10 Jun 2020

Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update

In the biggest Patch Tuesday release yet, Microsoft’s June Patch Tuesday published fixes for 129 different flaws, including CVEs for 11 critical remote code-execution vulnerabilities. The critical remote code execution flaws were patched in Windows, SharePoint servers, Windows Shell, and VBScript. June’s updates, however, did not include any zero-day vulnerabilities

Read More
22 May 2020

Veterans Affairs Launches First Chatbot to Field COVID-19 Questions

Recently, the Veterans Affairs Department launched a chatbot that aims to provide veterans and their caregivers with answers regarding the COVID-19 pandemic. The chatbot was developed in less than a month through the Microsoft Healthcare Bot platform. The tool can be accessed 24/7 to assess symptoms related to COVID-19 as

Read More
18 May 2020

Microsoft Confirms Serious New Security Problem For Windows 10 Users

Microsoft has confirmed a newly reported security vulnerability called “Thunderspy” that lies within a vulnerability in its THunderbolt ports. The vulnerability enables an attacker with physical PC access to adjust or change the port’s controller firmware, effectively disabling its security and presenting huge risks for the victim. Last week, consumers

Read More
11 May 2020

Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help

On Sunday, Dutch security researcher Björn Ruytenberg released a report detailing nine attack scenarios that can occur against all computers with Thunderbolt distributed since 2011. Some of the attacks give an attacker the ability to quickly steal data from encrypted drives and memory with physical access. Ruytenberg warned that, even

Read More
06 May 2020

Hacker claims to have breached Microsoft’s GitHub private repos

This evening, a hacker under the name Shiny Hunters claimed to have stolen over 500GB of data from Microsoft’s private GitHub repositories, alleging that the data pertains to sensitive projects. Shiny Hunters claims to have hacked into the company’s database, stealing the information. He stated that although he initially planned

Read More
04 May 2020

Microsoft Teams Impersonation Attacks Flood Inboxes

According to security researchers at Abnormal Security, Microsoft Teams has been hit by two separate attacks targeting as many as 50,000 users. The campaigns reportedly aim to phish Office 365 logins. The cyberattacks impersonate notifications from Microsoft Teams in order to prompt the victim to enter login credentials, which are

Read More
01 May 2020

Microsoft Sway Abused in Office 365 Phishing Attack

According to an analysis released by Group-IB on Thursday, a threat actor group called PerSwaysion has attacked Microsoft services, compromising at least 150 executives in a targeted phishing campaign. The attacks were effective in gathering the Office 365 credentials of the executives since mid-2019. The campaign’s success was attributed to

Read More
30 Apr 2020

Millions of Brute-Force Attacks Hit Remote Desktop Accounts

Experts have reported an increase in brute-force attacks targeting users of Microsoft’s Remote Desktop Protocol (RDP). The number of brute force attacks aimed at taking over corporate desktops and infiltrating company networks has been in the millions per week. This is likely a result of threat actors taking advantage of

Read More
29 Apr 2020

Microsoft warns of malware surprise pushed via pirated movies

Microsoft has issued a warning that pirate streaming devices and movie piracy sites are being targeted by threat actors, who are infecting victims with malware via fake movie torrents. The platforms have experienced a huge influx of traffic due to social isolating measures brought on by the COVID-19 pandemic, as

Read More
28 Apr 2020

Single Malicious GIF Opened Microsoft Teams to Nasty Attack

Microsoft has disclosed that a since-patched flaw allowed an attacker to take over an organization’s entire system of Microsoft Teams accounts. The subdomain takeover vulnerability in the company’s collaboration platform, Microsoft Teams, potentially allowed an inside attacker to create a malicious GIF image that was then used to steal data

Read More