27 Jul 2021

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft rushed to release mitigations for a new exploit that forces remote Windows systems to reveal password hashes that can easily be cracked by malicious actors. The flaw lies in the Windows NT LAN Manager, according to the company, and has been dubbed PetitPotam. Microsoft has released an advisory that

Read More
19 Jul 2021

Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware

According to new reports, a unique set of spyware strains created by an Israeli firm used by governments across the world to conduct surveillance on dissidents has been defanged by Microsoft. The company is called Candiru or Sourgum and specializes in the sale of the DevilsTongue surveillance malware. The malware

Read More
19 Jul 2021

UK blames China for Microsoft Exchange Server hack

On Monday, the UK government came forth to publicly accuse the Chinese government of perpetrating a damaging Microsoft Exchange Server hack that targeted organizations across Europe and North America. The UK joined several other entities, including the US and Microsoft itself, in claiming that China, specifically a state-sponsored hacking group

Read More
09 Jul 2021

Microsoft patches remaining versions of Windows against PrintNightmare flaw

Microsoft has released patches to protect all versions of Windows against the PrintNightmare flaw. Microsoft deployed fixes to the remaining versions of Windows on Wednesday after the initial patches were released on Tuesday. Windows 10 version 1607, all versions of Windows Server 2012 and Windows Server 2016 are newly patched. 

Read More
07 Jul 2021

Microsoft rolls out emergency patch for critical PrintNightmare flaw

Microsoft has released a patch for a critical vulnerability known as the PrintNightmare flaw, which could allow an attacker to take over a compromised computer to install software, modify data, and create new user accounts. The flaw is so severe that the patch was issued out of band this week

Read More
09 Jun 2021

Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws

In this month’s Patch Tuesday update, Microsoft issued fixes for 5 critical exploits and 45 vulnerabilities rated important in severity in Microsoft Windows, .NET Core, and Visual Studio, Microsoft Office, Microsoft Edge, SharePoint Server, Hyper-V, Visual Studio Code, and more. Microsoft researchers discovered a highly targeted malware campaign that has

Read More
02 Jun 2021

US Seizes Attacker Domains Used in USAID Phishing Campaign

The United States has seized two command and control malware distribution domains that were utilized in a recently disclosed spearphishing campaign that impersonated email communications from the US Agency for International Development (USAID). The attack was disclosed by Microsoft and Volexity last week, and the operation has been attributed to

Read More
02 Jun 2021

Rhode Islander Charged with Phishing Political Candidates

A Rhode Island woman has been charged with phishing and email fraud after impersonating Microsoft to steal personal information from political candidates and their staff. The woman, Diana Lebeau, allegedly delivered phishing emails to 22 different campaign staffers working for a political candidate around January 2020. Lebeau, who is 21,

Read More
01 Jun 2021

Hackers Exploit Post-COVID Return to Offices

As Covid-19 restrictions begin to lift and thousands of employees return back to offices, ending the work-from-home movement, threat actors are ramping up spear-phishing campaigns. The latest campaign consisted of sending employees emails posing as CIOs welcoming employees back into offices. The emails outline a targeted company’s post-pandemic cubicle protocols,

Read More
24 May 2021

This massive phishing campaign delivers password-stealing malware disguised as ransomware

Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised

Read More