretly censors computer security guidance and drops references to encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620475/UK-cyber-security-damaged-by-clumsy-Home-Office-political-censorship
-
Women Faced the Brunt of Cybersecurity Cutbacks in 2024
Many women are finding that they are unhappy in their cybersecurity roles, largely due to the layoffs their companies are experiencing, cutbacks, and return to in-office work policies. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/women-cyber-cutbacks-2024
-
Authorities Seize $31 Million Linked to Crypto Exchange Hack
U.S. authorities announced the seizure of $31 million tied to the 2021 Uranium Finance decentralized finance (DeFi) exploits. The coordinated effort between the U.S. Attorney’s Office for the Southern District of New York (SDNY) and Homeland Security Investigations (HSI) San Diego, aided by blockchain intelligence firm TRM Labs, represents one of the largest recoveries in…
-
Privacy Roundup: Week 9 of Year 2025
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children’s Data Protection Practices
The U.K.’s Information Commissioner’s Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country.To that end, the watchdog said it’s probing how the ByteDance-owned video-sharing service uses the personal data of children…
-
ICO Launches TikTok Investigation Over Use of Children’s Data
The Information Commissioner’s Office is now investigating how TikTok uses 1317-year-olds’ personal information First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ico-tiktok-investigation-use/
-
Die besten XDR-Tools
Tags: attack, business, cloud, computing, container, crowdstrike, cyberattack, detection, edr, endpoint, firewall, google, Hardware, ibm, identity, incident response, infrastructure, mail, malware, marketplace, microsoft, ml, network, office, okta, risk, security-incident, service, siem, soar, software, tool, vulnerabilityLesen Sie, worauf Sie in Sachen XDR achten sollten und welche Lösungen sich in diesem Bereich empfehlen.Manuelles, siloartiges Management ist in der modernen IT-Welt unangebracht. Erst recht im Bereich der IT-Sicherheit: Der Umfang von modernem Enterprise Computing und State-of-the-Art-Application-Stack-Architekturen erfordern Sicherheits-Tools, die:Einblicke in den Sicherheitsstatus von IT-Komponenten ermöglichen,Bedrohungen in Echtzeit erkennen, undAspekte der Bedrohungsabwehr automatisieren.Diese…
-
Microsoft Office 365 MFA-Schlenker …
Nette Geschichte, die ein Administrator die Tage auf Facebook aufgespießt hat. Es geht um die Multifaktor-Authentifizierung in Microsoft 365, die unter anderem mittels der Microsoft Authenticator App erfolgen kann. Da bauen sich aber Hürden auf, wenn man möglichst wenig Abhängigkeiten … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/02/microsoft-office-365-mfa-schlenker/
-
RDP: a Double-Edged Sword for IT Teams Essential Yet Exploitable
Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true…
-
What is zero trust? The security model for a distributed and risky era
Tags: access, ai, authentication, best-practice, breach, business, ceo, cloud, compliance, computer, computing, control, corporate, credentials, cyberattack, data, detection, framework, government, guide, identity, infrastructure, intelligence, jobs, login, monitoring, network, nist, office, password, ransomware, regulation, risk, saas, service, technology, threat, tool, vpn, zero-trustHow zero trust works: To visualize how zero trust works, consider a simple case: a user accessing a shared web application. Under traditional security rules, if a user was on a corporate network, either because they were in the office or connected via a VPN, they could simply click the application and access it; because…
-
China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails
Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. Chinese hackers gained access to the VSSE’s email server between 2021 and…
-
New Auto-Color Malware Attacking Linux Devices to Gain Full Remote Access
Researchers at Palo Alto Networks have identified a new Linux malware, dubbed >>Auto-Color,
-
UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution
The Home Office is the latest British government department to encourage ethical hackers to report vulnerabilities in its systems. Experts are warning that participants could be open to criminal prosecution, though. First seen on therecord.media Jump to article: therecord.media/uk-home-office-vulnerability-disclosure-ethical-hackers
-
How to create an effective incident response plan
Tags: access, advisory, attack, backup, breach, business, ceo, ciso, communications, corporate, cyber, cybersecurity, email, endpoint, exploit, finance, governance, guide, incident, incident response, insurance, law, lessons-learned, malicious, monitoring, network, office, phone, ransomware, risk, security-incident, service, strategy, supply-chain, technology, threat, updateEstablish a comprehensive post-incident communications strategy: Another key element that can make or break an incident response strategy is communications. Without clear communications among the major stakeholders of the business, a company might experience much longer downtimes or the loss of vital processes for extended periods.”How are you going to go about communicating? With whom?…
-
Australia Bans Public Agencies From Using Kaspersky Software
Citing Security Concerns, Australia Joins Others in Banning Anti-Virus Products. The Australian Department of Home Affairs on Friday banned the use of Kaspersky Labs products in public offices citing an unacceptable security risk to the government networks and data. All government offices must uninstall all Kaspersky products and report the completion of the task to…
-
Microsoft tests ad-supported Office apps for Windows users
Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-ad-supported-office-apps-for-windows-users/
-
Microsoft launches ad-supported Office apps for Windows users
Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-sneaks-out-ad-supported-office-apps-for-windows-users/
-
TSforge New Tool Bypasses Windows Activation on All Versions
A significant breakthrough in bypassing Windows activation has been achieved with the introduction of TSforge, a powerful exploit developed by researchers. This tool is capable of activating every edition of Windows since Windows 7, as well as all Windows add-ons and Office versions since Office 2013. TSforge represents a major milestone in the history of…
-
Cybersecurity Weekly Update 24 February 2025
Tags: access, ai, apple, attack, cyber, cyberattack, cybersecurity, data, email, encryption, finance, government, office, privacy, regulation, risk, service, theft, updateWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. Home Office Contractor’s Data Collection Sparks Privacy Concerns The Home Office faces scrutiny after revelations that its contractor, Equifax, collected data on British citizens while conducting financial checks on migrants applying for fee…
-
Apple withdraws encrypted iCloud storage from UK after government demands ‘back door’ access
After the Home Office issued a secret order for Apple to open up a backdoor in its encrypted storage, the tech company has instead chosen to withdraw the service from the UK First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619614/Apple-withdraws-encrypted-iCloud-storage-from-UK-after-government-demands-back-door-access