Cyber Security Informer

Microsoft Defender tags Office updates as ransomware activity

Bleeping Computer

MARCH 16, 2022

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. [.].

Ransomware

Microsoft 365 adds 'External' email tags for increased security

Bleeping Computer

MARCH 8, 2021

Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [.].

Phishing

CISA tags Microsoft SharePoint RCE bug as actively exploited

Bleeping Computer

MARCH 27, 2024

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [.]

Microsoft Defender mistakenly tagging URLs as malicious

Bleeping Computer

MARCH 29, 2023

Microsoft Defender is mistakenly flagging legitimate links as malicious, with some customers having already received dozens of alert emails since the issues began over five hours ago. [.]

Microsoft fixes two Windows zero-days exploited in malware attacks

Bleeping Computer

APRIL 9, 2024

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. [.]

Malware

A Faster Path to Memory Safety: CHERI, Memory Tagging, and Control Flow Integrity

Security Boulevard

MARCH 12, 2024

The goal is to eliminate a broad class of software defects that make up to 70 percent of all vulnerabilities, according to researchers at Microsoft and Google. The post A Faster Path to Memory Safety: CHERI, Memory Tagging, and Control Flow Integrity appeared first on Security Boulevard.

Software

Microsoft: New critical Windows HTTP vulnerability is wormable

Bleeping Computer

JANUARY 11, 2022

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. [.].

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. Over the next couple of years Etienne (SensePost) and Nick dual discovered two additional sets of vectors which were eventually patched by Microsoft, including the abuse of Outlook Forms.

Authentication

Authentication Penetration Testing Technology Phishing

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Media Accountability Software

Microsoft Defender scares admins with Emotet false positives

Bleeping Computer

NOVEMBER 30, 2021

Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload. [.].

Malware

Google discovers Windows exploit framework used to deploy spyware

Bleeping Computer

NOVEMBER 30, 2022

Google's Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. [.].

Spyware

Spyware Software

Windows 'RemotePotato0' zero-day gets an unofficial patch

Bleeping Computer

JANUARY 13, 2022

A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix." [.].

Windows 10 22H2 now in broad deployment, available to everyone

Bleeping Computer

NOVEMBER 22, 2022

Microsoft has tagged Windows 10, version 22H2 (aka the Windows 10 2022 Update) for broad deployment, thus making it available to everyone via Windows Update. [.].

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics

The Hacker News

DECEMBER 7, 2023

The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53),

Microsoft Defender ATP detects Chrome updates as PHP backdoors

Bleeping Computer

FEBRUARY 3, 2021

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. [.].

Malware

Unmasking HotRat: The hidden dangers in your software downloads

Security Boulevard

JULY 19, 2023

Would you like to get the last version of Microsoft Office or Adobe Photoshop? Well, in this case it comes with a hefty hidden price tag. We all love a good deal, right? And what's better than free? And what about some games like Age of Empires IV or Sniper Elite 4? All for free!

Software

Software Malware

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Our policy is to quickly report vulnerabilities to vendors, and within a few hours of discovering this 0-day, we reported it to Microsoft and patches were released to protect users from these attacks.” ” reads the post published by TAG. Google TAG shared indicators of compromise (IOCs) for this campaign.

Internet

Internet Internet Engineering Malware

Microsoft Defender flags Google Chrome updates as suspicious

Bleeping Computer

APRIL 20, 2022

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. [.].

Microsoft Office 365 to add better protection for priority accounts

Bleeping Computer

JANUARY 31, 2022

Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often targeted by attackers). [.].

Accountability

Microsoft: Office 365 is blocking emails from Google, LinkedIn domains

Bleeping Computer

MAY 10, 2021

Microsoft is working on addressing an Office 365 issue that has resulted in legitimate emails sent from multiple domains (including Google and LinkedIn) getting tagged as malicious and quarantined. [.].

Trend Micro antivirus modified Windows registry by mistake — How to fix

Bleeping Computer

MAY 7, 2022

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified. [.].

Antivirus

Antivirus Malware Technology

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

Heimadal Security

JANUARY 14, 2022

An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. The flaw is located in the Windows RPC Protocol and was dubbed RemotePotato0 by security researchers.

Cybersecurity

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

Researchers at Google’s Threat Analysis Group (TAG) have published their findings about a group they have dubbed Coldriver. Recently, TAG has noticed that the group uses “lure documents” to install a backdoor on the target’s system. TAG has created a YARA rule that cab help find the Spica backdoor.

Social Engineering

Social Engineering Government Media DNS

Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security

AUGUST 9, 2022

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. The CVSS for this vulnerability is 8.8.”

Authentication

Authentication Internet Internet Cyber threats

Microsoft Patch Tuesday, December 2022 Edition

Krebs on Security

DECEMBER 14, 2022

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The security updates include patches for Azure , Microsoft Edge, Office , SharePoint Server , SysInternals , and the.NET framework.

Social Engineering

Social Engineering Ransomware Software Engineering

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier

The Hacker News

DECEMBER 7, 2022

A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based based military weapons and hardware supplier.

Hacking

Hacking Cybersecurity

Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

The Hacker News

MARCH 18, 2022

Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.

Ransomware

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

The Hacker News

AUGUST 23, 2022

and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known

Accountability

Accountability Government Malware Software

December 2022 Patch Tuesday fixed 2 zero-day flaws

Security Affairs

DECEMBER 14, 2022

Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates fixed two zero-day vulnerabilities; one of the new issues addressed this month is listed as publicly known at the time of release, and one is actively exploited. .

Hacking

Hacking Information Security

CISA warns admins to urgently patch Exchange ProxyShell bugs

Bleeping Computer

AUGUST 23, 2021

The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities. [.].

Cybersecurity

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. – CVE-2021-33739 , an elevation of privilege flaw in the Microsoft Desktop Window Manager.

Backups

Backups Cyber threats Ransomware Phishing

Google alerts over 50k users about State funded Cyber Attacks

CyberSecurity Insiders

OCTOBER 18, 2021

Ajax Bash, the Security Engineer of Google Threat Analysis Group (TAG) endorsed the statement and attributed a large global campaign to a group of threat actors belonging to Kremlin based Fancy Bear (APT28).

Cyber Attacks

Cyber Attacks Cyber threats Accountability Engineering

Weekly Update 359

Troy Hunt

AUGUST 5, 2023

Case in point: read my pain from last night about converting thousands of words of lawyer speak T&Cs from Microsoft Word to HTML. I settled for dumping stuff in a <pre> tag for now and will invest the time in doing it right later on.)

Passwords

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware

Spyware Cyber Insurance Hacking Advertising

News alert: DigiCert extends cert management platform to support Microsoft CA, AWS Private CA

The Last Watchdog

AUGUST 8, 2023

8, 2023 – DigiCert today announced the expansion of its certificate management platform, DigiCert Trust Lifecycle Manager, to provide full lifecycle support for multiple CAs including Microsoft CA and AWS Private CA, as well as integration with ServiceNow to support existing IT service workflows. Lehi, Utah, Aug.

Authentication

Authentication Technology VPN Software

DMARC Setup & Configuration: Step-By-Step Guide

eSecurity Planet

JUNE 1, 2023

To avoid issues, we need to understand the DMARC record tags in detail. DMARC Record Tags in Detail To understand the DMARC record, we start with an example record and then explore the detailed options for each tag. Tags are separated by semicolons ( ; ) with no extra spaces.

DNS

DNS Authentication Marketing eCommerce

Exotic Lily initial access broker works with Conti gang

Security Affairs

MARCH 19, 2022

Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation.

Cybercrime

Cybercrime Social Engineering Ransomware Engineering

SAP Patch Day: January 2024

Security Boulevard

JANUARY 9, 2024

SAP HotNews Security Note #3411067 , tagged with a CVSS score of 9.1, SAP Security Note #3413475 , tagged with a CVSS score of 9.1, SAP Security Note #3412456 , tagged with a CVSS score of 9.1, The HotPriority Notes in Detail SAP Security Note #3411869 , tagged with a CVSS score of 8.4, HTTP/1 is not affected.

Internet

Internet Internet Marketing Technology

US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog

Security Affairs

JANUARY 11, 2023

US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The first issue, tracked as CVE-2022-41080 , is a Microsoft Exchange server privilege escalation vulnerability. The new exploit chain bypasses Microsoft’s mitigations for ProxyNotShell vulnerabilities.

Ransomware

Ransomware Hacking Government Risk

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. “Microsoft’s public bulletin doesn’t say exactly what type of file (images? . Office documents? all of them?)

Energy and Utilities

Energy and Utilities Authentication Firewall Engineering

Patch Tuesday, December 2018 Edition

Krebs on Security

DECEMBER 11, 2018

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications.

Software

Software Internet Internet Malware

Microsoft Patch Tuesday fix Outlook zero-day actively exploited

Security Affairs

MARCH 14, 2023

Microsoft Patch Tuesday updates for March 2023 addressed 74 vulnerabilities, including a Windows zero-day exploited in ransomware attacks. The CVE-2023-23397 flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. ” reads the advisory published by Microsoft. ” states Microsoft.

Authentication

Authentication Ransomware Hacking Malware

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. Over the next couple of years Etienne (SensePost) and Nick dual discovered two additional sets of vectors which were eventually patched by Microsoft, including the abuse of Outlook Forms.

Authentication

Authentication Penetration Testing Technology Phishing

Microsoft Defender tags Office updates as ransomware activity

Microsoft 365 adds 'External' email tags for increased security

Trending Sources

CISA tags Microsoft SharePoint RCE bug as actively exploited

Microsoft Defender mistakenly tagging URLs as malicious

Microsoft fixes two Windows zero-days exploited in malware attacks

A Faster Path to Memory Safety: CHERI, Memory Tagging, and Control Flow Integrity

Microsoft: New critical Windows HTTP vulnerability is wormable

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

North Korea-linked threat actors target cybersecurity experts with a zero-day

Microsoft Defender scares admins with Emotet false positives

Google discovers Windows exploit framework used to deploy spyware

Windows 'RemotePotato0' zero-day gets an unofficial patch

Windows 10 22H2 now in broad deployment, available to everyone

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics

Microsoft Defender ATP detects Chrome updates as PHP backdoors

Unmasking HotRat: The hidden dangers in your software downloads

APT37 used Internet Explorer Zero-Day in a recent campaign

Microsoft Defender flags Google Chrome updates as suspicious

Microsoft Office 365 to add better protection for priority accounts

Microsoft: Office 365 is blocking emails from Google, LinkedIn domains

Trend Micro antivirus modified Windows registry by mistake — How to fix

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

Coldriver threat group targets high-ranking officials to obtain credentials

Microsoft Patch Tuesday, August 2022 Edition

Microsoft Patch Tuesday, December 2022 Edition

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier

Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

December 2022 Patch Tuesday fixed 2 zero-day flaws

CISA warns admins to urgently patch Exchange ProxyShell bugs

Microsoft Patches Six Zero-Day Security Holes

Google alerts over 50k users about State funded Cyber Attacks

Weekly Update 359

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

News alert: DigiCert extends cert management platform to support Microsoft CA, AWS Private CA

DMARC Setup & Configuration: Step-By-Step Guide

Exotic Lily initial access broker works with Conti gang

SAP Patch Day: January 2024

US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog

Microsoft Targets Critical Outlook Zero-Day Flaw

Patch Tuesday, December 2018 Edition

Microsoft Patch Tuesday fix Outlook zero-day actively exploited

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

Stay Connected