Microsoft

Generative AI in Security: Risks and Mitigation Strategies

Posted on October 15, 2024October 16, 2024 by Admin

Generative AI became tech’s fiercest buzzword seemingly overnight with the release of ChatGPT. Two years later, Microsoft is using OpenAI foundation models and fielding questions from customers about how AI changes the security landscape. Siva Sundaramoorthy, senior cloud solutions security architect at Microsoft, often answers these questions. The security expert provided an overview of generative AI — including its benefits and security risks — to a crowd of cybersecurity professionals at ISC2 in Las Vegas…

Patch Tuesday: Internet Explorer Vulnerabilities Patched

Posted on October 10, 2024October 10, 2024 by Admin

A breach in the engine behind Internet Explorer and a vulnerability in the Remote Desktop Protocol Service top the list of about 117 patches deployed in Microsoft’s monthly update. Around the same time, Apple has released a fix for macOS 15 that restores functionality to some third-party security tools. Patch Tuesday is a useful reminder for admins to ensure applications and security services are up to date. Microsoft Management Console vulnerability exploited Despite previous reports…

US, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’

Posted on October 7, 2024October 8, 2024 by Admin

New reports from both Microsoft’s Digital Crimes Unit and the U.S. Department of Justice expose a disruptive operation against more than 100 servers used by “Star Blizzard” — a Russian-based cyber threat actor specializing in compromising email boxes to exfiltrate sensitive content or interfere with the target’s activities. Who is Star Blizzard? Star Blizzard is also known as Seaborgium, Callisto Group, TA446, Coldriver, TAG-53 or BlueCharlie. According to various government entities around the globe, Star…

Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns

Posted on October 4, 2024October 4, 2024 by Admin

Check Point’s Harmony Email & Collaboration team detected over 5,000 emails disguised as Microsoft product notifications, which could lead to email extortion, the cybersecurity company said on Oct. 2. The emails stand out for their polished appearance and the inclusion of legitimate links. The announcement comes as part of Cybersecurity Awareness Month, highlighting the ongoing risks posed by phishing attacks. Email scam campaign stands out for polished appearance The emails come from “organizational domains impersonating…

What’s Inside Microsoft’s Major Windows 11 Update?

Posted on October 1, 2024October 1, 2024 by Admin

Microsoft has begun rolling out its new Windows 11 update for 2024 — but it will come in phases. The update, known as version 24H2, opens the door to Microsoft’s new AI features in select PCs. The annual update also brings a new look for File Explorer, the sudo command for elevating privileges in a regular console session, new features and tools for IT teams, security updates, and more. File explorer and quick settings boast…

Microsoft Reports on Progress of Revamping Security Efforts

Posted on September 24, 2024September 24, 2024 by Admin

On Sept. 23, Microsoft released a report detailing the progress of the Secure Future Initiative, the company-wide overhaul put in place in November 2023. The Secure Future Initiative exists to improve security in the wake of some high-profile vulnerabilities in 2023. These vulnerabilities included a breach in Microsoft Exchange Online that allowed threat actors associated with the Chinese government to access U.S. government emails in 2023. In April 2024, the U.S. Cyber Safety Review Board…

Email Attacks a Problem for National Infrastructure Companies

Posted on September 17, 2024September 18, 2024 by Admin

Cyber attackers are repeatedly using malicious emails to infiltrate critical national infrastructure. Up to 80% of CNI companies experienced an email-related security breach in the last year, according to a new report from security solution provider OPSWAT. Compromising CNI, like utilities, transport, telecommunications, and now data centres, can lead to widespread disruption, making it a prime target for cyber attacks. A recent report from Malwarebytes found that the services industry is the worst affected by…

Patch Tuesday: Microsoft Catches Four Zero-Day Vulnerabilities

Posted on September 10, 2024September 11, 2024 by Admin

Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe. On Patch Tuesday, which Microsoft calls “Update Tuesday,” other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the…

Microsoft Is Disabling Default ActiveX Controls in Office 2024

Posted on September 10, 2024September 11, 2024 by Admin

Microsoft will disable ActiveX controls by default in the Office suite, starting in October with the release of Office 2024. Phasing out the software framework is likely related to numerous security vulnerabilities that have been exploited in the past. Dating back to 1996, ActiveX has long been used for embedding interactive objects, such as buttons or forms, within Office documents. It was formerly used to load multimedia content, like videos, in Internet Explorer. However, it…

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Posted on August 14, 2024August 14, 2024 by Admin

Patch Tuesday, Microsoft’s monthly report of security updates, brought 90 CVEs, including some vulnerabilities that were being actively exploited. Some vulnerabilities originated in Chromium, meaning both Microsoft Edge and Google Chrome may have been affected. Here are the most critical flaws and patches disclosed by Microsoft on Aug. 13. Six zero-day flaws had been exploited Threat actors had already taken advantage of six zero-day exploits in particular: CVE-2024-38106: an elevation of privilege vulnerability in the…

« 1 2 3 4 5 … 7 »

Generative AI in Security: Risks and Mitigation Strategies

Patch Tuesday: Internet Explorer Vulnerabilities Patched

US, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’

Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns

What’s Inside Microsoft’s Major Windows 11 Update?

Microsoft Reports on Progress of Revamping Security Efforts

Email Attacks a Problem for National Infrastructure Companies

Patch Tuesday: Microsoft Catches Four Zero-Day Vulnerabilities

Microsoft Is Disabling Default ActiveX Controls in Office 2024

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)