April 9, 2024 at 11:37AM Researchers at Varonis have uncovered two techniques for attackers to evade SharePoint audit logs when downloading files. By using the “Open in App” feature or spoofing the User-Agent string, they can generate less severe or misleading events. Microsoft has acknowledged these issues but rated them as moderate, so organizations are … Read more
March 28, 2024 at 03:53AM The German Federal Office for Information Security (BIS) has issued an urgent alert regarding the poor state of Microsoft Exchange Server patching in Germany. Around 12 percent of the public-facing servers in the country are running unsupported versions of Exchange Server, with around a quarter lacking vital patches, making them … Read more
December 19, 2023 at 03:39PM Akamai security researchers have disclosed multiple bypasses for Microsoft’s patches for an Outlook zero-click remote code execution vulnerability. The original issue, CVE-2023-23397, was exploited by a Russian state-sponsored threat actor, prompting Microsoft to release a patch in March 2023. Akamai identified other bypasses, which Microsoft has subsequently addressed in later … Read more
December 12, 2023 at 01:47PM Microsoft has released a new update for Windows 11 versions 23H2 and 22H2 (KB5033375) to enhance security and improve Copilot. The December 2023 Update, Build 22631.2861, introduces features like Copilot for multiple displays and Alt-Tab. It also includes fixes for 36 key issues and updates to Dynamic Lighting. Known issues … Read more