February 1, 2024 at 10:42AM Free unofficial patches are available for the Windows zero-day flaw, EventLogCrasher, impacting all versions from Windows 7 to Windows 11 and server editions. The vulnerability allows attackers to remotely crash the Event Log service, impacting Security Information and Event Management systems. 0patch has launched micropatches for affected systems until an … Read more
January 26, 2024 at 07:39PM Microsoft confirmed that a Kremlin-backed espionage group, Midnight Blizzard, breached its network through a non-MFA-enabled account, stealing emails and files from executives. The attackers used password spray attacks to gain access and leverage residential networks as proxies. Microsoft is urging the adoption of MFA and enhancing security measures to prevent … Read more
January 24, 2024 at 06:07AM Microsoft revealed a second breach by Russian cyber spies, Cozy Bear, who stole emails and files from the tech giant’s leadership and security teams. The company is uncertain about the breach’s financial impact but has faced similar incidents before. Concerns about Microsoft’s security practices were raised by a US Senator, … Read more
January 22, 2024 at 05:05PM Microsoft’s corporate systems fell victim to a cyberattack by the Russian nation-state actor behind the 2020 SolarWinds Orion software breach. The intrusion, discovered on Jan. 12, breached a small percentage of corporate email accounts, including those of senior leadership, cybersecurity, and legal teams. Microsoft pledged to enhance cybersecurity measures and … Read more
January 19, 2024 at 07:15PM Chinese cyberspies have been exploiting a VMware security vulnerability, CVE-2023-34048, allowing them to hijack vulnerable servers. Meanwhile, a Moscow-backed group breached a small percentage of Microsoft corporate email accounts. Additionally, CISA issued an emergency directive to mitigate Ivanti Connect Secure zero-days, likely targeted by Chinese nation-state attackers. Persistent concerns exist … Read more
January 11, 2024 at 01:35PM Microsoft released a PowerShell script to automate updating the WinRE partition and fix CVE-2024-20666, a BitLocker encryption bypass vulnerability. This addresses a known issue causing KB5034441 install failures on Windows 10, leaving devices vulnerable. The script applies an architecture-specific Safe OS Dynamic Update and reconfigures WinRE for BitLocker service. It’s … Read more
January 9, 2024 at 02:11PM Microsoft’s January 2024 Patch Tuesday addresses 49 flaws and 12 remote code execution vulnerabilities. Notably, a Windows Kerberos Security Feature Bypass and a Hyper-V RCE were classified as critical. Microsoft also addressed an Office Remote Code Execution Vulnerability and other flaws. Other vendors released updates, including .NET, Azure, Microsoft Edge, … Read more
January 3, 2024 at 07:07PM Microsoft disabled the ms-appinstaller URI scheme due to its misuse by threat actors to install malware. The scheme was re-enabled on August 5, 2022, for some enterprise customers. However, its abuse allowed bypassing of Microsoft’s security checks. Microsoft is revoking abused code signing certificates and advising updates and policy changes … Read more
December 21, 2023 at 03:30PM Microsoft warns of APT33 Iranian cyber-espionage group using FalseFont backdoor malware to target over 100,000 defense companies globally. Known as Peach Sandstorm, the group has been active since 2013, targeting industries across the US, Saudi Arabia, and South Korea. Network defenders are advised to reset credentials and use multi-factor authentication … Read more
December 19, 2023 at 04:05PM Researchers disclosed two security vulnerabilities in Microsoft Outlook, which, when combined, allow attackers to execute arbitrary code on systems without any user interaction. The vulnerabilities can be triggered using a sound file. Akamai identified the flaws and Microsoft has issued patches, but additional vulnerabilities in the patches have also been … Read more