Microsoft

Mobile Security

Issued by: Dark Reading

A version of the Shein shopping application in the Google Play store with more than 100 million downloads was unnecessarily accessing Android-device clipboard contents, creating a potential security threat, according to Microsoft. The software giant said in a blog post from Microsoft Threat Intelligence that it asked Shein to remove the feature from its Android…

Cloud Security

Issued by: Dark Reading

The rise of the cloud has made business more agile, flexible, and streamlined, which are all solid reasons why over 90% of enterprises have committed to a multicloud strategy. But complexity creates seams where secrets leak out. Recent high-profile breaches at Microsoft and at airports have made misconfigured S3 buckets a cybersecurity trope. However, configuration…

Cloud Security

Issued by: Dark Reading

Late last year, a group of threat actors managed to obtain “verified publisher” status through the Microsoft Cloud Partner Program (MCPP). This allowed them to surpass levels of brand impersonation ordinarily seen in phishing campaigns, as they distributed malicious applications bolstered by a verified blue badge only ever given to trusted vendors and service providers…

Malware & Threats

Issued by: CSO Online

Microsoft has worked to illuminate the evolving digital threat landscape with in-depth security reports for more than 15 years. Our mission first began with the Microsoft Security Intelligence Report, which ran from 2005 to 2018. It has since evolved into the Microsoft Digital Defense Report, which was first released in 2020. This latest edition explores…

Software Security

Issued by: Dark Reading

The recent ransomware incident at Rackspace that took down the company’s hosted Microsoft Exchange server environment has focused attention on the often-risky gamble that security teams take when choosing to mitigate a vulnerability — rather than apply a patch for it. Last week, Rackspace disclosed that a Dec. 2 intrusion into the hosting company’s Exchange…

Malware & Threats

Issued by: The Hacker News

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. “This ransomware variant, dubbed ‘PolyVice,’ implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms,” SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under the…

Malware & Threats

Issued by: The Hacker News

France’s privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft’s Ireland subsidiary for dropping advertising cookies in users’ computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l’informatique et des libertés (CNIL) noted that users visiting the home page of its Bing…

Malware & Threats

Issued by: Dark Reading

In November, Ukraine’s president revealed that the country’s IT defenses fended off more than 1,300 Russian cyberattacks, including attacks on satellite communications infrastructure. The onslaught of cyberattacks highlights one of the shifts in advanced persistent threat (APT) attacks seen in the past year: In 2022, geopolitical tensions ratcheted up, and along with them, cyber operations…