Recent Security News
-
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
October 11, 2023 at 12:30AM Microsoft has identified a critical flaw in Atlassian Confluence Data Center and Server that is being exploited by a nation-state actor called Storm-0062. The vulnerability, known as CVE-2023-22515, allows attackers to create unauthorized administrator accounts. Atlassian has been made aware of the issue and advises users to upgrade to the…
-
A Frontline Report of Chinese Threat Actor Tactics and Techniques
October 11, 2023 at 12:09AM Microsoft analysts and researchers analyze trillions of signals daily to uncover emerging threats and provide timely security insights. They focus on nation-state groups to understand their activities within geopolitical trends. With the shift to remote work due to COVID-19, cybercriminals are exploiting system vulnerabilities and misconfigurations to access sensitive resources…
-
It’s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information…
-
Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
October 10, 2023 at 07:54PM Researchers at Microsoft have identified a known nation-state threat actor, referred to as Storm-0062, as responsible for the recent zero-day exploits targeting Atlassian’s Confluence Data Center and Server products. The malicious activity had been ongoing since September 14, before Atlassian publicly disclosed the issue. Microsoft has provided IP addresses related…