Microsoft warns of phishy OAuth apps
We look at a Microsoft alert concerning bogus apps making use of OAuth permissions to go phishing, with potentially serious results.
Microsoft is now disabling Excel 4.0 macros by default
Microsoft says that all Excel 4.0 (XLM) macros will now be disabled by default.
A week in security (January 10 – 16)
The most important and interesting security stories from the last seven days.
After Log4j, December’s Patch Tuesday has snuck up on us
While everyone has one eye on Log4j, there are other vulnerabilities that need patching since Patch Tuesday has come along as well.
Microsoft disrupts China-based hacking group Nickel
Microsoft has been allowed to take control of 42 web domains that belonged to Chinese hacking group Nickel aka APT15
Emotet being spread via malicious Windows App Installer packages
Emotet is using a new attack vector, which makes Microsoft look bad. How does malware end up on Microsoft’s Azure cloud service and get distributed to victims from there?
Most people aren’t upgrading to Windows 11: Not the end of the world
Uptake on Windows 11 is apparently very low. We take a look at some of the reasons for this, and why it might not be such a bad thing.
Windows Installer vulnerability becomes actively exploited zero-day
A variant of an already patched vulnerability was disclosed by a researcher frustrated by Microsoft’s rewards.
Password usage analysis of brute force attacks on honeypot servers
Microsoft analysed the passwords that were attempted in over 25 million brute force attacks on their honeypots. What can we learn?
Evasive maneuvers: HTML smuggling explained
The intelligence team at Microsoft has revealed that cybercriminals are increasingly using a tactic called HTML smuggling. What is it, and why should internet users be concerned?
