Microsoft | Smart Thinking Solutions

29 August 202329 August 2023

Catching up with the CISA Security Advisories

Whilst I have been away my team have been keeping up with security advisories that have impacted our clients. The vendors are the primary sources for my team but they also use the US government Cybersecurity and Infrastructure Security Agency (CISA) alerts and the Known Exploited Vulnerabilities Catalog. Let’s catch …

Continue reading “Catching up with the CISA Security Advisories”

11 August 202310 August 2023

CISA posts advisories on a range of security patches

Other vendors issue their monthly security and feature patches on or around Microsoft Patch Tuesday – it makes sense to get the updates all done together. The US government Cybersecurity and Infrastructure Security Agency (CISA) – one of my go to cyber security sites – issues regular round-ups of the …

Continue reading “CISA posts advisories on a range of security patches”

9 August 202311 October 2023

Microsoft Patch Tuesday

This morning, our support team have been reviewing our client monitoring reports and the SOC to check that the Microsoft Patch Tuesday updates have been completed. They will keep an eye on the reports all day to check there are no issues or absconders! Here is Microsoft’s detailed page on …

Continue reading “Microsoft Patch Tuesday”

4 August 20234 August 2023

Microsoft Office under attack… again…

So most organisations use Microsoft Office in some way. Even if it they do not use it, someone will email them a Word or Excel document. You cannot avoid it – even on a Mac or Linux computer. That makes it a juicy target for threat actors – there are …

Continue reading “Microsoft Office under attack… again…”

31 July 202323 November 2023

A Zero-day Primer

The zero-day threat is a serious one for any vendor or organisation to deal with and you should understand how it can defeat your technical defences. Here is a three-part mini-series that takes you through the zero-day threat in a straightforward way so you can make some decisions on how …

Continue reading “A Zero-day Primer”

24 July 202325 July 2023

Why private needs to mean private

Public/Private Key encryption and security is one of the most powerful tools when it comes to building great cyber security – it is the security that the internet runs on. So when Microsoft reported a breach on a number of high profile Exchange Online mailboxes, no one expected that the …

Continue reading “Why private needs to mean private”

18 July 202318 July 2023

Microsoft exploited vulnerability

The US government Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Office/Windows HTML vulnerability to its Known Exploited Vulnerabilities Catalog. CISA Adds One Known Exploited Vulnerability to Catalog | CISA And from Microsoft: Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.