Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.

Post related to: Microsoft

Security breach in Microsoft Outlook

Microsoft was the victim of a security breach in its Outlook email service, which includes @hotmail.com and @msn.com email accounts, after attackers stole Outlook support staff credentials and used...

References:

techcrunch.com

adslzone.net

motherboard.vice.com

threatpost.com

unaaldia.hispasec.com

Tags:

The Turla group attacks again

According to different sources, the Turla group is carrying out several attack campaigns. The first campaign has been discovered by ESET researchers where the objectives are embassies and...

References:

welivesecurity.com

securityaffairs.co

ncsc.gov.uk

Tags:

Windows 10 kernel source filtering

According to the news portal "theverge.com", a Microsoft spokesman would have confirmed the leakage of a large amount of source code from the Windows 10 kernel, even without releasing, from...

References:

thehackernews.com

theregister.co.uk

theverge.com

computerhoy.com

Tags:

Kaspersky denounces Microsoft for monopolistic practices

The Russian cybersecurity company Kaspersky Lab has filed a complaint with the European Union and the German antitrust office against Microsoft for conducting monopolistic practices. According to...

References:

blog.kaspersky.com

theverge.com

nytimes.com

reuters.com

adslzone.net

genbeta.com

Tags:

Tool

Microsoft

Lenovo bloatware installed from the BIOS of your laptop

Lenovo uses rootkit techniques to modify the Windows boot and install software from the BIOS of the laptop with security flaws. The tool, called Lenovo Service Engine or LSE, tool send non-personal...

References:

us-cert.gov

theregister.co.uk

es.gizmodo.com

Tags:

Microsoft

Vulnerability

FREAK, a vulnerability that reduces security in Android and Apple users

A group of investigators, named SMACK, have discovered several vulnerabilities in OpenSSL and Apple's TLS/SSL, that could allow a MiTM attack, degrading the security of the connections, moving from...

References:

washingtonpost.com

cryptographyengineering.com

freakattack.com

securityaffairs.co/

incibe.es

cert.org

Tags:

Jasbug, Windows critical vulnerability that took a year to patch

Jasbug, a Windows critical vulnerability reported in January 2014 that allowed remote execution of code, was patched one year later by Microsoft. This vulnerability affected all supported Windows...

References:

scmagazine.com

thehackernews.com

malavida.com

jasadvisors.com

Tags:

Microsoft

Vulnerability

Windows

Wirelurker: malware for Mac OS and iOS too

The company Palo Alto Networks has published a report in which they analyse a new malware, Wirelurker, affecting also Mac OS and iOS devices. Wirelurker, which would have been active at least six...

References:

paloaltonetworks.com

elotrolado.net

Tags:

Apple

Malware

Microsoft

APT BlackEnergy y 0day Sandworm

Siguiendo un proceso de revelación responsable, iSIGHT ha publicado el descubrimiento de una nueva vulnerabilidad 0day, que afecta al gestor de paquetes OLE en Microsoft Windows y Microsoft Server....

References:

sightpartners.com

inteco.es

welivesecurity.com

blog.trendmicro.com

abcnews.go.com

securityaffairs.co

us-cert.gov

Tags:

Fin del soporte Windows XP SP3 y Office 2003

El pasado 8 de Abril de 2014 se acabo el soporte para Windows XP SP3 y Office 2003. Desde entonces, Microsoft ha dejado de proporcionar para Windows XP actualizaciones de seguridad o parches para...

References:

inteco.es

betanews.com

techrepublic.com

Tags:

Microsoft

Windows

Corporate access