Microsoft warns of phishy OAuth apps

We look at a Microsoft alert concerning bogus apps making use of OAuth permissions to go phishing, with potentially serious results.

Read more

Microsoft is now disabling Excel 4.0 macros by default

Microsoft says that all Excel 4.0 (XLM) macros will now be disabled by default.

Read more

A week in security (January 10 – 16)

The most important and interesting security stories from the last seven days.

Read more

After Log4j, December’s Patch Tuesday has snuck up on us

While everyone has one eye on Log4j, there are other vulnerabilities that need patching since Patch Tuesday has come along as well.

Read more

Microsoft disrupts China-based hacking group Nickel

Microsoft has been allowed to take control of 42 web domains that belonged to Chinese hacking group Nickel aka APT15

Read more

Emotet being spread via malicious Windows App Installer packages

Emotet is using a new attack vector, which makes Microsoft look bad. How does malware end up on Microsoft’s Azure cloud service and get distributed to victims from there?

Read more

Most people aren’t upgrading to Windows 11: Not the end of the world

Uptake on Windows 11 is apparently very low. We take a look at some of the reasons for this, and why it might not be such a bad thing.

Read more

Windows Installer vulnerability becomes actively exploited zero-day

A variant of an already patched vulnerability was disclosed by a researcher frustrated by Microsoft’s rewards.

Read more

Password usage analysis of brute force attacks on honeypot servers

Microsoft analysed the passwords that were attempted in over 25 million brute force attacks on their honeypots. What can we learn?

Read more

Evasive maneuvers: HTML smuggling explained

The intelligence team at Microsoft has revealed that cybercriminals are increasingly using a tactic called HTML smuggling. What is it, and why should internet users be concerned?

Read more

Select your language