October 11, 2023 at 12:30AM Microsoft has identified a critical flaw in Atlassian Confluence Data Center and Server that is being exploited by a nation-state actor called Storm-0062. The vulnerability, known as CVE-2023-22515, allows attackers to create unauthorized administrator accounts. Atlassian has been made aware of the issue and advises users to upgrade to the … Read more
October 11, 2023 at 12:09AM Microsoft analysts and researchers analyze trillions of signals daily to uncover emerging threats and provide timely security insights. They focus on nation-state groups to understand their activities within geopolitical trends. With the shift to remote work due to COVID-19, cybercriminals are exploiting system vulnerabilities and misconfigurations to access sensitive resources … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 07:54PM Researchers at Microsoft have identified a known nation-state threat actor, referred to as Storm-0062, as responsible for the recent zero-day exploits targeting Atlassian’s Confluence Data Center and Server products. The malicious activity had been ongoing since September 14, before Atlassian publicly disclosed the issue. Microsoft has provided IP addresses related … Read more
October 10, 2023 at 03:10PM Microsoft has released the KB5031356 cumulative update for Windows 10 21H2 and 22H2, containing security updates and fixes for various issues. Users can manually install the update through Windows Update or Microsoft Update Catalog. Notable fixes include improvements to the search box experience on the taskbar and addressing issues with … Read more
October 10, 2023 at 03:03PM Microsoft has released the optional KB5031356 cumulative update for Windows 10 21H2 and 22H2, containing 25 fixes for various issues. Users can install the update through the Windows Update settings or manually from the Microsoft Update Catalog. The update also addresses a new DDoS attack technique and provides steps to … Read more
October 10, 2023 at 02:36PM Microsoft released a large batch of software and OS updates to address over 100 vulnerabilities across Windows systems. They warned that three of these vulnerabilities are already being exploited. The updates also targeted a zero-day vulnerability in HTTP/2 Rapid Reset that exposed the internet to DDoS attacks. Two other zero-day … Read more
October 10, 2023 at 06:06PM Microsoft’s October Patch Tuesday update addressed two zero-day vulnerabilities that were actively being attacked, affecting Microsoft WordPad and Skype for Business. A critical-rated bug in Message Queuing was also patched. The update included a total of 103 CVEs, with 13 critical-rated vulnerabilities and 20% of the fixes related to Microsoft … Read more
October 10, 2023 at 05:55PM Microsoft has issued a warning to customers about incorrect BitLocker drive encryption errors in certain managed Windows environments. The issue only affects client platforms like Windows 11 21H2/22H2 and Windows 10 21H2/22H2, as well as Windows 10 Enterprise LTSC 2019. It specifically impacts environments where drive encryption is enforced for … Read more
October 10, 2023 at 12:46PM Microsoft plans to phase out VBScript in future Windows releases, after 30 years of use. VBScript will be available as an on-demand feature before being removed from the operating system. This move is likely due to the discontinuation of Internet Explorer and is part of Microsoft’s strategy to mitigate malware … Read more