In early 2022, Microsoft addressed CVE-2022-22005, a remote code execution (RCE) vulnerability that used website creation features in SharePoint, releasing a security patch. Even though the flaw had already been fixed, a security researcher found a new way to exploit the deserialization bug by uploading malicious files to the server. Many languages use serialization and […]
A group of researchers developed a tool capable of detecting errors in the way applications such as Adobe Acrobat or Microsoft Word process JavaScript code, which has allowed finding a total of 134 security flaws, of which 33 have already received a CVE tracking key. The tool is called “Cooper”, in reference to the technique […]
Microsoft has highlighted RaaS, also known as ransomware as a service, as a criminal company relying on freelancers and is designed to spread the risk. Microsoft security professionals track over 35 separate ransomware attacks and 250 threats. RaaS, it claims, is a new economy centered on three main pillars and engaging various actors. RaaS has […]
At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. “Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military […]
Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called “Nimbuspwn,” the flaws “can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, […]
The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a “departure” from the group’s typical […]
The cybersecurity experts at Varonis security firm have recently discovered a Hive ransomware affiliate that has been deploying a variety of backdoors, including the Cobalt Strike beacon, in order to compromise the Microsoft Exchange servers that are vulnerable to the ProxyShell flaws. By deploying these backdoors the threat actors perform the following tasks and activities:- […]
Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global […]
The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that’s used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns […]
In an attempt to eliminate the infrastructure used to launch attacks against Ukrainian targets, Microsoft has taken down seven domain names used by the Russian hacking group APT28 to disrupt the attacks. All these domains were used by Strontium (aka Fancy Bear and APT28) to target multiple Ukrainian institutions, including the media outlets, and this […]
In an unusual incident, British authorities have accused a 16-year-old boy of being one of the leaders of the dangerous hacking group Lapsus$. The young man was also identified by hackers and investigators, who mention that he would have managed to obtain up to $ 14 million USD as part of his cybercriminal operations. London […]
Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. “No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) […]
UPDATE: It’s worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that’s been denominated HermeticWiper (aka KillDisk). Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure hours before Russia launched its first missile strikes last week. The […]
A new malware capable of controlling social media accounts is being distributed through Microsoft’s official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware “Electron Bot,” in reference to a command-and-control (C2) domain used […]
Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. “Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly […]
Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it’s still in its early stages. The company’s Microsoft 365 Defender Research Team called out various new avenues through which […]
Researchers at security firm Sophos recently reported a hacking campaign related to the ProxyLogon and ProxyShell exploits for the exploitation of an unpatched Microsoft Exchange server. This compromised server was used for the mass distribution of Squirrelwaffle, a malware loader delivered via email threads as a method of deceiving employees in the affected organizations in […]
Microsoft has developed multiple protection mechanisms against some popular hacking variants, including the malicious use of macros. Sometimes, threat actors send Office files in which affected users must enable macros to complete the attack, triggering malware download, information theft, and even remote access. Despite protection mechanisms (such as the bar indicating the disabling of macros), […]
Microsoft on Monday said it’s taking steps to disable Visual Basic for Applications (VBA) macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. “Bad actors send macros in Office files to end users who […]
Microsoft last week announced that it’s temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal […]
On Monday, Microsoft announced that it has decided to disable Excel 4.0 macros by default in the latest version of the application to keep users protected against some security risks associated with this feature. As you may already know, a macro is a series of commands to automate a repeated task and that can be […]