Tag: microsoft
-
UK Cybersecurity Weekly News Roundup 9 March 2025
by
in SecurityNews
Tags: android, attack, backdoor, breach, china, cloud, compliance, computer, cyber, cyberattack, cybercrime, cybersecurity, data, espionage, exploit, government, group, hacker, infrastructure, international, malware, microsoft, network, ransomware, regulation, resilience, service, skills, software, theft, update, vulnerabilityWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. Microsoft Engineer’s Transition to Cybersecurity Ankit Masrani, a 36-year-old software engineer, successfully transitioned into a cybersecurity role at Microsoft. With a background in IT and a Master’s degree in computer science, Masrani secured…
-
WinDbg Vulnerability Allows Attackers to Execute Remote Code
by
in SecurityNewsMicrosoft recently disclosed a critical vulnerability impacting its debugging tool, WinDbg, and associated .NET packages. Tracked CVE-2025-24043, this flaw allows remote code execution (RCE) due to improper cryptographic signature verification in the SOS debugging extension. According to Github’s Post, Developers using affected versions of specific NuGet packages within .NET Core projects are urged to update…
-
Schwachstelle Ursache für Exchange Online- und MS 365-Probleme seit 1. März 2025?
by
in SecurityNewsMicrosoft kämpft seit einer Woche mit Cloud-Problemen in Exchange Online sowie Microsoft 365 samt der iOS-Outlook-App. Gleichzeitig ist mir gerade die Information zur Schwachstelle CVE-2024-49035 im Microsoft Partner-Portal untergekommen. Nun gibt es Hinweise, dass die Exchange Online-Probleme mit einer Schwachstelle … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/09/schwachstelle-cve-2024-49035-ursache-fuer-exchange-online-und-ms-365-probleme-seit-1-maerz-2025/
-
Microsoft tells abandoned Publisher fans to just use Word and hope for the best
by
in SecurityNews
Tags: microsoftPDFs and Powerpoint also lie in wait as 2026 looms First seen on theregister.com Jump to article: www.theregister.com/2025/03/07/microsoft_publisher_eol/
-
Strela Stealer Malware Attack Microsoft Outlook Users for Credential Theft
by
in SecurityNewsThe cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware, a sophisticated infostealer designed to target specific email clients, notably Microsoft Outlook and Mozilla Thunderbird. This malware has been active since late 2022 and has been primarily used in large-scale phishing campaigns targeting users in several European countries, including Spain,…
-
Microsoft goes native with Copilot. Again
by
in SecurityNewsThis time we mean it for the Windows chatbot First seen on theregister.com Jump to article: www.theregister.com/2025/03/06/microsoft_goes_native_with_copilot/
-
Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros
by
in SecurityNews
Tags: advisory, ai, awareness, banking, best-practice, business, cloud, compliance, corporate, crime, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, extortion, finance, fraud, governance, government, group, healthcare, infrastructure, iot, jobs, mail, malicious, microsoft, mitigation, monitoring, network, nis-2, privacy, qr, ransom, ransomware, regulation, resilience, risk, risk-assessment, risk-management, scam, service, strategy, technology, threat, tool, vmware, vulnerability, vulnerability-management, zero-dayCheck out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how to improve job satisfaction among tech staff. Meanwhile, find out why Congress wants federal contractors to adopt vulnerability disclosure programs. And get the latest on cyber scams; zero-day vulnerabilities; and critical infrastructure security. Dive into six things…
-
Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide
by
in SecurityNewsFortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers’ most prized attack tools, with massive takedowns. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cybercrime-cobalt-strike-use-plummets-worldwide
-
Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft
by
in SecurityNewsThe cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware, a sophisticated infostealer designed to target specific email clients, notably Microsoft Outlook and Mozilla Thunderbird. This malware has been active since late 2022 and has been primarily used in large-scale phishing campaigns targeting users in several European countries, including Spain,…
-
North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware
by
in SecurityNewsIn a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as Storm-1789, has demonstrated a sophisticated approach by using fake companies, trojanized software, and even a…
-
Microsoft Warns: 1 Million Devices Infected by Malware from GitHub
In a recent alert, Microsoft revealed a large-scale malvertising campaign that has compromised nearly one million devices worldwide. This campaign, which began in early December 2024, leverages malicious redirects from illegal streaming websites to deliver malware hosted on platforms like GitHub. The attack is notable for its indiscriminate targeting, affecting both consumer and enterprise devices…
-
Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
by
in SecurityNewsMicrosoft has disclosed details of a large-scale malvertising campaign that’s estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information.The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used…
-
Microsoft Dismantles Malvertising Scam Using GitHub, Discord, Dropbox
by
in SecurityNewsMicrosoft Threat Intelligence exposes a malvertising campaign exploiting GitHub, Discord, and Dropbox. Discover the multi-stage attack chain, the… First seen on hackread.com Jump to article: hackread.com/microsoft-dismantle-malvertising-github-discord-dropbox/
-
Microsoft Says One Million Devices Impacted by Infostealer Campaign
by
in SecurityNewsMicrosoft has uncovered a malvertising campaign that redirected users to information stealers hosted on GitHub. The post Microsoft Says One Million Devices Impacted by Infostealer Campaign appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-says-one-million-devices-impacted-by-infostealer-campaign/
-
North Korean hackers join Qilin ransomware gang
by
in SecurityNewsMicrosoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-now-deploying-qilin-ransomware/
-
Microsoft Introduces 365 E5 Security Add-On for Business Premium Customers
Microsoft has launched Microsoft 365 E5 Security as an add-on to its Business Premium suite, providing small and medium-sized businesses (SMBs) with advanced tools to combat escalating cyber threats. The offering integrates enterprise-grade security features at a 57% cost savings compared to standalone purchases, addressing evolving regulatory and cyber insurance demands1. Enhanced Identity Protection and…
-
Zero-Day Attacks Stolen Keys: Silk Typhoon Breaches Networks
by
in SecurityNewsMicrosoft Threat Intelligence has uncovered a strategic shift in the tactics of Silk Typhoon, a Chinese state-backed cyber-espionage First seen on securityonline.info Jump to article: securityonline.info/zero-day-attacks-stolen-keys-silk-typhoon-breaches-networks/
-
How to Install Librewolf
by
in SecurityNewsWhen configured properly, Mozilla Firefox offers great privacy and security. However, achieving a higher level of privacy and security in Mozilla Firefox requires many tweaks across all levels. Some users may not be too comfortable with this and may prefer an out-of-the-box solution that isn’t Chromium dependent. Enter Librewolf – which aims to be user…
-
Skype for Business: Microsoft schaltet Messenger-Dienst am 5. Mai 2025 ab
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/skype-business-microsoft-abschaltung-messenger-dienst-5-mai-2025
-
UK CMA Halts Review of Microsoft, OpenAI Partnership
by
in SecurityNewsProbe into Microsoft’s $13 Billion OpenAI Investment Launched in 2023. The U.K. antitrust regulator won’t open an investigation into a partnership between computing giant Microsoft and artificial intelligence company OpenAI. U.K. Competition Market Authority concludes that there is no relevant merger situation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-cma-halts-review-microsoft-openai-partnership-a-27666
-
Chinese APT Silk Typhoon exploits IT supply chain weaknesses for initial access
by
in SecurityNews
Tags: access, apt, attack, authentication, china, citrix, cloud, control, corporate, credentials, data, detection, email, exploit, firewall, github, government, group, hacker, identity, Internet, ivanti, least-privilege, microsoft, network, password, service, software, supply-chain, threat, update, vpn, vulnerability, zero-dayTwo-way lateral movement: Aside from abusing cloud assets and third-party services and software providers to gain access to local networks, the Silk Typhoon attackers are also proficient in jumping from on-premise environments into cloud environments. The group’s hackers regularly target Microsoft AADConnect (now Entra Connect) servers which are used to synchronize on-premise Active Directory deployments…
-
Microsoft says malvertising campaign impacted 1 million PCs
by
in SecurityNewsMicrosoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/
-
Critical VMware ESXi, Workstation, Fusion Vulnerabilities Seen Exploited in Wild
by
in SecurityNewsSummary On March 4th, Microsoft’s Threat Intelligence Center (MSTIC) uncovered three critical vulnerabilities in VMware products that are being actively exploited in the wild. Affected First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/03/06/critical-vmware-esxi-workstation-fusion-vulnerabilities-seen-exploited-in-wild/
-
Microsoft reveals Silk Typhoon supply chain attack
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-reveals-silk-typhoons-recent-supply-chain-targeting
-
Decrypting the Forest From the Trees
by
in SecurityNews
Tags: api, computer, container, control, credentials, data, endpoint, least-privilege, microsoft, network, password, powershell, service, updateTL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a managed client, service account credentials can be decrypted via the Administration Service API. Introduction While Duane Michael, Chris Thompson, and I were originally working on the Misconfiguration Manager project, one of the tasks I took…
-
Microsoft Warns of Silk Typhoon Hackers Exploiting Cloud Services to Attack IT Supply Chain
by
in SecurityNewsMicrosoft Threat Intelligence has identified a significant shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions such as remote management tools and cloud applications for initial access. This well-resourced and technically proficient threat actor has demonstrated a large targeting footprint among Chinese threat actors, exploiting vulnerabilities in edge devices…
-
Microsoft 365 apps will prompt users to back up files in OneDrive
by
in SecurityNewsStarting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-365-apps-will-prompt-users-to-back-up-files-in-onedrive/