April 22, 2024
Via: The Hacker NewsMicrosoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. “They are learning to use tools powered by AI large language models (LLM) to make their […]
Threats & Malware, Vulnerabilities
April 11, 2024
Via: Security AffairsMicrosoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows […]
March 25, 2024
Via: The RegisterIf your Windows domain controllers have been crashing since a security update was installed earlier this month, there’s no longer any need to speculate why: Microsoft has admitted it introduced a memory leak in its March patches and fixed the […]
March 11, 2024
Via: SecureWorldIn a sobering update released March 8th, Microsoft has revealed that the Russian state-sponsored hacking group Midnight Blizzard, also tracked as Nobelium, has gained unauthorized access to some of the company’s source code repositories and internal systems. This follows an […]
Application security, Security
February 20, 2024
Via: SecureWorldOpenAI and Microsoft recently collaborated to identify and disrupt several nation-state actors who were attempting to use AI services for malicious cyber activities. According to Microsoft, the disrupted threat actors were affiliated with China, Iran, North Korea, and Russia. Their […]
February 7, 2024
Via: The RegisterIran’s anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran’s activity, published by Microsoft Threat Analysis Center (MTAC) today, concluded […]
January 25, 2024
Via: Help Net SecurityCozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, […]
January 24, 2024
Via: The RegisterFor most organizations – especially security vendors – disclosing a corporate email breach, in which executives’ internal messages and attachments were stolen, would noticeably ding their stock prices. But Microsoft apparently doesn’t operate by the laws of Wall Street. Late […]
January 19, 2024
Via: SecureWorldMicrosoft has released a report detailing recent activity by Mint Sandstorm, an Iranian state-sponsored hacking group, targeting high-profile academics and researchers working on Middle Eastern affairs. The report highlights new tactics and malware, signaling an escalation in capabilities. According to […]
Threats & Malware, Virus & Malware
January 12, 2024
Via: The RegisterThe popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security. GitHub says it is used by more than 100 million developers around the world. […]
Application security, Security
January 8, 2024
Via: SecureWorldIn a bold move that promises to redefine the way users interact with their computers, Microsoft has announced the integration of a dedicated Copilot button on the keyboards of its Windows PCs. This innovative step signifies a major leap forward […]
Threats & Malware, Virus & Malware
December 29, 2023
Via: TechRadarMicrosoft has disabled the ms-appinstaller protocol handler as default after it found new evidence of hackers using it to deploy malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for […]
Threats & Malware, Vulnerabilities
December 19, 2023
Via: The RegisterFour vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]
Threats & Malware, Virus & Malware
December 14, 2023
Via: The RegisterMultiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise (BEC), phishing, large-scale spamming campaigns – and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft. OAuth, short for Open Authorization, […]
December 8, 2023
Via: The RegisterA series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We’re told the attacks – which are usable against […]
November 22, 2023
Via: The RegisterMicrosoft’s bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond. […]
Threats & Malware, Vulnerabilities
November 15, 2023
Via: The RegisterHeads up: Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild. First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. […]
Threats & Malware, Vulnerabilities
November 6, 2023
Via: TechRadarCybersecurity researchers from Zscaler have discovered more than a hundred vulnerabilities in Microsoft 365 that were introduced with the addition of SketchUp into the cloud productivity suite. To make matters worse, they claim to have managed to bypass the patches […]
November 3, 2023
Via: The RegisterMicrosoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company’s tech defenses. Brad Smith, Microsoft president, pointed to significant technological […]
October 27, 2023
Via: The RegisterMicrosoft’s latest report on “one of the most dangerous financial criminal groups” operating offers security pros an abundance of threat intelligence to protect themselves from its myriad tactics. The “unique” native English-speaking group is tracked by Microsoft as Octo Tempest […]