Researchers at Embedi, a firm specializing in security for embedded devices, today released a report on a 17-year-old remote code execution vulnerability in Microsoft Office, which was patched today. They claim it has not been patched and Microsoft did not know it existed. Read More
Topic: Microsoft
Exclusive: Microsoft Responded Quietly After Detecting Secret Database Hack in 2013
The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely Read More
No Macros? No Problem for New Malware Attack
Macro-based Microsoft Office malware is a go-to tactic for aspiring cybercriminals because it's reliable and effective. Since macros remain an integral part of Word documents, many companies don't disable them by default, and users often open .doc attachments. But with enterprise IT on the war path for signs of any macro malware attack, criminals are Read More
Microsoft Patches Windows Zero-day Being Used to Spread FinSpy Spyware
Microsoft has unleashed its September Patch Tuesday bug fix bonanza, patching 82 flaws in total. Among the 82 fixes, 26 of which have been rated 'critical', includes a patch for an actively exploited zero-day vulnerability tied to Microsoft's .NET framework. Read More
Critical Flaws Found in Windows NTLM Security Protocol – Patch Now
As part of this month's Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007. Read More
Has ‘Fireball’ Malware Infected 250 Million Computers? Microsoft Disputes Shocking Claim
Microsoft sparked a curious squabble over malware discovery and infection rates. At the start of the month security firm Check Point reported on a browser hijacker and malware downloader called Fireball. The firm claimed that it had recently discovered the Chinese malware and that it had infected some 250 million systems. Read More
The Need for Urgent Collective Action to Keep People Safe Online: Lessons From Last Week’s Cyberattack
We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to Read More