Microsoft Archives - Cyber Security Minute

Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

Issued by: Security Affairs

Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.” warned Microsoft. The flaw is an authentication bypass vulnerability…

Cloud Security, Software Security

Beware the tools that can bring risk to a Windows network

Issued by: CSO Online

There are a few essential questions that anyone maintaining security on a Windows network needs to ask right now to avoid engaging in some very risky behavior, but there’s one that may be the most important of all — are you aware of tools in your network that may be bringing more risk? Many of…

Malware & Threats

Visual Studio Code Has a Malicious Extension Problem

Issued by: DataBreach Today

Cybersecurity researchers said an experiment in developing a fake, malicious extension for the world’s most popular integrated development environment succeeded beyond their wildest expectations. Researchers Amit Assaraf, Itay Kruk, and Idan Dardikman uploaded an extension to Microsoft source code editing platform Visual Studio Code masquerading as “Dracula Official,” a color theme that records nearly 7.2…

Vulnerabilities

Microsoft, Late to the Game on Dangerous DNSSEC Zero-Day Flaw

Issued by: Dark Reading

Among the more dangerous of the flaws for which Microsoft released a patch this week on Patch Tuesday is a denial-of-service (DoS) vulnerability publicly disclosed back in February in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability, identified as CVE-2023-50868 exists in a third-party DNSSEC mechanism called Next Secure Hash 3 (NSEC3) for…

Software Security

Microsoft Now Promises Extra Security for AI-Driven Recall

Issued by: DataBreach Today

How in the world has Microsoft’s leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? Recall for Copilot+ is designed to capture screenshots of everything a user does on their Windows PC for potential replay later. To give Microsoft the benefit of the…

Malware & Threats

Microsoft: ‘Moonstone Sleet’ APT Melds Espionage, Financial Goals

Issued by: Dark Reading

Researchers at Microsoft have identified a North Korean threat group carrying out espionage and financial cyberattacks concurrently, using a grab bag of different attack techniques against aerospace, education, and software organizations and developers. In the beginning, Microsoft explained in a blog post, Moonstone Sleet heavily overlapped with the known DPRK advanced persistent threat (APT) Diamond…

Software Security

Microsoft’s ‘Recall’ Feature Draws Criticism From Privacy Advocates

Issued by: Dark Reading

Microsoft’s plans to introduce a “Recall” feature powered by artificial intelligence in its Copilot+ PCs lineup has evoked considerable privacy concerns. But the extent to which these concerns are fully justified remains a somewhat open question at the moment. Recall is technology that Microsoft has described as enabling users to easily find and remember whatever…

Vulnerabilities

Microsoft fixes three zero-day vulnerabilities, two actively exploited

Issued by: CSO Online

Microsoft released its monthly batch of security fixes on Tuesday, which included patches for three vulnerabilities that already had exploits available. Two of those vulnerabilities are being actively exploited, with one being used by multiple groups to deliver malware, including the QakBot trojan. Microsoft’s updates addressed 61 vulnerabilities across its products, but only one was…

Vulnerabilities

Microsoft Patches Zero-Day Exploited by QakBot

Issued by: DataBreach Today

Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. U.S. authorities in August dismantled the botnet, also known as Qbot, and told reporters that it “ceased to operate” as a result of an antimalware campaign dubbed Operation Duck Hunt. Malware…

Vulnerabilities

Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account

Issued by: The Hacker News

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple…