20 Sep 2021

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Researchers have found a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux to demonstrate hidden security threats. Researchers have dubbed the flaws OMIGOD. The Open Management Infrastructure (OMI) is software that many don’t realize is embedded in a host of services and represents a significant

Read More
17 Sep 2021

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Microsoft and RiskIQ researchers have uncovered several campaigns using a recently patched Microsoft MSHTML flaw, restating calls for organizations to update impacted systems. The vulnerability was first exploited by the Ryuk ransomware gang, which leveraged the bug ahead of the patch, according to the new research. Microsoft released the fix

Read More
17 Sep 2021

Cyberattacks against the aviation industry linked to Nigerian threat actor

Researchers have uncovered a campaign against the aviation sector and tracked it back to Nigeria-based threat actors. Microsoft Intelligence released a series of tweets outlining the campaign, which it determined to target aerospace and travel sectors with spear-phishing emails distributing an actively developed loader. The loader then delivers two different

Read More
15 Sep 2021

Microsoft Patches Actively Exploited Windows Zero-Day Bug

In the most recent Patch Tuesday, Microsoft released fixes 66 CVEs, including an RCE bug under active attack. Three of the bugs that were patched in the update were rated critical. One of which has been under active attack for nearly two weeks. One of the other bugs included in

Read More
31 Aug 2021

Verizon and Microsoft team up to offer 5G edge cloud computing for businesses

On Tuesday, Verizon announced that it would be partnering with Microsoft to offer a new edge computing solution for businesses that would be available on-premises. The new service leverages Verizon 5G Edge and Microsoft Azure Stack Edge, enabling businesses to deploy real-time enterprise applications. The technology would also allow companies

Read More
30 Aug 2021

Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover

A critical security vulnerability in Microsoft’s Azure cloud database platform has come to light. The flaw, which lies in Cosmos DB, could have allowed for a full remote takeover of accounts before it was patched. It is unclear whether Microsoft customers were breached during the several months in which the

Read More
24 Aug 2021

Microsoft Power Apps misconfiguration exposes 38 million data records

According to reports from cybersecurity firm UpGuard, sensitive data including Covid-19 vaccination status, Social Security numbers, and email addresses have been exposed due to default configuration settings on Microsoft Power Apps. UpGaurd found that there were several different data leaks that, in total, exposed 38 million data records via Microsoft

Read More
16 Aug 2021

Exchange Servers Under Active Attack via ProxyShell Bugs

A researcher at Black Hat revealed an entirely new attack surface that exists in Exchange. Threat actors are allegedly now exploiting servers vulnerable to the RCE bugs. According to researchers, Miscorosft Exchange servers are being actively exploited via ProxyShell, the name of the attack disclosed at Black Hat last week.

Read More
06 Aug 2021

Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers at Black Hat Say

Researchers at the cybersecurity conference Black Hat have demonstrated how it is possible to circumvent Microsoft’s Windows Hello biometric authentication through utilizing a spoofed camera. Researchers found that Windows Hello is faulty and can easily be overcome with a single infrared image of a user’s face on a tampered copy

Read More
27 Jul 2021

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft rushed to release mitigations for a new exploit that forces remote Windows systems to reveal password hashes that can easily be cracked by malicious actors. The flaw lies in the Windows NT LAN Manager, according to the company, and has been dubbed PetitPotam. Microsoft has released an advisory that

Read More