Microsoft March 2024 Patch Tuesday Fixes 60 Flaws 18 Rce Bugs
Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code...
News
Google Paid 10 Million In Bug Bounty Rewards Last Year
Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in...
Mar 2024 Monthly Patch
Microsoft has released security patches to address multiple vulnerabilities in their software and products.The vulnerabilities that have been classified as...
Victims Lose $47m to Crypto Phishing Scams in February
Impersonated accounts on X (formerly Twitter) have been blamed for the majority of cryptocurrency phishing attacks last month, with victims...
Three-Quarters of Cyber Incident Victims Are Small Businesses
Over three-quarters of cyber incidents impacted small businesses in 2023, with ransomware having the biggest impact on these firms, according...
New Cloud Attack Targets Crypto CDN Meson Ahead of Launch
A malicious campaign has been observed exploiting the blockchain-based Meson service for illicit gains ahead of the crypto token unlock...
Study Reveals Top Vulnerabilities in Corporate Web Applications
A recent study conducted by Kaspersky Security Assessment experts has revealed the most prevalent vulnerabilities in corporate web applications developed...
Lawmakers Slam UK Government’s “Ostrich Strategy” for Cybersecurity
The UK will remain “exposed and unprepared” for a potentially catastrophic ransomware attack if it continues to adopt a head-in-the-sand...
Tuta Mail Adds New Quantum Resistant Encryption To Protect Email
Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. Tuta...
Equilend Warns Employees Their Data Was Stolen By Ransomware Gang
New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was...
Researchers Expose Microsoft Sccm Misconfigs Usable In Cyberattacks
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration...
Over 15 000 Hacked Roku Accounts Sold For 50 Each To Buy Hardware
Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of...
Okta Says Data Leaked On Hacking Forum Not From Its Systems
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023...
Magnet Goblin Exploits Ivanti Vulnerabilities
Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN. The flaws,...
BianLian Threat Actor Shifts Focus to Extortion-Only Tactics
The BianLian threat actor has been observed shifting toward extortion-only activities, according to recent findings by GuidePoint’s Research and Intelligence...
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a...
Microsoft Incident Response lessons on preventing cloud identity compromise
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in...
Threat actors misuse OAuth applications to automate financially driven attacks
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for...
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star...
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix...
Financially motivated threat actors misusing App Installer
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and...
Staying ahead of threat actors in the age of AI
Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of...
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern...
Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our...
