Tag: microsoft

Microsoft links North Korean hackers to new FakePenny ransomware
News

Microsoft links North Korean hackers to new FakePenny ransomware

Microsoft has connected the FakePenny ransomware assaults, which have resulted in requests for millions of dollars in ransom, to a hacking gang based in North Korea that it tracks as Moonstone Sleet. Although the tactics, techniques, and procedures (TTPs) of this threat organization were mainly similar to those of previous North Korean attackers, it has also gradually incorporated new attack strategies and developed its own unique infrastructure and tooling. Moonstone Sleet, formerly known as Storm-17, has been seen targeting financial and cyberespionage targets with trojanized software (like PuTTY), malicious games and npm packages, custom malware loaders, and phony software development companies read more Microsoft links North Korean hackers to new FakePenny ransomware. Get up ...
The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
News

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft said on Wednesday that it will phase out Visual Basic Script (VBScript) in favor of more sophisticated options like JavaScript and PowerShell starting in the second half of 2024. More potent and adaptable scripting languages like JavaScript and PowerShell have emerged as a result of technological advancements over time, according to Microsoft Program Manager Naveen Shankar. These languages are more appropriate for contemporary web development and automation activities because of their wider range of features. The IT giant first declared that starting in October 2023, VBScript would be phased retired. Originally released by Microsoft in 1996 as a Windows system component read more Microsoft Phases Out VBScript for JavaScript and PowerShell. Get up to date on the late...
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
News

Microsoft fixes Windows zero-day exploited in QakBot malware attacks

A zero-day vulnerability that was used in campaigns to install QakBot and other malware payloads on susceptible Windows systems has been patched by Microsoft. This privilege escalation flaw, tracked as CVE-2024-30051, is brought on by a heap-based buffer overflow in the core library of the Desktop Window Manager (DWM). After an attack is successful, the attacker can obtain SYSTEM privileges. When generating graphical user interface features like glass window frames and 3D transition animations, the OS can employ hardware acceleration thanks to the Desktop Window Manager Windows service, which was first released in Windows Vista. While looking into another Windows DWM Core Library privilege escalation problem, tracked as CVE-2023-36033 and also used as a zero-day in attacks, Kaspe...
GitHub comments abused to push malware via Microsoft repo URLs
News

GitHub comments abused to push malware via Microsoft repo URLs

Threat actors are using a GitHub bug, or perhaps a design choice, to spread malware via URLs linked to a Microsoft repository, giving the files the appearance of being reliable. Threat actors could utilize this "flaw" to generate very convincing lures using any public repository on GitHub, even though the majority of malware activity has been focused on Microsoft GitHub URLs. A new LUA malware loader was discovered by McAfee yesterday, and it was made available via what looked to be an authentic Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," or vcpkg. Although the malware installers' URLs, which are displayed below, unmistakably point to the Microsoft repository, we were unable to locate any mention of the files in the project's source co...
U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
News

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

Microsoft has come under fire from the U.S. Cyber Safety Review Board (CSRB) for a string of security failings that allowed a nation-state group named Storm-0558, based in China, to compromise almost two dozen businesses in Europe and the United States last year. According to the Department of Homeland Security (DHS) findings, which were made public on Tuesday, the attack was avoidable and only succeeded as a result of a "cascade of Microsoft's avoidable errors. The Department of Homeland Security (DHS) said in a statement that it had discovered a number of Microsoft operational and strategic choices that, taken as a whole, suggested a corporate culture that devalued enterprise security investments and strict risk management. This was in conflict with the company's prominence in...
Microsoft Confirms Russian Hackers Stole Source Code and Some Customer Secrets
News

Microsoft Confirms Russian Hackers Stole Source Code and Some Customer Secrets

Microsoft disclosed on Friday that after a hack that surfaced in January 2024, the threat actor known as Midnight Blizzard—also known as APT29 or Cozy Bear—with support from the Kremlin was able to access a number of its internal systems and source code repositories. The computer company claimed that in recent weeks, they have observed proof that Midnight Blizzard is attempting to obtain unauthorized access by leveraging data that was first exfiltrated from their corporate email systems. Access to a few of the business's internal systems and source code repositories has been part of this. We have not yet discovered any proof that systems hosted by Microsoft that interact with customers have been hacked. Redmond, which is still looking into the scope of the breach, stated that the...
Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies
News

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

More than six months after it was revealed that a China-linked cyber espionage campaign was targeting two dozen organizations, Microsoft has extended free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit, regardless of license tier. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated that Microsoft "will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days." Furthermore, this data will offer enhanced telemetry, aiding numerous federal agencies in fulfilling logging prerequisites as mandated by the Office of Management and Budget Memorandum M-21-31. In July 2023, Microsoft reported that an activity group named Storm-0558, originating from China, unlawfully infil...
Microsoft expands free logging capabilities after May breach
News

Microsoft expands free logging capabilities after May breach

Six months after revealing that Chinese hackers had secretly taken emails belonging to the United States government during an Exchange Online breach that occurred between May and June 2023, Microsoft has increased the amount of free logging capabilities for all Purview Audit standard customers, including federal agencies in the United States. Since disclosing the incident, the company has collaborated with CISA, the Office of Management and Budget (OMB), and the Office of the National Cyber Director (ONCD) to guarantee that government agencies are now in possession of all the logging data required to identify such assaults in the future. According to a press release released today, "extended logging will be available to all agencies using Microsoft Purview Audit starting this month ...
Microsoft Introduces Linux-Like ‘sudo’ Command to Windows 11
News

Microsoft Introduces Linux-Like ‘sudo’ Command to Windows 11

Microsoft said that to facilitate the execution of commands with administrator capabilities, Sudo will be included in an early preview version of Windows 11. Microsoft Product Manager Jordi Adoumie stated, "Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session." "It is an ergonomic and familiar solution for users who want to elevate a command without having to first open a new elevated console." For Unix-like computer operating systems, the software sudo, short for superuser do, enables users to execute programs with the security capabilities read more Microsoft Introduces Linux Like sudo Command to Windows 11. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough cov...