Microsoft Addresses Security Flaw in Power Platform Amid Criticism for Delayed Response On Friday, Microsoft announced it has remedied a significant security vulnerability affecting its Power Platform, although it faced backlash for not acting more swiftly. This flaw posed a risk of unauthorized access to Custom Code functions utilized in…
In its August 2023 Patch Tuesday updates, Microsoft has addressed a total of 74 vulnerabilities across its software suite, a significant decrease from the 132 vulnerabilities patched in the previous month. Among these, there are six classified as Critical, 67 as Important, and one as Moderate in severity. The latest…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a newly patched vulnerability affecting Microsoft’s .NET and Visual Studio products in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that the flaw is actively being exploited in the wild. This vulnerability, tracked…
A recent disclosure has revealed a series of 16 high-severity security vulnerabilities in the CODESYS V3 software development kit (SDK). This suite of flaws could potentially lead to remote code execution and denial-of-service conditions, thereby posing significant risks to operational technology (OT) sectors. The vulnerabilities, tracked from CVE-2022-47378 to CVE-2022-47393…
Microsoft Discovers New Russian Hacking Attempts Ahead of U.S. Midterm Elections In a recent revelation, Microsoft announced the discovery of new hacking efforts attributed to the Russian hacking group APT28, also known as Strontium or Fancy Bear. These attempts, aimed at conservative think tanks and the U.S. Senate, surfaced amid…
In a significant legal move, Microsoft has initiated a lawsuit against the Department of Justice (DoJ) to contest a gag order that prohibits technology companies from notifying their customers when their cloud-based data is accessed by government authorities. This lawsuit arises from concerns regarding the implications of the Electronic Communications…
Recent reports indicate a significant data breach involving a massive database of 272 million email addresses and passwords from leading email providers, including Gmail, Microsoft, and Yahoo. This sensitive information is currently being offered for sale on the Dark Web for a mere price of less than one dollar. The…
Microsoft’s NTLMv1 protocol, introduced in the 1980s alongside OS/2, has long been known for its vulnerabilities. Significant research, notably by cryptanalyst Bruce Schneier and Mudge in 1999, highlighted critical weaknesses in NTLMv1’s security architecture. This became alarmingly clear during the 2012 Defcon 20 conference, where researchers unveiled a toolkit that…
Kaiser Permanente to Disburse Payments Following Data Sharing Settlement Kaiser Permanente, a prominent player in the U.S. healthcare landscape, is preparing to issue payments to customers affected by an incident involving the unauthorized sharing of personal data and health information with third-party companies. This move comes in the wake of…
