A week in security (January 10 – 16)

The most important and interesting security stories from the last seven days.

Read more

After Log4j, December’s Patch Tuesday has snuck up on us

While everyone has one eye on Log4j, there are other vulnerabilities that need patching since Patch Tuesday has come along as well.

Read more

Microsoft disrupts China-based hacking group Nickel

Microsoft has been allowed to take control of 42 web domains that belonged to Chinese hacking group Nickel aka APT15

Read more

Emotet being spread via malicious Windows App Installer packages

Emotet is using a new attack vector, which makes Microsoft look bad. How does malware end up on Microsoft’s Azure cloud service and get distributed to victims from there?

Read more

Most people aren’t upgrading to Windows 11: Not the end of the world

Uptake on Windows 11 is apparently very low. We take a look at some of the reasons for this, and why it might not be such a bad thing.

Read more

Windows Installer vulnerability becomes actively exploited zero-day

A variant of an already patched vulnerability was disclosed by a researcher frustrated by Microsoft’s rewards.

Read more

Password usage analysis of brute force attacks on honeypot servers

Microsoft analysed the passwords that were attempted in over 25 million brute force attacks on their honeypots. What can we learn?

Read more

Evasive maneuvers: HTML smuggling explained

The intelligence team at Microsoft has revealed that cybercriminals are increasingly using a tactic called HTML smuggling. What is it, and why should internet users be concerned?

Read more

[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates

Another Patch Tuesday has come around, and while it may seem as a calm one for a change, there is enough to patch and update.

Read more

A week in security (Nov 1 – Nov 7)

A roundup of the previous week’s blog post, and the most important and interesting security events and happenings.

Read more

Select your language