Blog Posts Tagged with "Microsoft"
Identifying and Patching Vulnerabilities in a Post-Microsoft Security Bulletin World
July 27, 2017 Added by:Ken Hilker
Last November Microsoft warned that the Security Bulletins on Patch Tuesday would be discontinued, and they followed through on their promise with the April 2017 edition
Comments (0)
Windows Update to Fix Pass-the-Hash Vulnerability? Not!
May 27, 2014 Added by:Tal Be'ery
Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...
Comments (0)
It's Time for Transparency Reports to Become the New Normal
January 31, 2013 Added by:Electronic Frontier Foundation
A transparency report would allow Skype and Microsoft to set the record straight and permit users to make an informed decision about the surveillance risks they’ve taking when they use their product. With great user data comes great responsibility...
Comments (0)
Windows 8 Security in Action: Part 2
November 22, 2012 Added by:Dan Dieterle
I have noticed some changes in the way Microsoft handles their different service account passwords over the past few weeks. It first started a while back when using Microsoft Live mail. One day when I typed in my legitimate password to my e-mail account, I received this error message...
Comments (0)
New technologies raise serious doubts on privacy and security
November 12, 2012 Added by:Pierluigi Paganini
The major concerns are related to the use of cameras of video devices such as PC, mobile devices and TVs to identify the user and verify its rights for vision and of course to determine his habits with the purpose to pack it for the best offer in terms of contents...
Comments (2)
Rethinking the consumer/enterprise operating system
October 28, 2012 Added by:Rafal Los
When Microsoft converged their kernel and made a single version of Windows most people were relieved, especially Microsoft developers and security types. It was now going to be easier to maintain the code base - but was that the right call? I think the jury may still be out...
Comments (3)
Sidestepping Microsoft SQL Server Authentication
October 21, 2012 Added by:Brandon Knight
Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...
Comments (2)
Microsoft Forcing Users to Use Less Secure Passwords
September 18, 2012 Added by:Dan Dieterle
Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...
Comments (2)
Microsoft Disrupts Nitol Botnet: Malware Hidden in Supply Chain
September 16, 2012 Added by:Pierluigi Paganini
Cybercriminals are exploiting a new way to spread malware by preloading malicious code inside counterfeit software deployed in computers that are offered for sale. To give you an idea of the phenomenon, 20% of the PCs researchers bought from an unsecure supply chain were infected with malware...
Comments (0)
Microsoft BlueHat: Five Questions with Katie Moussouris
September 12, 2012 Added by:Fergal Glynn
One of the big stories from this year’s BlackHat conference was Microsoft’s inaugural BlueHat contest which challenged researchers to design a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities. Katie Moussouris discusses...
Comments (0)
Microsoft, the CIA and NSA Collude to Take Over the Internet
June 20, 2012 Added by:J. Oquendo
The CIA, NSA and Microsoft created a completely separate operating system somewhere in the Beltway. Microsoft decided to give the agencies the specific code to make the rogue changes. Microsoft allowed the rogue system to be placed inside of their network and only allow a specific country to be infected...
Comments (0)
Microsoft May Be Infiltrated by Government Cyber Operatives
June 18, 2012 Added by:Headlines
“If there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off... This makes you think that this breach of Microsoft's update system was done by someone like the NSA..." said F-Secure's Mikko Hypponen...
Comments (0)
W32.Flamer Used Spoofed Microsoft Digital Certificates
June 04, 2012 Added by:Headlines
"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft..."
Comments (0)
The Fight Against Spam Might Get a Little Easier
May 11, 2012 Added by:Theresa Payton
Facebook recently announced efforts to stop spammers by creating the Antivirus Marketplace. The service will provide a free six month license to antivirus software. McAfee, Symantec, Sophos and others are teaming with Facebook to offer free antivirus software...
Comments (0)
Microsoft Continues Crusade Against Botnet Masters
May 04, 2012 Added by:Headlines
"Google began alerting the registrants of more than three dozen Gmail accounts that were the subject of Microsoft’s subpoenas... The email addresses were already named in Microsoft’s initial complaint posted at zeuslegalnotice.com, which listed nicknames and other information..."
Comments (0)
Microsoft Dismisses Zeus Botnet Takedown Criticism
April 17, 2012 Added by:Headlines
"The chief criticism is that the Microsoft operation exposed sensitive information that a handful of researchers had shared in confidence, and that countless law enforcement investigations may have been delayed or derailed as a result..."
Comments (0)
- If You Don’t Have Visibility, You Don’t Have Security
- Ransomware: Why Hackers Have Taken Aim at City Governments
- 5 Limitations of Network-Centric Security in the Cloud
- 1 Million South Korean Credit Card Records Found Online
- Top Three Cross-Site Scripting Attacks You Need to Know Now
- Arkose Labs Launches Private Bug Bounty Program
- Eight Steps to Migrate Your SIEM
- What Call Center Fraud Can Teach Us about Insider Threats
- Best Practices for Remote Workers’ Endpoint Security
- Cisco Patches Critical Flaw in Vision Dynamic Signage Director