Category: microsoft

Auto Added by WPeMatico

Microsoft Executives Hacked

Posted on By infossl
disclosure, hacking, microsoft, russia, Security technology, Uncategorized

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very … Read More “Microsoft Executives Hacked” »

Microsoft Signing Key Stolen by Chinese

Posted on By infossl
authentication, backdoors, china, cybersecurity, hacking, keys, microsoft, Security technology, Uncategorized

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to … Read More “Microsoft Signing Key Stolen by Chinese” »

Redacting Documents with a Black Sharpie Doesn’t Work

Posted on By infossl
microsoft, redaction, Security technology, sony, Uncategorized

We have learned this lesson again: As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks like someone redacted the … Read More “Redacting Documents with a Black Sharpie Doesn’t Work” »

Microsoft Secure Boot Bug

Posted on By infossl
microsoft, Security technology, Uncategorized, vulnerabilities, zero-day

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs … Read More “Microsoft Secure Boot Bug” »

Critical Microsoft Code-Execution Vulnerability

Posted on By infossl
microsoft, patching, Security technology, Uncategorized, vulnerabilities, windows

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a … Read More “Critical Microsoft Code-Execution Vulnerability” »

Finding Vulnerabilities in Open Source Projects

Posted on By infossl
google, microsoft, open source, Security technology, Uncategorized, vulnerabilities

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of … Read More “Finding Vulnerabilities in Open Source Projects” »

Is Microsoft Stealing People’s Bookmarks?

Posted on By infossl
browsers, microsoft, privacy, Security technology, Uncategorized, web privacy

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this … Read More “Is Microsoft Stealing People’s Bookmarks?” »