Microsoft Archives - Page 6 of 17 - Cyber Security Minute

DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions

Issued by: Dark Reading

It generally starts with malvertising and ends with the deployment of Royal ransomware, but a new threat group has distinguished itself by its ability to innovate the malicious steps in between to lure in new targets. The cyberattack group, tracked by Microsoft Security Threat Intelligence as DEV-0569, is notable for its ability to continuously improve…

Software Security

Moving your Microsoft environment to zero trust

Issued by: Help Net Security

Zero trust is a concept that’s easy to grasp but incredibly difficult to implement. It touches almost every system, component, application, and resource within an enterprise, and requires a strategic framework and specific tools and technologies to achieve best practice results. As organizations move Microsoft environments towards zero trust, it’s vital to ensure that all…

Malware & Threats

Microsoft Links Prestige Ransomware Attacks to Russian State-Sponsored Hackers

Issued by: Security Week

Initially detailed in October, the Prestige ransomware has been used in attacks against transportation and related logistics organizations in Ukraine and Poland, with some of the victims previously infected with the destructive HermeticWiper malware (FoxBlade). At the time, Microsoft said that the attacks did not appear to be related to known ransomware campaigns, despite the…

Vulnerabilities

Microsoft Patches MotW Zero-Day Exploited for Malware Delivery

Issued by: Security Week

Windows adds the MotW to files coming from untrusted locations, including browser downloads and email attachments. When trying to open files with the MotW, users are warned about the potential risks or, in the case of Office, macros are blocked to prevent malicious code execution. However, there are ways to bypass MotW defenses. Researcher Will…

Malware & Threats

Microsoft Scrambles to Thwart New Zero-Day Attacks

Issued by: Security Week

For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a state-sponsored threat actor for several months. As part of its scheduled Patch Tuesday update process,…

Vulnerabilities

Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge

Issued by: Security Week

The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates…

Malware & Threats

New ‘Prestige’ Ransomware Targets Transportation Industry in Ukraine, Poland

Issued by: Security Week

Initially observed last week, the activity surrounding the new malware family, which labels itself Prestige, does not appear to be connected with any of the ransomware or threat groups that Microsoft currently tracks, and is currently referred to as DEV-0960. However, the tech giant warns of potential overlaps with previously observed Russian state-sponsored activity through…

Vulnerabilities

Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data

Issued by: Security Week

Issues with ECB are not unknown. In its Announcement of Proposal to Revise Special Publication 800-38A, NIST wrote, “The ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal… the use of ECB to encrypt confidential information constitutes a…

Vulnerabilities

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Issued by: Help Net Security

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About…

Vulnerabilities

Microsoft Confirms Exploitation of Two Exchange Server Zero-Days

Issued by: Security Week

GTSC, a cybersecurity company based in Vietnam, reported seeing attacks exploiting two new Microsoft Exchange zero-day vulnerabilities. The firm believes the attacks, which were first seen in August and aimed at critical infrastructure, were launched by a Chinese threat group. Technical details on the vulnerabilities have not been made public, but GTSC did say that…