November 8, 2023 at 02:57PM Windows 11 is making security improvements by updating the Windows Defender Firewall rules for SMB shares. The changes include omitting inbound NetBIOS ports and allowing connections with SMB servers over custom network ports. Administrators can still configure and modify the firewall rules as needed. These updates aim to strengthen Windows … Read more
November 7, 2023 at 12:08PM Microsoft has issued a warning to Outlook.com users about possible difficulties when sending emails with attachments. Error code 550 5.7.520 may appear, preventing emails from being sent. Microsoft suggests users upload files to OneDrive and share the link instead. Step-by-step instructions are provided as a workaround until the issue is … Read more
November 6, 2023 at 05:24AM Microsoft has confirmed that the four Exchange vulnerabilities disclosed by Trend Micro’s Zero Day Initiative (ZDI) either have been patched or do not require immediate attention. ZDI had identified the high-severity vulnerabilities but clarified that they are not actual zero-days and have not been exploited in the wild. Microsoft stated … Read more
October 31, 2023 at 08:52AM Microsoft’s Patch Tuesday, which has been a monthly ritual for IT and security professionals for the past 20 years, aims to consolidate security updates into a planned release cycle. However, the high number of vulnerabilities and the growing dependence on Microsoft tools and services pose risks. Adversaries are becoming smarter … Read more
October 23, 2023 at 09:08AM Microsoft is launching the early access program for Security Copilot, an AI cybersecurity tool embedded in the Microsoft 365 Defender XDR platform. The tool aims to save time for security teams by providing step-by-step instructions on managing incidents and offering insights to upskill existing staff. It can generate natural language … Read more
October 13, 2023 at 12:50PM Microsoft has announced that the NTLM authentication protocol will be phased out in Windows 11. Kerberos has replaced NTLM as the default authentication protocol since Windows 2000. Despite being used in older versions, NTLM is still vulnerable to attacks such as relay attacks and pass-the-hash attacks. Microsoft is working on … Read more
October 13, 2023 at 11:38AM A single-click exploit has raised concerns about the security of Microsoft’s Visual Studio IDE once again. Developed by security researcher Zhiniang Peng, the exploit takes advantage of the default implementation of the IDE’s “trusted locations” feature. Peng argues that enabling this feature by default would protect users from potential attacks, … Read more
October 13, 2023 at 09:19AM SecurityWeek provides a concise compilation of noteworthy cybersecurity stories. This week’s stories include the appeal of former Uber security chief Joe Sullivan against his conviction for covering up a data breach, a bounty offered for finding the NIST elliptic curve seeds, analysis of surveillance products by NSO Group competitor Intellexa, … Read more
October 13, 2023 at 06:18AM Microsoft has launched a bug bounty program specifically focused on vulnerabilities in its artificial intelligence (AI)-powered Bing search engine. The program offers rewards of up to $15,000 for vulnerabilities found in bing.com and associated applications. Microsoft is particularly interested in vulnerabilities related to inference manipulation, model manipulation, and inferential information … Read more
October 12, 2023 at 04:59PM Fraudsters are exploiting X’s new verification system to impersonate brands and steal personal information. The system, implemented after Elon Musk changed the rules, allows anyone to obtain a blue checkmark by paying a monthly fee. Scammers have taken advantage of this, creating fake accounts and using phishing pages to gather … Read more