Security

LATEST

Security hero image

Microsoft Cracks Down on Websites Generating Millions in Fraudulent Accounts

Last week, Microsoft disrupted a Vietnam-based threat group called Storm-1152. Microsoft’s Digital Crimes Unit (DCU) gained control of the domains used by the group to sell millions of fraudulent Microsoft accounts to other cybercriminals. The DCU team has obtained a court order from the Southern District of New York to take down the US-based digital…

View Article
warning-cyber-attack

Cybercriminals Exploit OAuth Apps for BEC and Phishing Attacks

Microsoft has issued a warning about cybercriminals exploiting OAuth for automated financial cyberattacks. The Threat Intelligence team has identified that threat actors are creating malicious OAuth apps to carry out password spraying, phishing, and crypto mining activities. OAuth (Open Authorization) is an open standard designed to offer secure third-party access to user resources on a…

View Article
microsoft security hero approved

Enhancing Cloud Security: Microsoft Details Best Practices to Thwart Identity Compromise

Microsoft has released a comprehensive guide to assist IT administrators in promptly and effectively responding to security breaches within their organizations. The Microsoft Incident Response team detailed best practices to protect workloads in cloud, on-premises, and hybrid environments. Decommission AD FS Microsoft explained that the Active Directory Federation Services (AD FS) could pose a significant…

View Article
Security

Log4j Saga Continues: Lazarus Hackers Exploit 2-Year-Old Flaw to Deploy New RAT Malware

Security researchers have disclosed that hackers are persistently exploiting the Log4j vulnerability to infiltrate organizations globally. The infamous Lazarus hacking group has recently exploited this flaw to launch a fresh wave of cyberattacks, deploying new remote access Trojans (RATs) coded in the D programming language. What is Log4j? The Log4j vulnerability, also known as Log4Shell,…

View Article
Security hero image

LogoFAIL Attack Exploits UEFI Logos, Posing Risks to Enterprise and Consumer Devices

Last Update: Dec 09, 2023

Security researchers have disclosed a new firmware vulnerability named LogoFAIL, which is capable of infiltrating a wide array of Windows and Linux machines. The attack allows threat actors to use malicious logo images to potentially compromise the security of devices from major vendors, including Intel, Acer, and Lenovo. Cybersecurity company Binarly has discovered a security…

View Article
Security

Russian Hackers Exploit Outlook Flaw to Breach Exchange Accounts

Microsoft has warned customers that a Russian state-sponsored hacking group (dubbed Forest Blizzard (STRONTIUM)) is actively exploiting an Outlook flaw to target Exchange Servers. The vulnerability could potentially unlock unauthorized access to emails and pave the way for the pilfering of sensitive information. In March, Microsoft disclosed a critical vulnerability in Outlook for Windows that…

View Article
Office 365

Microsoft Sunsets Defender Application Guard for Office: Here’s What You Need to Know

Microsoft has announced that it’s deprecating Defender Application Guard for Office this month. The company has quietly updated its support article to indicate that the security feature will no longer receive updates. “Microsoft Defender Application Guard for Office is being deprecated and is no longer being updated. This deprecation also includes the Windows.Security.Isolation APIs that…

View Article
Windows Logo

Microsoft Defender for Cloud Simplifies Onboarding with New Terraform Module

Microsoft has introduced a new Terraform module aimed at simplifying the onboarding process for Microsoft Defender for Cloud (MDC). This module enables organizations to configure MDC plans for their subscriptions or management groups using a minimal amount of code. Microsoft Defender for Cloud is a security solution that allows customers to protect cloud-based applications against…

View Article
Security hero image

Here’s How Researchers Bypassed Windows Hello Fingerprint Authentication on Dell, Lenovo, and Surface Laptops

Cybersecurity researchers from Blackwing HQ have managed to bypass Windows Hello fingerprint authentication on three different laptops from Dell, Lenovo, and Microsoft. The penetration tests were carried out at the request of Microsoft to assess the security of the fingerprint sensors used in these devices. Windows Hello is a biometric authentication feature that allows users…

View Article
Windows Logo

New Microsoft Defender Bounty Program Offers up to 20K Rewards

Microsoft announced yesterday the launch of its new Defender Bounty Program. The new program is aimed at enticing security researchers to unearth new vulnerabilities in the security solution in exchange for rewards between $500 and $20,000. The submissions must specify the severity (Critical or Important) and step-by-step instructions to reproduce the issue in the fully…

View Article
Go to page