Tag: Microsoft

April 22, 2024

Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. “They are learning to use tools powered by AI large language models (LLM) to make their […]

April 11, 2024

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows […]

March 25, 2024

If your Windows domain controllers have been crashing since a security update was installed earlier this month, there’s no longer any need to speculate why: Microsoft has admitted it introduced a memory leak in its March patches and fixed the […]

March 11, 2024

In a sobering update released March 8th, Microsoft has revealed that the Russian state-sponsored hacking group Midnight Blizzard, also tracked as Nobelium, has gained unauthorized access to some of the company’s source code repositories and internal systems. This follows an […]

February 20, 2024

OpenAI and Microsoft recently collaborated to identify and disrupt several nation-state actors who were attempting to use AI services for malicious cyber activities. According to Microsoft, the disrupted threat actors were affiliated with China, Iran, North Korea, and Russia. Their […]

February 7, 2024

Iran’s anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran’s activity, published by Microsoft Threat Analysis Center (MTAC) today, concluded […]

January 25, 2024

Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, […]

January 24, 2024

For most organizations – especially security vendors – disclosing a corporate email breach, in which executives’ internal messages and attachments were stolen, would noticeably ding their stock prices. But Microsoft apparently doesn’t operate by the laws of Wall Street. Late […]

January 19, 2024

Microsoft has released a report detailing recent activity by Mint Sandstorm, an Iranian state-sponsored hacking group, targeting high-profile academics and researchers working on Middle Eastern affairs. The report highlights new tactics and malware, signaling an escalation in capabilities. According to […]

January 12, 2024

The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security. GitHub says it is used by more than 100 million developers around the world. […]

January 8, 2024

In a bold move that promises to redefine the way users interact with their computers, Microsoft has announced the integration of a dedicated Copilot button on the keyboards of its Windows PCs. This innovative step signifies a major leap forward […]

December 29, 2023

Microsoft has disabled the ms-appinstaller protocol handler as default after it found new evidence of hackers using it to deploy malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for […]

December 19, 2023

Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]

December 14, 2023

Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise (BEC), phishing, large-scale spamming campaigns – and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft. OAuth, short for Open Authorization, […]

December 8, 2023

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We’re told the attacks – which are usable against […]

November 22, 2023

Microsoft’s bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond. […]

November 15, 2023

Heads up: Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild. First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. […]

November 6, 2023

Cybersecurity researchers from Zscaler have discovered more than a hundred vulnerabilities in Microsoft 365 that were introduced with the addition of SketchUp into the cloud productivity suite. To make matters worse, they claim to have managed to bypass the patches […]

November 3, 2023

Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company’s tech defenses. Brad Smith, Microsoft president, pointed to significant technological […]

October 27, 2023

Microsoft’s latest report on “one of the most dangerous financial criminal groups” operating offers security pros an abundance of threat intelligence to protect themselves from its myriad tactics. The “unique” native English-speaking group is tracked by Microsoft as Octo Tempest […]