Skip to content
SSL and internet security news

Informations about SSL certificates and networks security

Category: microsoft

Auto Added by WPeMatico

Clever — and Exploitable — Windows Zero-Day

Posted on June 1, 2022 By infossl
microsoft, patching, Security technology, Uncategorized, windows, zero-day

Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Here’s the advisory, which includes a work-around until a patch is available. Powered by WPeMatico

Finding Vulnerabilities in Open Source Projects

Posted on February 2, 2022 By infossl
google, microsoft, open source, Security technology, Uncategorized, vulnerabilities

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of … Read More “Finding Vulnerabilities in Open Source Projects” »

Is Microsoft Stealing People’s Bookmarks?

Posted on November 17, 2021 By infossl
browsers, microsoft, privacy, Security technology, Uncategorized, web privacy

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this … Read More “Is Microsoft Stealing People’s Bookmarks?” »

More Russian SVR Supply-Chain Attacks

Posted on October 28, 2021 By infossl
microsoft, russia, Security technology, supply chain, Uncategorized

Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, … Read More “More Russian SVR Supply-Chain Attacks” »

Defeating Microsoft’s Trusted Platform Module

Posted on August 9, 2021 By infossl
BitLocker, hacking, microsoft, Security technology, Uncategorized

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization. … Read More “Defeating Microsoft’s Trusted Platform Module” »

More Russian Hacking

Posted on July 2, 2021 By infossl
cybersecurity, hacking, malware, microsoft, russia, Security technology, Uncategorized

Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in … Read More “More Russian Hacking” »

NSA Discloses Vulnerabilities in Microsoft Exchange

Posted on April 16, 2021 By infossl
disclosure, microsoft, nsa, patching, Security technology, Uncategorized, vulnerabilities

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA. Powered by WPeMatico

More on the Chinese Zero-Day Microsoft Exchange Hack

Posted on March 10, 2021 By infossl
china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

Four Microsoft Exchange Zero-Days Exploited by China

Posted on March 4, 2021 By infossl
china, microsoft, patching, Security technology, Uncategorized, vulnerabilities, zero-day

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. Powered by WPeMatico

Chinese Hackers Stole an NSA Windows Exploit in 2014

Posted on March 4, 2021 By infossl
china, exploits, hacking, microsoft, nsa, Security technology, Uncategorized, windows

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline: The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including … Read More “Chinese Hackers Stole an NSA Windows Exploit in 2014” »

Posts navigation

1 2 3 Next
fr_FR

Recent Posts

  • Friday Squid Blogging: New Squid Species
  • SIKE Broken
  • Drone Deliveries into Prisons
  • Surveillance of Your Car
  • Ring Gives Videos to Police without a Warrant or User Consent

Tags

academicpapers aes authentication biometrics books cellphones censorship control courts dea deanonymization denialofservice disclosure eavesdropping edwardsnowden encryption espionage facebook fbi foia gchq geolocation hacking historyofsecurity impersonation implants intelligence lies metadata missioncreep nationalsecuritypolicy nsa phones printers privacy reputation schools secrecy socialmedia squid surveillance tracking tradecraft undercover whistleblowers

Categories

  • 3dprinters
  • 911
  • academic papers
  • academicpapers
  • accountability
  • aclu
  • activism
  • adobe
  • advanced persistent threats
  • advancedpersistentthreats
  • adware
  • aes
  • airgaps
  • airtravel
  • alarms
  • algorithms
  • alqaeda
  • amazon
  • android
  • anonymity
  • Anonymous
  • antivirus
  • apache
  • apple
  • appliedcryptography
  • artificial intelligence
  • artificialintelligence
  • assassinations
  • atms
  • att
  • attribution
  • audio
  • auditing
  • australia
  • authentication
  • authorization
  • automation
  • backdoors
  • backups
  • banking
  • baserate
  • behavioraldetection
  • Beyond Fear
  • beyondfear
  • bgp
  • biologicalwarfare
  • biometrics
  • bios
  • bitcoin
  • BitLocker
  • blackberry
  • blackmail
  • blockchain
  • bluetooth
  • bombs
  • books
  • borders
  • botnets
  • brazil
  • breaches
  • bribes
  • browsers
  • business of security
  • businessofsecurity
  • cameras
  • camouflage
  • canada
  • cars
  • casinos
  • cell phones
  • cellphones
  • censorship
  • certificates
  • certifications
  • ch2ke
  • cheating
  • chelseamanning
  • child pornography
  • childpornography
  • children
  • china
  • chipandpin
  • chrome
  • cia
  • cisco
  • Citizen Lab
  • citizenlab
  • cloning
  • cloud computing
  • cloudcomputing
  • co3systems
  • coastguard
  • colombia
  • complexity
  • compliance
  • computer security
  • computersecurity
  • concealment
  • conferences
  • cons
  • consumerization
  • contests
  • control
  • cookies
  • cooperation
  • copyright
  • costbenefitanalysis
  • courts
  • coverups
  • COVID-19
  • covid19
  • cracking
  • credentials
  • credit cards
  • creditcards
  • crime
  • crowdsourcing
  • cryptanalysis
  • crypto wars
  • cryptocurrency
  • cryptography
  • cryptome
  • cryptowars
  • cuba
  • cyberattack
  • cybercrime
  • cyberespionage
  • cybersecurity
  • cyberterrorism
  • cyberwar
  • cyberweapons
  • dark web
  • darkweb
  • darpa
  • Data and Goliath
  • data breaches
  • data collection
  • data destruction
  • data mining
  • data protection
  • dataandgoliath
  • databases
  • databreaches
  • datacollection
  • datadestruction
  • dataloss
  • datamining
  • dataprotection
  • dataretention
  • de-anonymization
  • dea
  • deaddrops
  • deanonymization
  • deception
  • deep fake
  • deepfake
  • defense
  • deniability
  • denial of service
  • denialofservice
  • departmentofdefense
  • dhs
  • disclosure
  • disguise
  • disinformation
  • dmca
  • dna
  • dns
  • doghouse
  • doxing
  • drm
  • drones
  • drugtrade
  • e-mail
  • eavesdropping
  • ebay
  • ebooks
  • economics of security
  • economicsofsecurity
  • Edward Snowden
  • edwardsnowden
  • eff
  • egypt
  • email
  • embeddedsystems
  • employment
  • encryption
  • enigma
  • EPIC
  • epidemiology
  • espionage
  • essays
  • estonia
  • eu
  • exploits
  • externalities
  • extortion
  • face recognition
  • facebook
  • facerecognition
  • fake news
  • fakenews
  • false positives
  • falsenegatives
  • falsepositives
  • fbi
  • fear
  • feudalsecurity
  • filesharing
  • filtering
  • fingerprints
  • firefox
  • firewall
  • firmware
  • fisa
  • foia
  • forensics
  • forgery
  • Fortuna
  • france
  • fraud
  • fsecure
  • ftc
  • g7
  • gambling
  • games
  • gametheory
  • gaming consoles
  • gchq
  • gdpr
  • generations
  • geolocation
  • germany
  • gmail
  • google
  • googleglass
  • gps
  • guns
  • hackback
  • hacking
  • hardware
  • hashes
  • healthcare
  • history of computing
  • history of cryptography
  • historyofcomputing
  • historyofcryptography
  • historyofsecurity
  • homelandsecurity
  • hotels
  • hp
  • https
  • human rights
  • humor
  • ibm
  • ics
  • idcards
  • identification
  • identitytheft
  • impersonation
  • implants
  • incentives
  • incidentresponse
  • india
  • infrastructure
  • inrupt
  • insiders
  • insurance
  • intel
  • intelligence
  • internet
  • Internet and society
  • Internet of Things
  • internetandsociety
  • internetexplorer
  • internetofthings
  • interviews
  • ios
  • iphone
  • iran
  • iraq
  • ireland
  • irs
  • isis
  • isps
  • israel
  • italy
  • jamming
  • japan
  • Juniper
  • kaspersky
  • kazakhstan
  • key logging
  • keyescrow
  • keylogging
  • keys
  • kidnapping
  • killswitch
  • law enforcement
  • lawenforcement
  • laws
  • leaks
  • lebanon
  • lenovo
  • liarsandoutliers
  • lies
  • linkedin
  • linux
  • locks
  • loopholes
  • lotteries
  • machine learning
  • machinelearning
  • mail
  • malware
  • maninthemiddleattacks
  • marketing
  • mcafee
  • md5
  • medicine
  • metadata
  • microsoft
  • military
  • mitigation
  • monoculture
  • movieplotthreats
  • mozilla
  • music
  • national security policy
  • nationalism
  • nationalsecurityletters
  • nationalsecuritypolicy
  • naturalsecurity
  • networksecurity
  • Nigeria
  • nist
  • Non classé
  • North Korea
  • northkorea
  • norway
  • nsa
  • obscurity
  • onetimepads
  • open source
  • opensource
  • operating systems
  • operatingsystems
  • operational security
  • operationalsecurity
  • overreactions
  • pakistan
  • Password Safe
  • passwords
  • passwordsafe
  • patching
  • patents
  • patriotact
  • paypal
  • penetration testing
  • penetrationtesting
  • pgp
  • phishing
  • phones
  • photos
  • physical security
  • physicalsecurity
  • pins
  • plagiarism
  • point of sale
  • pointofsale
  • police
  • policy
  • pornography
  • power
  • press
  • printers
  • prison escapes
  • prisons
  • privacy
  • privilege escalation
  • programming
  • propaganda
  • protocols
  • pseudonymity
  • psychology of security
  • psychologyofsecurity
  • public interest
  • publicinterest
  • publictransit
  • qatar
  • quantum computing
  • quantumcomputing
  • quantumcryptography
  • random numbers
  • randomnumbers
  • ransomware
  • redaction
  • replayattacks
  • reports
  • reputation
  • resilience
  • resilientsystems
  • restaurants
  • retail
  • reverse engineering
  • reverseengineering
  • rfid
  • risk assessment
  • riskassessment
  • risks
  • robbery
  • robotics
  • rootkits
  • rsa
  • russia
  • sabotage
  • Safari
  • safes
  • samsung
  • saudiarabia
  • scada
  • scams
  • scanners
  • Schneier news
  • schneiernews
  • schneierslaw
  • schools
  • sciencefiction
  • search engines
  • searches
  • secrecy
  • secretsharing
  • security analysis
  • security conferences
  • security education
  • security engineering
  • security standards
  • Security technology
  • security theater
  • securityanalysis
  • securityawareness
  • securityconferences
  • securityeducation
  • securityengineering
  • securitymindset
  • securitymonitoring
  • securitypolicies
  • securityquestions
  • securitystandards
  • securitytheater
  • securitytokens
  • sensors
  • sha1
  • side-channel attacks
  • sidechannelattacks
  • signal
  • signatures
  • SIM cards
  • simcards
  • skimmers
  • skype
  • smart cards
  • smartcards
  • smartphones
  • sms
  • smuggling
  • snakeoil
  • social engineering
  • social media
  • socialengineering
  • socialmedia
  • societalsecurity
  • softwareliability
  • sony
  • southkorea
  • spain
  • spam
  • spoofing
  • sports
  • spyware
  • sqlinjection
  • squid
  • ss7
  • ssh
  • ssl
  • stalking
  • steganography
  • stuxnet
  • supply chain
  • supplychain
  • surveillance
  • sweden
  • switzerland
  • symantec
  • syria
  • T-Mobile
  • tamper detection
  • tamperdetection
  • taxonomies
  • telegram
  • television
  • tempest
  • termsofservice
  • terrorism
  • Thailand
  • theft
  • threat models
  • threatalerts
  • threatmodels
  • tls
  • tor
  • torture
  • tpm
  • tracing
  • tracking
  • tradecraft
  • traffic analysis
  • trafficanalysis
  • transparency
  • transportation
  • trust
  • tsa
  • turkey
  • twitter
  • two-factor authentication
  • twofactorauthentication
  • twofish
  • uae
  • uber
  • uk
  • ukraine
  • un
  • Uncategorized
  • undercover
  • unitedarabemirates
  • usability
  • usb
  • usps
  • utilities
  • uzbekistan
  • verisign
  • verizon
  • video
  • videoconferencing
  • videos
  • violence
  • voice recognition
  • voicerecognition
  • voip
  • voting
  • vpn
  • vulnerabilities
  • war
  • war on the unexpected
  • warontheunexpected
  • watchlists
  • weapons
  • web
  • web privacy
  • webprivacy
  • whatsapp
  • whistleblowers
  • Wi-Fi
  • wifi
  • wikileaks
  • windows
  • wireless
  • yahoo
  • zero-day
  • zeroday

Archives

  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014

Copyright © 2022 SSL and internet security news.

Theme: Oceanly by ScriptsTown