Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
On Tuesday, Microsoft and cybersecurity firm Proofpoint warned that a threat actor had recently abused Microsoft’s verified publisher status to launch a campaign involving malicious OAuth applications. The warning stated that organizations using cloud services should be aware of the campaign, especially those in Ireland and the UK. Microsoft has
Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery
Microsoft has confirmed that it plans to change its software to automatically block all XLL add-in files that have been downloaded from the internet. The reasoning behind the update is to prevent phishing attacks and malware downloads that rely on these types of lures. Microsoft stated that the plans will
France Fines Microsoft $64m for Imposing Ad Cookies to its Bing Users
The Commission Nationale de L’informatique et des Libertés (CNIL), France’s digital privacy regulator, announced last week that it had fined US tech giant Microsoft roughly $64 million for violating regulations on advertising cookies. The CNIL found the Microsoft’s Bing search engine was operating with a system that did not allow
Zerobot Botnet Devs Add New Functionality
Microsoft has identified a prolific botnet called Zerobot that is spread through IoT and web application vulnerabilities. The botnet has reportedly added new capabilities and exploits to its skillset, Microsoft states. Zerobot is sold on underground cybercrime forums as a malware-as-a-service model, meaning that its authors can update its functionality
Microsoft bans cryptocurrency mining on cloud services
Cloud computing giant Microsoft is taking measures to increase stability of its cloud services by forcing new restrictions for activities like cryptocurrency mining. Microsoft has quietly banned crypto mining from its online services in order to better protect its customers and clouds, British technology news agency The Register reported on Dec.
Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks
Microsoft released a new advisory last Tuesday detailing how threat actors have been targeting companies in the cryptocurrency industry with the goal of financial gain. Microsoft stated that it had observed several forms of attacks targeting this industry over the past few months such as fraud, fake applications, info stealers,
Emerging Threat Actor DEV-0569 Expands Its Toolkit to Deliver Royal Ransomware
A new threat actor referred to as DEC-0569 has been discovered expanding its toolkit to include the Royal ransomware. The group’s activities were detailed in a recent Threat Intelligence report released by Microsoft earlier this month. The group has been active since at least August 2022, and its origins and
Microsoft Patches Six Zero-Day Bugs this Month
During this month’s Patch Tuesday, Microsoft released a relatively low number of security updates to fix flaws plaguing its products, however, six of the patches are flaws being actively exploited in the wild. According to Microsoft, one of these flaws is called “ProxyNotShell” and lies in the Microsoft Exchange Server.
Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics
Microsoft has warned of an uptick in zero-day attacks in its latest global threat landscape released earlier this month. The report states that cyberattacks targeting critical infrastructure have doubled and now account for roughly 20% of all nation state attacks. Additionally, attacks against critical infrastructure now account for roughly 40%
Microsoft Authenticator gains feature to thwart spam attacks on MFA
Microsoft has launched a new number matching feature in push notifications to help bolster its multi-factor authentication. The feature applies to the MFA app, Microsoft Authenticator. The new feature is available now and should help combat attacks that rely on push notification spam, the company says. The new feature comes