English - French - Italian


Microsoft

Dual-Boot Linux broken after Windows security update

Peter • Sunday, August 25, 2024 • 2 mins read (397)

The issue: A monthly Windows update pushed on August 13 has disrupted dual-boot systems running both Windows and Linux. The update, released on August 13, aimed to fix a two-year-old vulnerability (!

Continue...



Microsoft

MFA mandatory for Azure services, soon

Peter • Friday, August 23, 2024 • 2 mins read (258)

The good intention: Microsoft will implement mandatory multi-factor authentication (MFA) for all Azure services starting October 2024. This move aims - of course - to enhance security by ensuring that users verify their identity through multiple methods before accessing services.

Continue...



Networking

New TLD is now reserved from ICANN for internal networks

Peter • Monday, August 12, 2024 • 1 min read (125)

The point: The Internet Corporation for Assigned Names and Numbers (ICANN) has officially reserved the top-level domain “.INTERNAL” for private-use applications. Interestingly but not surprisingly Google and some Google Cloud customers "

Continue...



emails

Roundcube mail server fix

Peter • Thursday, August 8, 2024 • 1 min read (193)

The issue: A critical Cross-Site Scripting (XSS) vulnerability was discovered in Roundcube, an open-source webmail software widely used by government agencies and universities. This vulnerability allows attackers to execute arbitrary JavaScript in the victim's browser simply by having them view a malicious email.

Continue...



Microsoft

Simple CSS can be used to bypass anti-phishing Outlook warning...

Peter • Wednesday, August 7, 2024 • 2 mins read (278)

The issue: To help user to pay better attention to email from unfamiliar addresses, Microsoft 365 add a warning to the email stating “You don't often get email from xyz@example.

Continue...



Microsoft

New Outlook flaw: MonikerLink

Peter • Monday, February 19, 2024 • 1 min read (171)

The good: Microsoft Outlook attachments and links cannot be downloaded by default to prevent exploit (let say a malicious script execution). A (wellknown) readonly feature called Office Protected View. So, in theory, an attacker would be happy if you double click (but a warning will appear from Office Protected View), and then click again to unlock Office Protected View.

Continue...