25 Jan 2022

Microsoft warns about this phishing attack that wants to read your emails

Microsoft has warned that Office 365 customers are receiving phishing emails that aim to trick unsuspecting users into giving OAuth permissions to an app that allows attackers to read and write emails. The OAuth phishing emails were delivered to hundreds of Office 365 customers, warned the Microsoft Security Intelligence team.

Read More
24 Jan 2022

How Microsoft’s Activision Blizzard takeover will drive metaverse gaming into the mass market

Microsoft was positioning itself as one of the pioneers of the metaverse even before its US$75 billion deal to buy online gaming giant Activision Blizzard. In the days after Mark Zuckerberg rebranded Facebook last October as Meta with his near movie-length promotional film about the potential for virtual worlds, Microsoft

Read More
19 Jan 2022

Microsoft’s metaverse plans are getting clearer with its $68.7 billion Activision acquisition

Microsoft’s planned $68.7 billion acquisition of gaming company Activision Blizzard isn’t just a weapon in the tech giant’s battle for video game domination. It’s also about the metaverse — a buzzy topic at the moment, with brands from Disney to Walmart working to carve out their own niche in the digital

Read More
18 Jan 2022

Microsoft to acquire Activision Blizzard for $68.7 billion

Microsoft is acquiring Activision, the troubled publisher of Call of Duty, World of Warcraft, and Diablo. The deal will value Activision at $68.7 billion, far in excess of the $26 billion Microsoft paid to acquire LinkedIn in 2016. It’s Microsoft’s biggest push into gaming, and the company says it will

Read More
13 Jan 2022

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Earlier this week, Microsoft issued a fix for a vulnerability that allows remote, unprivileged attackers to abuse Remote Desktop Protocol (RDP) from inside Windows devices. The flaw could allow attackers to hijack smart cards and gain unauthorized access to file systems. The bug, which is tracked as CVE-2022-21893, could lead

Read More
04 Jan 2022

Log4j flaw attack levels remain high, Microsoft warns

Microsoft has warned Windows and Azure customers to remain on high alert after observing continues state-sponsored and cyber criminal attackers probing systems for the Log4Shell flaw throughout December. The flaw was disclosed by the Apache Software Foundation on December 9, however, the vulnerability will likely take years to remediate due

Read More
03 Jan 2022

2022 will be the biggest year for the metaverse so far

2022 is poised to be the biggest year yet for “the metaverse,” as Facebook parent Meta, Apple, Microsoft and Google gear up to release new hardware products and software services in what so far has been a niche market for early adopters. The “metaverse” describes software and hardware that allow users

Read More
15 Dec 2021

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

Microsoft has addressed a recently discovered vulnerability that was exploited in the wild to deliver Emotet, Trickbot, and other botnets via fake applications. The vulnerability was included in the company’s December Patch Tuesday, along with five other publicly known bugs and seven critical security vulnerabilities. In total, this month’s security

Read More
10 Dec 2021

The New Normal? Unique New Responses to Massive, Global Cyber Theft, Data Breach and Espionage Activities (Part 3 of 3)

In the final post of this series, we explore Microsoft’s seizure of domains used by Chinese cyber-espionage group Nickel (APT15) to attack organizations in the United States and 28 other countries around the world. These attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organizations. In the last few years, Microsoft has filed 24 lawsuits against cybercrime and cyber-espionage groups. Is it time for U.S. Corporate Technology Companies to go into full bitskrieg mode against countless global adversaries?

Read More
07 Dec 2021

Threat Group Takes Aim Again at Cloud Platform Provider Zoho

An unknown state-backed threat actor has allegedly expanded its attack efforts against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software. The software is a help desk and asset management solution. In the past, the same adversary has targeted Zoho’s ADSelfService Plus. According to researchers, the APT has attacked

Read More