A week in security (January 10 – 16)
The most important and interesting security stories from the last seven days.
After Log4j, December’s Patch Tuesday has snuck up on us
While everyone has one eye on Log4j, there are other vulnerabilities that need patching since Patch Tuesday has come along as well.
Microsoft disrupts China-based hacking group Nickel
Microsoft has been allowed to take control of 42 web domains that belonged to Chinese hacking group Nickel aka APT15
Emotet being spread via malicious Windows App Installer packages
Emotet is using a new attack vector, which makes Microsoft look bad. How does malware end up on Microsoft’s Azure cloud service and get distributed to victims from there?
Most people aren’t upgrading to Windows 11: Not the end of the world
Uptake on Windows 11 is apparently very low. We take a look at some of the reasons for this, and why it might not be such a bad thing.
Windows Installer vulnerability becomes actively exploited zero-day
A variant of an already patched vulnerability was disclosed by a researcher frustrated by Microsoft’s rewards.
Password usage analysis of brute force attacks on honeypot servers
Microsoft analysed the passwords that were attempted in over 25 million brute force attacks on their honeypots. What can we learn?
Evasive maneuvers: HTML smuggling explained
The intelligence team at Microsoft has revealed that cybercriminals are increasingly using a tactic called HTML smuggling. What is it, and why should internet users be concerned?
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
Another Patch Tuesday has come around, and while it may seem as a calm one for a change, there is enough to patch and update.
A week in security (Nov 1 – Nov 7)
A roundup of the previous week’s blog post, and the most important and interesting security events and happenings.
