Security Guard Magazine
    Thumbnail
    Microsoft Russia cybersecurity malware

    Russian Hackers Exploit Microsoft Device Code Authentication to Target M365 Accounts

    February 14, 2025 • 1 min read

    Security researchers uncover sophisticated Russian threat actors using Microsoft's legitimate Device Code Authentication to compromise M365 accounts of government organizations and NGOs. The attack leverages social engineering and authentic Microsoft domains to bypass traditional security measures.

    Thumbnail
    Microsoft Windows malware cybersecurity

    Critical Windows Security Update Patches 55 Flaws, Including Two Active Exploits

    February 13, 2025 • 1 min read

    Microsoft's February 2025 Patch Tuesday addresses 55 security vulnerabilities in Windows systems, with two zero-day flaws already exploited by hackers. The update fixes multiple critical issues including remote code execution and privilege elevation vulnerabilities.

    Thumbnail
    Microsoft phishing ADFS cybersecurity

    Cybercriminals Target Organizations with Sophisticated ADFS Phishing Scheme

    February 05, 2025 • 1 min read

    Security researchers have uncovered a sophisticated phishing campaign targeting organizations using Microsoft ADFS, with attackers creating convincing fake login portals to steal credentials and bypass MFA. The scam has affected over 150 organizations across education, healthcare, government and technology sectors, primarily in the US, Canada, Australia and Europe.

    Thumbnail
    UEFI Microsoft Windows malware

    Critical UEFI Secure Boot Vulnerability Threatens Windows Systems Worldwide

    January 20, 2025 • 1 min read

    A major security flaw in UEFI Secure Boot (CVE-2024-7344) exposes Windows systems to potential bootkit attacks that can survive system reboots and OS reinstalls. Microsoft and Linux vendors have released patches to address this vulnerability that bypasses critical startup security checks.

    Thumbnail
    cybersecurity authentication NCSC Microsoft

    The Evolution of Passkeys: Promising Yet Imperfect Authentication Solution in 2025

    January 15, 2025 • 1 min read

    Passkeys are emerging as a faster, more secure alternative to traditional passwords, offering unique benefits like phishing resistance and biometric protection. While implementation challenges and recovery concerns persist, industry collaboration is driving improvements in this authentication technology.

    Thumbnail
    PayPal Microsoft Fortinet phishing

    PayPal Users Targeted by Sophisticated Phishing Scam Using Legitimate URLs

    January 11, 2025 • 1 min read

    A newly discovered phishing campaign exploits PayPal's legitimate infrastructure to hijack user accounts by leveraging real URLs and Microsoft 365 test domains. The sophisticated attack can bypass standard security checks and PayPal's own phishing detection systems.

    Thumbnail
    Windows LDAP malware Microsoft

    Critical Windows Domain Controller Exploit Revealed: LDAPNightmare PoC Triggers System Crashes

    January 03, 2025 • 1 min read

    A new proof-of-concept exploit called LDAPNightmare demonstrates how attackers can crash Windows domain controllers through LDAP vulnerability CVE-2024-49113. The exploit forces system reboots by crashing LSASS, with potential for remote code execution if systems remain unpatched.

    Thumbnail
    authentication cybersecurity Apple Microsoft

    The Passkey Paradox: Why Password-Free Security Still Has a Long Way to Go

    December 30, 2024 • 1 min read

    Despite promising enhanced security, passkey technology faces significant adoption hurdles due to fragmented implementations across platforms and confusing user experiences. While major tech companies push their own solutions, the current state of passkeys falls short of delivering truly seamless password-free authentication for mainstream users.

    Thumbnail
    Microsoft FTC antitrust Azure

    FTC Investigates Microsoft's Federal Cybersecurity Contract Practices for Potential Antitrust Violations

    December 29, 2024 • 1 min read

    The Federal Trade Commission has launched an investigation into Microsoft's cybersecurity dealings with federal agencies, examining potential antitrust violations in contract procurement. The probe focuses on how Microsoft's free security offerings following the SolarWinds attack led to costly subscription lock-ins for government departments.

    Thumbnail
    Microsoft privacy education AI

    Educational Institutions Warned Against Microsoft 365 Copilot Over Privacy Risks

    December 25, 2024 • 1 min read

    SURF's recent assessment reveals significant privacy concerns with Microsoft 365 Copilot, including data handling transparency issues and accuracy problems. The organization strongly advises educational institutions to avoid using the AI tool until adequate protective measures are implemented.

  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next

Free Security Guards Resource and Information Magazine