On Tuesday, Microsoft and cybersecurity firm Proofpoint warned that a threat actor had recently abused Microsoft’s verified publisher status to launch a campaign involving malicious OAuth applications. The warning stated that organizations using cloud services should be aware of the campaign, especially those in Ireland and the UK. Microsoft has

Microsoft has confirmed that it plans to change its software to automatically block all XLL add-in files that have been downloaded from the internet. The reasoning behind the update is to prevent phishing attacks and malware downloads that rely on these types of lures. Microsoft stated that the plans will

The Commission Nationale de L’informatique et des Libertés (CNIL), France’s digital privacy regulator, announced last week that it had fined US tech giant Microsoft roughly $64 million for violating regulations on advertising cookies. The CNIL found the Microsoft’s Bing search engine was operating with a system that did not allow

Microsoft has identified a prolific botnet called Zerobot that is spread through IoT and web application vulnerabilities. The botnet has reportedly added new capabilities and exploits to its skillset, Microsoft states. Zerobot is sold on underground cybercrime forums as a malware-as-a-service model, meaning that its authors can update its functionality

Cloud computing giant Microsoft is taking measures to increase stability of its cloud services by forcing new restrictions for activities like cryptocurrency mining. Microsoft has quietly banned crypto mining from its online services in order to better protect its customers and clouds, British technology news agency The Register reported on Dec.

Microsoft released a new advisory last Tuesday detailing how threat actors have been targeting companies in the cryptocurrency industry with the goal of financial gain. Microsoft stated that it had observed several forms of attacks targeting this industry over the past few months such as fraud, fake applications, info stealers,

A new threat actor referred to as DEC-0569 has been discovered expanding its toolkit to include the Royal ransomware. The group’s activities were detailed in a recent Threat Intelligence report released by Microsoft earlier this month. The group has been active since at least August 2022, and its origins and

During this month’s Patch Tuesday, Microsoft released a relatively low number of security updates to fix flaws plaguing its products, however, six of the patches are flaws being actively exploited in the wild. According to Microsoft, one of these flaws is called “ProxyNotShell” and lies in the Microsoft Exchange Server.

Microsoft has warned of an uptick in zero-day attacks in its latest global threat landscape released earlier this month. The report states that cyberattacks targeting critical infrastructure have doubled and now account for roughly 20% of all nation state attacks. Additionally, attacks against critical infrastructure now account for roughly 40%

Microsoft has launched a new number matching feature in push notifications to help bolster its multi-factor authentication. The feature applies to the MFA app, Microsoft Authenticator. The new feature is available now and should help combat attacks that rely on push notification spam, the company says. The new feature comes