Microsoft reported a previously unknown vulnerability known as a zero-day flaw that was present in many versions of Windows and Office and was being actively exploited in the wild. The vulnerability, which was tracked and given the identifier CVE-2023-36884, was used by nation-state actors and cybercriminals to acquire remote code execution by using infected Office […]
Microsoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data. The attacks, which commenced on May 15, 2023, entailed access to email accounts affecting approximately 25 entities and a […]
Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that’s engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came to light in October 2021. “This malicious actor originates from China and their main […]
Microsoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of “None.” […]
RomCom is a RAT – that enables remote access/control over devices to exfiltrate sensitive information for financial gain, now being used in geo politically-motivated attacks against Ukraine’s military institutions. According to the Blackberry threat intelligence team, the threat actor targets NATO Submit guests through RTF Exploitation. Threat actors took advantage of this event and sent […]
Group that engages in hacking and denial of service attacks Anonymous Sudan claims that it has information stolen from 30 million user accounts on Microsoft’s platform. The assertions have been refuted by Microsoft. At the beginning of this month, the hacking gang made the claim that it successfully attacked Microsoft and obtained a database that […]
Any user who has a Microsoft account is able to communicate with ‘external tenants’ via the usage of Microsoft Teams. Any company or organization that makes use of Microsoft Teams qualifies as an external tenancy for the purposes of this discussion. Members of the Red Team at the security services business Jumpsec, did some digging […]
In recent weeks, a hacker collective calling itself Anonymous Sudan has been responsible for launching distributed denial of service attacks (DDoS) on a number of Microsoft services, including Outlook, OneDrive, and Microsoft Azure, amongst others. These attack events, which typically lasted between one and two hours, were successful in their goal of crippling Microsoft’s services […]
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderate, and one is rated Low in severity. This also includes three […]
Security researchers have warned about an “easily exploitable” flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. “A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system,” Varonis researcher Dolev Taler said. […]
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. “Exploitation is often followed by deployment of a web shell with data exfiltration capabilities,” the Microsoft Threat Intelligence team said in a series of tweets today. “CVE-2023-34362 […]
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System […]
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat’s (APT) continued abuse of DLL side-loading techniques to run arbitrary […]
Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including two zero-day bugs that it said is being actively exploited in the wild. Trend Micro’s Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that “this number is expected to rise […]
Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant’s threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other […]
It’s the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, […]
Threat actors used a well-liked piece of corporate communication software from 3CX, according to security experts. In particular, reports state that a desktop client for the 3CX VoIP (Voice over Internet Protocol) service was used to specifically target 3CX’s clients. It is believed that the attack is a multi-part process, with the first stage using […]
Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed “Super FabriXss” by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. […]
Microsoft on Tuesday unveiled Security Copilot in limited preview, marking its continued quest to embed AI-oriented features in an attempt to offer “end-to-end defense at machine speed and scale.” Powered by OpenAI’s GPT-4 generative AI and its own security-specific model, it’s billed as a security analysis tool that enables cybersecurity analysts to quickly respond to […]
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any […]
The Goose Tool is a new free tool that may assist network defenders in identifying possibly malicious activities in Microsoft Azure, Azure Active Directory, and Microsoft 365 environments. It was developed by CISA and is available on their website. The Unidentified Goose Tool, which was developed with assistance from Sandia National Laboratories, provides network defenders […]