Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities
Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems
Microsoft-owned GitHub is taking steps to secure the open source software ecosystem by rolling out security features to protect code repositories.
Microsoft warns enterprises should pay attention to a new botnet used to launch DDoS attacks on private Minecraft Java servers.
Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability. [...]
Microsoft announced today that a future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. [...]
A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. [...]
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities
Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers
Redmond and Cupertino criticized for slow and weak responses by Australian regulator Australia's e-safety commissioner, a government agency charged with keeping citizens safe online, has delivered a report on seven tech platforms' mechanisms to protect children from online sexual abuse – and found most don't respond quickly, or have the processes to do so well.…
Microsoft has addressed a known issue that made parts of the Task Manager unreadable after installing the KB5020044 November preview update on Windows 11 22H2 systems. [...]
Microsoft has removed a compatibility hold after fixing lower-than-expected performance or stuttering in some games affecting some Windows 11, version 22H2 systems. [...]
Ukrainian government entities were hacked in targeted attacks after their networks were first compromised via trojanized ISO files posing as legitimate Windows 10 installers. [...]
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
Pitches storage, cloudy software compliance to twitchy EU customers thinking about GDPR Microsoft has confirmed that from the beginning of 2023, it will introduce an EU Data Boundary solution designed to help customers in the European Union and the European Free Trade Association comply with legislation including the General Data Protection Regulation (GDPR).…
Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution
Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments
Handy tools to kill off security protections get Redmond's stamp of approval Microsoft says it has suspended several third-party developer accounts that submitted malicious Windows drivers for the IT giant to digitally sign so that the code could be used in cyberattacks.…
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. [...]
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver payloads in Magniber ransomware attacks. [...]