December 16, 2023 at 11:53AM Microsoft announced the new Windows Protected Print Mode (WPP), bolstering print system security by blocking third-party drivers, reducing resource access, removing attack vectors, and adding binary mitigations. WPP will also introduce transport security and secure print configurations. Additionally, Microsoft will cease third-party printer driver distribution via Windows Update by 2027. … Read more
December 13, 2023 at 01:48AM Microsoft’s final 2023 Patch Tuesday update addressed 33 flaws, with 4 rated Critical and 29 rated Important. This year, they’ve patched over 900 flaws, including vulnerabilities like remote code execution and information disclosure. Akamai also discovered attacks against Active Directory domains using Microsoft DHCP servers, prompting recommendations from Microsoft. Other … Read more
December 12, 2023 at 06:18PM Microsoft’s December 2023 security update featured fewer vulnerabilities for IT and security teams to address compared to recent months. The update addressed 36 vulnerabilities, including 4 critical ones and 11 likely to be exploited. Despite this, security experts advise vigilance due to potential attack threats posed by certain bugs. This … Read more
December 12, 2023 at 03:36PM Microsoft released critical security fixes for 33 vulnerabilities, including remote code execution bugs and flaws in its Edge browser. The company urged special attention to the CVE-2023-36019 spoofing bug and CVE-2023-35628 code execution defect. Additionally, the patches address issues in Office, Azure, Windows Defender, and the Windows DNS and DHCP … Read more
December 7, 2023 at 05:18PM A Kremlin-linked APT group, “Star Blizzard,” known for cyberespionage and targeting NATO-associated entities since 2017, recently updated its evasion tactics. Microsoft exposed these new techniques, which include the use of password-protected PDFs, cloud file-sharing, advanced domain creation, and exploitation of email marketing platforms for phishing. Despite operations against UK officials, … Read more
December 6, 2023 at 05:46PM Microsoft’s EVP of Security, Charlie Bell, announced that Bret Arsenault will transition from the CISO role to chief security adviser, and Igor Tsyganskiy is set to become the new CISO in the coming year. The change reflects a strategic emphasis on security and AI integration, and Tsyganskiy’s appointment is well-received … Read more
December 6, 2023 at 05:25PM Microsoft executive Charlie Bell announced a strategic security shift: Bret Arsenault moves from CISO to chief security advisor; Igor Tsyganskiy becomes CISO. The change reflects the evolving CISO role amidst AI advancements and regulatory pressures. Tsyganskiy, a newcomer to the CISO position, is seen as a positive addition due to … Read more
December 6, 2023 at 12:30PM Microsoft has restructured its security leadership, eliminating the CISO and Deputy CISO positions and appointing a new head of security, who is a former Bridgewater CTO and President. Takeaways from the meeting: 1. Microsoft has undergone a significant restructuring of its security leadership. 2. The positions of Chief Information Security … Read more
November 4, 2023 at 12:30PM Microsoft is launching a new ‘Secure Future Initiative’ to address recent hacks and improve security. The initiative includes faster cloud patches, better management of identity signing keys, and shipping software with a higher default security level. Microsoft plans to revamp the Software Development Lifecycle (SDL) and use AI to automate … Read more
November 3, 2023 at 12:11PM Microsoft is launching a new initiative called the Secure Future Initiative (SFI) to enhance the security of its software and cloud services. The SFI focuses on three key pillars, including the increased use of AI in security operations and products, an update of software engineering practices leveraging AI, and ensuring … Read more