In this month’s Patch Tuesday update, Microsoft issued fixes for 5 critical exploits and 45 vulnerabilities rated important in severity in Microsoft Windows, .NET Core, and Visual Studio, Microsoft Office, Microsoft Edge, SharePoint Server, Hyper-V, Visual Studio Code, and more. Microsoft researchers discovered a highly targeted malware campaign that has

The United States has seized two command and control malware distribution domains that were utilized in a recently disclosed spearphishing campaign that impersonated email communications from the US Agency for International Development (USAID). The attack was disclosed by Microsoft and Volexity last week, and the operation has been attributed to

A Rhode Island woman has been charged with phishing and email fraud after impersonating Microsoft to steal personal information from political candidates and their staff. The woman, Diana Lebeau, allegedly delivered phishing emails to 22 different campaign staffers working for a political candidate around January 2020. Lebeau, who is 21,

As Covid-19 restrictions begin to lift and thousands of employees return back to offices, ending the work-from-home movement, threat actors are ramping up spear-phishing campaigns. The latest campaign consisted of sending employees emails posing as CIOs welcoming employees back into offices. The emails outline a targeted company’s post-pandemic cubicle protocols,

Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised

Attackers are targeting Microsoft and Google Clouds to perform mass phishing attempts, sending roughly 52 million malicious messages leveraging the likes of Office 385, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage. The reported influx in phishing attempts was recorded in Q1 of 2021 and is likely a result of threat

According to a review of threat data from enterprise companies that was compiled between January and March this year and included in Palo Alto Networks’ 2021 Cortex Xpanse Attack Surface Threat Report, which was published today, threat actors began searching the web for vulnerable Microsoft Exchange Servers within five minutes

Security researchers at Microsoft have warned of 25 undocumented critical memory-allocation vulnerabilities that lie across a number of vendors’ IoT and industrial devices. The flaws could be used to execute malicious code throughout a network or cause an entire system to crash. The bugs were uncovered by Microsoft’s Azure Defender

A study released earlier this week indicates that leading private sector tech companies’ investments in artificial intelligence do not ensure that the field will remain competitive. The study was conducted by the Center for Security and Emerging Technology, aiming to map the research agendas of tech giants Apple, Amazon, Facebook,

Compromised Exchange servers were targeted by threat actors to host malicious Monero cryptominer. Any unpatched exchange servers are now vulnerable to Cryptojacking in the ProxyLogon exploit. The Exchange servers were compromised and were infected with ransomware and webshells to host Monero. The exploit is referred to as the ProxyLogon exploit.