Tag: Microsoft

July 10, 2024

CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. “Check Point Research […]

June 26, 2024

American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit. Geisinger on Monday announced the results of […]

June 20, 2024

Security pros are warning of a new infostealer being distributed using different methods across the internet. Fickle Stealer does the usual tactics – steals sensitive files, system information, files stored in the browser, cryptocurrency wallet information, and more – but […]

June 19, 2024

Security researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails. A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling […]

May 29, 2024

A brand-new cybercrime group that Microsoft ties to North Korea is tricking targets using fake job opportunities to launch malware and ransomware, all for financial gain. Microsoft tracks this group as “Moonstone Sleet” and says it has been active since […]

May 24, 2024

Windows Recall, the new feature that records a user’s screen at regular intervals, has been labelled a “privacy nightmare” due to potential data privacy and security risks. Microsoft announced the generative AI-based tool on Monday; it records “snapshots” of a […]

April 22, 2024

Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. “They are learning to use tools powered by AI large language models (LLM) to make their […]

April 11, 2024

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows […]

March 25, 2024

If your Windows domain controllers have been crashing since a security update was installed earlier this month, there’s no longer any need to speculate why: Microsoft has admitted it introduced a memory leak in its March patches and fixed the […]

March 11, 2024

In a sobering update released March 8th, Microsoft has revealed that the Russian state-sponsored hacking group Midnight Blizzard, also tracked as Nobelium, has gained unauthorized access to some of the company’s source code repositories and internal systems. This follows an […]

February 20, 2024

OpenAI and Microsoft recently collaborated to identify and disrupt several nation-state actors who were attempting to use AI services for malicious cyber activities. According to Microsoft, the disrupted threat actors were affiliated with China, Iran, North Korea, and Russia. Their […]

February 7, 2024

Iran’s anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran’s activity, published by Microsoft Threat Analysis Center (MTAC) today, concluded […]

January 25, 2024

Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, […]

January 24, 2024

For most organizations – especially security vendors – disclosing a corporate email breach, in which executives’ internal messages and attachments were stolen, would noticeably ding their stock prices. But Microsoft apparently doesn’t operate by the laws of Wall Street. Late […]

January 19, 2024

Microsoft has released a report detailing recent activity by Mint Sandstorm, an Iranian state-sponsored hacking group, targeting high-profile academics and researchers working on Middle Eastern affairs. The report highlights new tactics and malware, signaling an escalation in capabilities. According to […]

January 12, 2024

The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security. GitHub says it is used by more than 100 million developers around the world. […]

January 8, 2024

In a bold move that promises to redefine the way users interact with their computers, Microsoft has announced the integration of a dedicated Copilot button on the keyboards of its Windows PCs. This innovative step signifies a major leap forward […]

December 29, 2023

Microsoft has disabled the ms-appinstaller protocol handler as default after it found new evidence of hackers using it to deploy malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for […]

December 19, 2023

Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]

December 14, 2023

Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise (BEC), phishing, large-scale spamming campaigns – and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft. OAuth, short for Open Authorization, […]