Microsoft | Smart Thinking Solutions

9 June 20229 June 2022

The US Cybersecurity and Infrastructure Security Agency adds 36 known exploits to it’s data base

CISA Adds 36 Known Exploited Vulnerabilities to Catalog  | CISA Updates to the Known Exploited Vulnerabilities Catalog include: Owl Labs QNAP Google Cisco Adobe Netgear Microsoft

8 June 202216 January 2024

Apple and FIDO

Apple will be releasing iOS 16 to the public this autumn, however the developer release was made at Apple’s World Wide Developers Conference 2022. Also announced were an array of forthcoming Apple hardware and software about to be released – what interests me here is that Apple, true to it’s …

Continue reading “Apple and FIDO”

7 June 20227 June 2022

Microsoft seizes threat actor domains

The Microsoft Digital Crimes Unit has gone to court to seize 41 domains alleged to have been used by an Iranian cybercrime group called Bohrium. The Bohrium group ran a targeted email spear-phishing operation against organizations in the US, Middle East, and India. As part of the operation they would pose …

Continue reading “Microsoft seizes threat actor domains”

6 June 20226 June 2022

Ransomware via IoT

I have written before about the security limitations of “Internet of Things” (IoT) devices. Many of them are simple devices, possibly based on older tech, they tend to lack the hardware to allow for regular security updates, etc, etc etc. At least the UK Government is enacting laws to make …

Continue reading “Ransomware via IoT”

1 June 20229 June 2022

Microsoft guidance for Office zero-day vulnerability – Follina

I have written about this Microsoft Word vulnerability earlier this week: New attack using Microsoft Office documents – could you or your team recognise it? – Smart Thinking Solutions There is still not patch – but Microsoft has issued some mitigation guidance: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability …

Continue reading “Microsoft guidance for Office zero-day vulnerability – Follina”

31 May 20229 June 2022

Zero-day threat using Microsoft Office documents – even if macros are disabled – it’s called Follina

I have written about the usefulness and the threat that Microsoft Office document macros can pose to your cyber security. This flaw, called Follina, exploits Office functionality to retrieve an HTML file, and Microsoft Support Diagnostic Tool (MSDT) to run some malicious code, which can lead to privilege escalation attacks. …

Continue reading “Zero-day threat using Microsoft Office documents – even if macros are disabled – it’s called Follina”

26 May 202226 May 2022

More vulnerabilities to be aware of… Including Microsoft, Adobe, Linux and Google Chrome

software patches are essential cybersecurity

The US Cybersecurity and Infrastructure Security Agency is having a busy week of updating it’s Known Exploited Vulnerabilities Catalog: CISA Adds 34 Known Exploited Vulnerabilities to Catalog | CISA Microsoft and Adobe figure strongly on the list today but there are other products there – go and check. There is …

Continue reading “More vulnerabilities to be aware of… Including Microsoft, Adobe, Linux and Google Chrome”

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.