Tag

Mitigations

All articles tagged with #mitigations

security6 days ago•3 min saved

Microsoft Unveils Mitigations for Windows YellowKey Zero-Day

Microsoft released mitigations for the YellowKey Windows BitLocker zero-day (CVE-2026-45585) after a PoC disclosure by Nightmare Eclipse, detailing steps to prevent exploitation—removing the autofstx.exe entry from the Session Manager BootExecute to stop FsTx replay, reestablishing BitLocker trust for WinRE, and enforcing TPM+PIN startup or a startup PIN with TPM on devices (via PowerShell, Intune, or Group Policy)—to block attacks until a patch is available.

via BleepingComputer|

#bitlocker #mitigations #security

security11 days ago•4 min saved

Exchange zero-day exploited in XSS attacks prompts rapid mitigations ahead of patches

Microsoft warns of a spoofing vulnerability in Exchange Server (CVE-2026-42897) that attackers can exploit via cross-site scripting to run arbitrary JavaScript in Outlook on the Web; patches aren’t yet available, but the Exchange Emergency Mitigation Service (EEMS) can automatically shield on-premises servers, with guidance to enable it now and an option to use the Exchange On-Premises Mitigation Tool (EOMT) for air-gapped networks. Mitigations may disrupt OWA features (calendar printing, inline images) and some OWA modes, and patches are planned for SE RTM and specific CU releases, though 2016/2019 updates may be limited to ESU Period 2. CISA/NSA previously highlighted widely exploited Exchange flaws and guidance to harden servers.

via BleepingComputer|

#cve-2026-42897 #exchange-server #mitigations

cybersecurity2 years ago•23 min saved

"Unpatched Vulnerabilities: A Growing Threat in 2022"

The Cybersecurity and Infrastructure Security Agency (CISA) and other international cybersecurity agencies have released a joint advisory detailing the top routinely exploited vulnerabilities in 2022. Malicious cyber actors have been targeting older software vulnerabilities and unpatched, internet-facing systems. The advisory provides recommendations for vendors, designers, developers, and end-user organizations to mitigate the risk of compromise. The top 12 vulnerabilities include Fortinet SSL VPNs, Microsoft Exchange email servers (ProxyShell), Zoho ManageEngine ADSelfService Plus, Atlassian Confluence Server, Apache's Log4j library (Log4Shell), and VMware Workspace ONE Access. Additional vulnerabilities were also identified, emphasizing the importance of timely patching and implementing security measures.

via CISA|

#cybersecurity #cybersecurity-advisory #exploits

gaming3 years ago•2 min saved

Activision's Latest Measures Against Cheating in Call of Duty.

Activision's Call of Duty Ricochet anti-cheat team has introduced new measures to reduce unfair play, including a system to detect third-party XIM-type devices and a replay investigation tool. Cheaters will face measures ranging from mitigations up to permabans across all Call of Duty titles. The company has also revealed new in-game mitigations, such as Damage Shield, Disarm, and Cloak. Activision's anti-cheat measures implemented in 2021 led to a "significant" drop in cheaters, but the company expects players to create new ways to get around existing measures.

via Engadget|

#anti-cheat #call-of-duty #gaming