#microsoft

Best-in-class awareness training comes after a marked increase in cybersecurity risks and attacks in 2022.

pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing.

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

Nok Nok, an inventor of FIDO authentication standards, announces full support for passkeys in its S3 Authentication Suite that allows organizations to replace passwords.

Categories: News Tags: week in security Tags: awis Tags: typosquatting Tags: cyberstalking Tags: Snapchat Tags: student loan relief scam Tags: Gas Tags: LAPSUS$ Tags: Microsoft Tags: Ducktail Tags: Venus Tags: ransomware Tags: BYOD Tags: SMB security tips Tags: Log4Text Tags: DeadBolt Tags: spot a scam Tags: FaceStealer Tags: fake tractor fraud Tags: ThermoSecure The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (October 17 - 23) appeared first on Malwarebytes Labs.

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang , Yuki Chen , and Dang The Tuyen! Check out the full list of researchers recognized this quarter here.

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang , Yuki Chen , and Dang The Tuyen! Check out the full list of researchers recognized this quarter here.

By Deeba Ahmed This hybrid method can provide improved predictions from one week before the fire using finer scales (4kmx4km resolution). This is a post from HackRead.com Read the original post: AI-based Model to Predict Extreme Wildfire Danger

Plus: A Microsoft cloud leak exposed potential customers, new IoT security labels come to the US, and details emerge about Trump’s document stash.

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET Core 3.1 where a malicious client can cause a Denial of Service via excess memory allocations through HttpClient. ### Affected software * Any .NET 6.0 application running on .NET 6.0.4 or earlier. * Any .NET 5.0 application running .NET 5.0.16 or earlier. * Any .NET Core 3.1 applicaiton running on .NET Core 3.1.24 or earlier. ### Patches * If you're using .NET Core 6.0, you should download and install Runtime 6.0.5 or SDK 6.0.105 (for Visual Studio 2022 v17.0) or SDK 6.0.203 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET 5.0, you should download and install Runtime 5.0.17 or SDK 5.0.214 (for Visual Studio 2019 v1...