December 12, 2024 at 08:28AM Oasis Security revealed a critical vulnerability, AuthQuake, allowing bypass of Microsoft’s multi-factor authentication (MFA). Reported in June, a temporary fix was issued before a permanent one in October. The exploit required no user interaction and could quickly grant access to sensitive accounts, affecting over 400 million Office 365 users. ### … Read more
December 10, 2024 at 06:29AM Microsoft has introduced enhanced security measures to combat NTLM relay attacks on Exchange servers, including enabling Extended Protection for Authentication (EPA) and channel binding by default. These changes aim to safeguard accounts from exploitation via vulnerabilities, ensuring a more secure environment as the company plans to phase out NTLM usage … Read more
December 6, 2024 at 06:47PM Acros Security has identified an unpatched NTLM vulnerability in Windows 7 and later versions, allowing potential theft of user credentials through malicious files. Acros plans to release a free micropatch while awaiting Microsoft’s response. The vulnerability affects a wide range of Windows systems, prompting concerns about security amid upcoming OS … Read more
November 29, 2024 at 05:33AM Microsoft addressed four security vulnerabilities in its AI and cloud offerings, including a critical privilege escalation flaw (CVE-2024-49035) exploited in the wild. Other flaws include XSS and authentication issues in various products. While most have been mitigated, users are advised to update Dynamics 365 Sales apps for security. ### Meeting … Read more
November 25, 2024 at 02:24PM Microsoft emphasized its commitment to cybersecurity during discussions about its Secure Future Initiative, highlighting the Windows Resiliency Initiative. In response to past security incidents, the company aims to enhance app permissions, improve identity protection, and introduce features like Quick Machine Recovery, aiming for safer updates and reduced vulnerabilities by July … Read more
November 22, 2024 at 08:43AM Microsoft has launched its Security Exposure Management offering, adding continuous threat exposure management (CTEM) to its security portfolio. This proactive approach aims to reduce breaches and improve vulnerability detection. It integrates with Microsoft 365 licenses, supports third-party tools, and provides a comprehensive view of organizational security postures. ### Meeting Takeaways … Read more
November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more
November 11, 2024 at 04:49PM Threat actors are using a modified Remcos RAT to exploit a Microsoft Windows vulnerability via phishing emails. The malware utilizes multiple script languages to evade detection and installs itself through a complex process. Experts emphasize the need for patch management, employee training, and endpoint protection as critical defenses against such … Read more
October 31, 2024 at 04:10PM Microsoft has reported that Chinese threat actors utilize the Quad7 botnet, composed of hacked SOHO routers, for password-spray attacks to steal credentials. The botnet employs custom malware for remote access and evades detection using a SOCKS5 proxy. Once credentials are obtained, networks are compromised to exfiltrate data. ### Meeting Takeaways … Read more
October 30, 2024 at 08:48AM Microsoft reports a two-week mass phishing campaign by Russia’s SVR, targeting over 100 organizations through novel techniques, including remote desktop protocol (RDP) configuration files. The campaign, which began on October 22, impersonates Microsoft and other providers, primarily affecting entities in the UK, Europe, Australia, and Japan. ### Meeting Takeaways 1. … Read more