Facebook Data Deals Extend to Microsoft, Amazon, Netflix
If you shared data with Facebook over the past few years, there’s a high chance Facebook handed it to Microsoft, Amazon, Spotify, or any of the other 150 companies that benefited from extensive data-sharing deals with the social media giant, The New York Times reports. Internal Facebook records provide a more detailed look at data-sharing…
Most impersonated brands in email attacks? Microsoft and Amazon
Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari. Microsoft was impersonated in 36 percent of all (brand) display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks. Amazon and Microsoft run…
What is an RDP attack? 7 tips for mitigating your exposure
Microsoft’s Remote Desktop Protocol (RDP) is used for remotely connecting to Windows systems. In an RDP attack, criminals look for unsecured RDP services to exploit and access enterprise networks. It’s frighteningly easy to do so because many organizations fail to secure RDP services against improper access. Over the past year, RDP has become the top…
New Office 365 phishing attack uses malicious links in SharePoint documents
Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in security, Avanan researchers warn. The cloud security company says that the phishing attack was leveraged against some 10% of its Office 365 customers in the past two weeks and they believe…
Microsoft Patch Tuesday Updates Fix Over 50 Vulnerabilities
Microsoft’s Patch Tuesday updates for July 2018 address more than 50 vulnerabilities, but none of them appear to have been exploited for malicious purposes before the fixes were released. The company has classified 18 of the flaws as critical and, similar to previous months, they mostly affect the Edge and Internet Explorer web browsers. Many…
Microsoft offers new Azure AD tool to nix easily guessed passwords
Predictable, easy-to-guess passwords are often the weak link that ends up breaking the security chain and attackers know this. “They know to account for character substitutions like ‘$’ for ‘s’. They also that if there are complexity rules, most people will apply them in the same way: by starting a word with a capital letter…
Microsoft brings cloud security services to better protect Windows 10
Attackers regularly attempt to wiggle their way into your network and then try to cover their tracks. By the time you determine that someone has breached your network, the evidence of how they got in might have rolled off your log files. You would like to better understand how attackers can use lateral movement inside…
Macro-less malware: The cyclical attack
Last year, attackers linked to the Russian hacking group APT28 (sometimes called Fancy Bear) started hacking like its 1999 with Microsoft Word-based malware that doesn’t trigger security warnings along the way. These types of attacks are called “macro-less malware” because they bypass the security warnings added to Microsoft Office programs in response to traditional macro…
Exploits and fileless malware drive record new malware surge
McAfee released its McAfee Labs Threat Report: December 2017, examining the growth and trends of new malware, ransomware, and other threats in Q3 2017. McAfee Labs saw malware reach an all-time high of 57.6 million new samples – four new samples per second – featuring developments such as new fileless malware using malicious macros, a…
Windows Defender Immune to AVGater Quarantine Flaw: Microsoft
A recently disclosed vulnerability that allows an attacker to abuse the quarantine feature of anti-virus products to escalate privileges doesn’t affect Windows Defender, Microsoft says. Dubbed AVGater, the new attack method relies on a malicious DLL being quarantined by an anti-virus product and then abuses the security program’s Windows process to restore the file.