Microsoft’s December 2023 Patch Tuesday was relatively light to end the year. Four out of the 34 flaws announced were critical. Learn how that affects you.
Microsoft’s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.
Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with […]
Microsoft’s August 2023 updates include six critical vulnerabilities, including a pair of Teams flaws that ‘deserve immediate remediation attention.’
SandboxAQ today introduced an open-source cryptography management framework built for the post-quantum era. The AI and quantum spin-out from Alphabet uses the Sandwich framework for its SandboxAQ Security Suite, currently used by several U.S. government agencies, global banks, telcos, and tech companies. The framework is designed to simplify cryptography management and give developers greater observability […]
The U.S. Securities and Exchange Commission this week announced new rules mandating the disclosure of cybersecurity incidents as well as ongoing risk management, strategy, and governance. The rules, which will become effective 30 days after publication, require public companies to disclose any cybersecurity incident they determine to be material within four business days, detailing its […]
Microsoft has hardened security following a Chinese hack of U.S. government agency email accounts, but some details remain a mystery. Even as the threat has passed, Microsoft officials are still analyzing how a Chinese threat group was able to access U.S. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. Chinese hacker […]
After Microsoft revealed that some signed Windows drivers are malicious, security researchers discussed how big the problem is.
Microsoft’s latest vulnerabilities include more than 100 malicious drivers and an unusual announcement of an unpatched Office and Windows flaw.
Most SIEM systems are missing the vast majority of MITRE ATT&CK techniques. Here’s what to do.
Subscribe to Cybersecurity Insider for top news, trends & analysis