microsoft (36)

13328589655?profile=RESIZE_400xSecurity researchers have flagged a critical vulnerability in Microsoft’s multi-factor authentication (MFA) system, called “AuthQuake,” that could allow attackers to bypass protections and gain unauthorized account access.  Their report[1] details how the flaw required no user interaction, did not generate alerts, and took less than an hour to execute.  While multi-factor authentication (MFA) is a solid security mechanism, such flaws make it a double-edged sword due to the nature of the user’s r

13247018662?profile=RESIZE_400xTrustwave researchers have recently released a report about a phishing campaign they had been tracking which had experienced a significant increase in activity in August of 2024 and targeting primarily Microsoft 365 users. This campaign has been linked to the phishing kit called Rockstar 2FA.  The Rockstar 2FA phishing kit has been deemed to be an updated version of the DadSec phishing kit. Microsoft tracks the threat actor behind these phishing kits under the moniker Storm-1575.

Rockstar operat

13105282855?profile=RESIZE_400xThe Black Basta group is a Ransomware-as-a-Service (RaaS) provider that has been in operation since at least April of 2022.  The group is believed to be comprised of former members of the ransomware groups Conti and REvil.  The reason for this belief is driven by several factors, such as the similarities in their tactics and their rapid integration into the cybercriminal ecosystem.

Black Basta is credited as having victimized over 500 organizations.  In the first quarter of 2024, the group had c

12761861691?profile=RESIZE_400xLast week, some of Microsoft’s apps were knocked offline in an intentional cyber-attack, it said in an update.  The company’s attempts to stop the hack amplified it.  That meant that some of its apps and features were offline for much of 31 July.  It came just days after Windows PCs were hit by a huge outage that brought much of the world to a standstill, cancelling flights and delaying hospital appointments.  That was the result of a bug in cybersecurity software made by third-party company Cro

12742978500?profile=RESIZE_400xA Microsoft outage starting during the evening of 18 July which crippled airlines, financial services, health-care and many energy companies across the world, resulting for many in a "blue screen of death" on their work computers.  In response, Microsoft on Saturday released a recovery tool to help repair Windows machines affected by the bug, a day after CrowdStrike provided instructions for how to fix a crashed PC.

CrowdStrike, a cybersecurity firm whose software protects small businesses and l

12621699093?profile=RESIZE_400xMicrosoft will soon allow businesses and developers to build AI-powered Copilots that can work like virtual employees and perform tasks automatically.  Instead of Copilot sitting idle waiting for queries, it will be able to monitor email inboxes and automate tasks or data entry that employees normally have to do manually.  It is a big change in the behavior of Copilot, which the industry commonly calls AI agents or the ability for chatbots to intelligently perform complex tasks autonomously.  “W

12615893062?profile=RESIZE_400xThe European Union has warned Microsoft that it could be fined up to 1% of its global annual turnover under the bloc’s online governance regime, the Digital Services Act (DSA), after the company failed to respond to a request for information (RFI) that focused on its generative AI tools.  In March 2024, the EU asked Microsoft and several other tech giants for information about systemic risks posed by generative AI tools.  On 16 May 2024, the Commission said Microsoft failed to provide some reque

12546459274?profile=RESIZE_400xGoogle is betting Microsoft Corp.’s very public cybersecurity failures, along with deep discounts will persuade corporate and government customers to use the search giant’s productivity software rather than Office.  Some are insinuating Google is trying to steal customers. 

Government agencies that switch 500 or more users to Google Workspace Enterprise Plus for three years will get one year free and be eligible for a “significant discount” for the rest of the contract, said Andy Wen, the senior

12543851483?profile=RESIZE_400xMicrosoft has recently declared that security will now be the company's topmost priority "above all else," even taking precedence over shipping new product features and capabilities.  This commitment to making security job #1 comes on the heels of a string of incidents, including a major breach disclosed just two months ago, where Russian state-sponsored hackers tracked as Midnight Blizzard or Nobelium gained disturbing levels of access to Microsoft's internal systems and source code repositorie

12436121296?profile=RESIZE_400xThe threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data.   Cybersecurity investigators characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in the Asia-Pacific region.  To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as m

12420201687?profile=RESIZE_400xData security continues to cause angst and thus the US House of Representatives has reportedly banned congressional staffers from using Microsoft’s AI coding assistant, Copilot.  This comes just weeks after Microsoft announced the official public release of AI Copilot on 14 March 2024.

The ban, implemented by the House’s Chief Administrative Officer Catherine Szpindor, reportedly stems from concerns about potential data leakage.  According to Axios, Szpindor’s office believes AI Copilot “poses a

12400254075?profile=RESIZE_400xCyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity.  AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response.  Adversaries can use AI as part of their exploits.  It is never been more critical for us to design, deploy, and use AI securely.

See:  https://redskyalliance.org/xin

12400169052?profile=RESIZE_400xA Microsoft spokesman reported that the Russian government-backed hacking team that broke into its corporate network and spied on senior executives also stole source code and may still be poking around its internal computer systems.  In what is being described as an “ongoing attack,” the world’s largest software maker says it has evidence the hacking group “is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.”  This has inc

12374281897?profile=RESIZE_400xAttackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity.  “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write.  “Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one or

12336973288?profile=RESIZE_400xA new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.  Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation.  Nim-based malware has been a rarity in the threat landscape, although that has been slowly changing in recent years as attackers continue to either develop custom tools from scra

12239035273?profile=RESIZE_400xMalicious ADs served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools.  The findings come from researchers, who revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations.

Introduced by Microsoft in February 2023, Bing Chat is an interactive search experience that's powered by OpenAI's large language model called GPT-4.  A month lat

12213058659?profile=RESIZE_400xMicrosoft spokesmen disclosed on 17 August 2023 that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.  "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X (formerly Twitter).  "This Bla

12213048281?profile=RESIZE_400xThreat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months.  The majority of the phishing campaigns target Microsoft login credentials, although some pages are targeting Adobe, Dropbox, and other cloud apps, was recently reported by security researchers.   Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a data storage service for the cloud.[1]

Cloudflare R2 is a zero-egress distributed o

12185081291?profile=RESIZE_400xMultiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.[1]

THREAT INTELLIGEN

11148338501?profile=RESIZE_400xAround the time that the US Federal Bureau of Investigation (FBI) was examining the equipment recovered from the wreckage of the Chinese spy balloon shot down off the South Carolina coast in February, American intelligence agencies and Microsoft detected what they feared was a more worrisome intruder: mysterious computer code that has been popping up in telecommunications systems in Guam and elsewhere in the US.

The code, which Microsoft said was installed by a Chinese government hacking group,