Researchers have found a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux to demonstrate hidden security threats. Researchers have dubbed the flaws OMIGOD. The Open Management Infrastructure (OMI) is software that many don’t realize is embedded in a host of services and represents a significant

Microsoft and RiskIQ researchers have uncovered several campaigns using a recently patched Microsoft MSHTML flaw, restating calls for organizations to update impacted systems. The vulnerability was first exploited by the Ryuk ransomware gang, which leveraged the bug ahead of the patch, according to the new research. Microsoft released the fix

Researchers have uncovered a campaign against the aviation sector and tracked it back to Nigeria-based threat actors. Microsoft Intelligence released a series of tweets outlining the campaign, which it determined to target aerospace and travel sectors with spear-phishing emails distributing an actively developed loader. The loader then delivers two different

In the most recent Patch Tuesday, Microsoft released fixes 66 CVEs, including an RCE bug under active attack. Three of the bugs that were patched in the update were rated critical. One of which has been under active attack for nearly two weeks. One of the other bugs included in

On Tuesday, Verizon announced that it would be partnering with Microsoft to offer a new edge computing solution for businesses that would be available on-premises. The new service leverages Verizon 5G Edge and Microsoft Azure Stack Edge, enabling businesses to deploy real-time enterprise applications. The technology would also allow companies

A critical security vulnerability in Microsoft’s Azure cloud database platform has come to light. The flaw, which lies in Cosmos DB, could have allowed for a full remote takeover of accounts before it was patched. It is unclear whether Microsoft customers were breached during the several months in which the

According to reports from cybersecurity firm UpGuard, sensitive data including Covid-19 vaccination status, Social Security numbers, and email addresses have been exposed due to default configuration settings on Microsoft Power Apps. UpGaurd found that there were several different data leaks that, in total, exposed 38 million data records via Microsoft

A researcher at Black Hat revealed an entirely new attack surface that exists in Exchange. Threat actors are allegedly now exploiting servers vulnerable to the RCE bugs. According to researchers, Miscorosft Exchange servers are being actively exploited via ProxyShell, the name of the attack disclosed at Black Hat last week.

Researchers at the cybersecurity conference Black Hat have demonstrated how it is possible to circumvent Microsoft’s Windows Hello biometric authentication through utilizing a spoofed camera. Researchers found that Windows Hello is faulty and can easily be overcome with a single infrared image of a user’s face on a tampered copy

Microsoft rushed to release mitigations for a new exploit that forces remote Windows systems to reveal password hashes that can easily be cracked by malicious actors. The flaw lies in the Windows NT LAN Manager, according to the company, and has been dubbed PetitPotam. Microsoft has released an advisory that