cyber attacks

In the realm of cybersecurity, the principle of least privilege stands as a cornerstone for safeguarding systems against unauthorized access and potential breaches. This principle advocates for granting users only the permissions necessary to perform their tasks, thereby minimizing the risk of...

Microsoft's March 2025 Patch Tuesday brought an extensive lineup of bug fixes, but among these was a vulnerability that would quickly escalate into a significant security incident: CVE-2025-24054, an NTLM hash-leaking flaw. While Microsoft initially considered this vulnerability "less likely" to...

Here is a summary based on the article from CISA (Cybersecurity and Infrastructure Security Agency): On March 19, 2025, CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, following evidence of active exploitation. These vulnerabilities frequently serve as attack...

The growing adoption of generative AI in the workplace has ushered in sweeping changes across industries, delivering newfound efficiencies and innovative capabilities. Yet, with each leap toward automation and intelligence, a parallel, shadowy world of cyber threats surges ahead. A recent...

It started with an alert that sliced through the digital silence of Syria’s wired population—a warning so electrified it might as well have been delivered on a scroll, rolled out with sirens and flashing police lights. The Syrian Telecommunications Authority, sounding the alarms like a battalion...

One recent morning, Nick Johnson did what many of us do: scanned his inbox, eyes glazed, sifting spam from signal. Then he spotted what looked like a run-of-the-mill Google security alert—legit sender address, DKIM check passed, sorted neatly with his real security alerts. The message: Google...

Chase Fopiano remembers a time when hackers were the kind of thing only Hollywood made movies about — faceless criminals tapping away in neon-lit basements, targeting banks or Silicon Valley giants, never quaint police stations in sun-bleached South Florida. For most of his early career as a...

October is coming, and for Windows 10 users, the stakes could not be higher. As Microsoft prepares to finally sunset one of its most widespread operating systems, over half of all Windows users still cling to it, according to recent Statcounter data. If you’re one of them—and chances are, you...

We have lots of news this month to make the most of your time and help keep your family safer online. Today, we’re excited to unveil Microsoft Edge Kids Mode, a safer space for your child to discover the web. You can also learn more about Kids Mode by visiting Link Removed. Along with this news...

Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...

Original release date: October 30, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...

Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...

Virtual pen testing can enable automated data feeds and model execution from real-time assessment inputs; simulate loss scenarios associated with attack successes; and it can be used for offline cyber resiliency testing. Continue reading...

Original release date: March 27, 2018 Systems Affected Networked systems Overview According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and...

Original release date: June 13, 2017 | Last revised: July 07, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...

By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing. Since joining the MSRC, I’ve spent...

In yet another round of cyber attacks, hackers have stolen more than 177,000 emails from Sony Pictures France, ZDnet reports. The hackers say they wanted to demonstrate the sites insecurity to get them to fix their vulnerabilities. Read Full Story: Hackers Claim 177K Email Addresses from...

While Sony may have gotten its Playstation Network back online this week, other divisions of the Japanese business are still feeling hack attacks. The web site Naked Security reports that a hacker found his way into a data base at Sony Europe and took out "120 usernames, passwords (plain text)...

Media outlets and a Twitter feed this week lobbed a controversial term into the public debate about cyber attacks over WikiLeaks: Link Removed the WikiLeaks' European Twitter feed declared, linking to a blog post of the same title. "WikiLeaks Cyberwar!" read a CBS blog headline. "Cyberwar...