01 Feb 2023

Microsoft’s Verified Publisher Status Abused in Email Theft Campaign

On Tuesday, Microsoft and cybersecurity firm Proofpoint warned that a threat actor had recently abused Microsoft’s verified publisher status to launch a campaign involving malicious OAuth applications. The warning stated that organizations using cloud services should be aware of the campaign, especially those in Ireland and the UK. Microsoft has

Read More
25 Jan 2023

Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery

Microsoft has confirmed that it plans to change its software to automatically block all XLL add-in files that have been downloaded from the internet. The reasoning behind the update is to prevent phishing attacks and malware downloads that rely on these types of lures. Microsoft stated that the plans will

Read More
28 Dec 2022

France Fines Microsoft $64m for Imposing Ad Cookies to its Bing Users

The Commission Nationale de L’informatique et des Libertés (CNIL), France’s digital privacy regulator, announced last week that it had fined US tech giant Microsoft roughly $64 million for violating regulations on advertising cookies. The CNIL found the Microsoft’s Bing search engine was operating with a system that did not allow

Read More
28 Dec 2022

Zerobot Botnet Devs Add New Functionality

Microsoft has identified a prolific botnet called Zerobot that is spread through IoT and web application vulnerabilities. The botnet has reportedly added new capabilities and exploits to its skillset, Microsoft states. Zerobot is sold on underground cybercrime forums as a malware-as-a-service model, meaning that its authors can update its functionality

Read More
15 Dec 2022

Microsoft bans cryptocurrency mining on cloud services

Cloud computing giant Microsoft is taking measures to increase stability of its cloud services by forcing new restrictions for activities like cryptocurrency mining. Microsoft has quietly banned crypto mining from its online services in order to better protect its customers and clouds, British technology news agency The Register reported on Dec.

Read More
15 Dec 2022

Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks

Microsoft released a new advisory last Tuesday detailing how threat actors have been targeting companies in the cryptocurrency industry with the goal of financial gain. Microsoft stated that it had observed several forms of attacks targeting this industry over the past few months such as fraud, fake applications, info stealers,

Read More
21 Nov 2022

Emerging Threat Actor DEV-0569 Expands Its Toolkit to Deliver Royal Ransomware

A new threat actor referred to as DEC-0569 has been discovered expanding its toolkit to include the Royal ransomware. The group’s activities were detailed in a recent Threat Intelligence report released by Microsoft earlier this month. The group has been active since at least August 2022, and its origins and

Read More
09 Nov 2022

Microsoft Patches Six Zero-Day Bugs this Month

During this month’s Patch Tuesday, Microsoft released a relatively low number of security updates to fix flaws plaguing its products, however, six of the patches are flaws being actively exploited in the wild. According to Microsoft, one of these flaws is called “ProxyNotShell” and lies in the Microsoft Exchange Server.

Read More
08 Nov 2022

Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics

Microsoft has warned of an uptick in zero-day attacks in its latest global threat landscape released earlier this month. The report states that cyberattacks targeting critical infrastructure have doubled and now account for roughly 20% of all nation state attacks. Additionally, attacks against critical infrastructure now account for roughly 40%

Read More
31 Oct 2022

Microsoft Authenticator gains feature to thwart spam attacks on MFA

Microsoft has launched a new number matching feature in push notifications to help bolster its multi-factor authentication. The feature applies to the MFA app, Microsoft Authenticator. The new feature is available now and should help combat attacks that rely on push notification spam, the company says. The new feature comes

Read More