Security News > 2022 > June
Microsoft has released out-of-band Windows updates to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates. Today's OOB updates will be automatically installed via Windows Update and can also be downloaded and installed manually via the Microsoft Update Catalog.
A new DFSCoerce Windows NTLM relay attack has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain. This service is vulnerable to NTLM relay attacks, which is when threat actors force, or coerce, a domain controller to authenticate against a malicious NTLM relay under an attacker's control.
This month's Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service enabled. One of the more severe problems is the servers freezing for several minutes after a client connects to the RRAS server with SSTP. Windows Remote Desktop and VPN connectivity issues.
Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police? Despite the not-very-threatening outcome when Rober later releases the insects inside a scam call centre where he has access to footage from the CCTV feed, the video gives a good visual indication of just how industriously and unrelentingly these scammers operate.
Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. According to data breach notifications sent to exposed customers, Flagstar experienced a security incident in December 2021 when intruders breached the bank's corporate network.
People in Russia can no longer download Windows 10 and Windows 11 ISOs and installation tools from Microsoft, with no reason for the block provided by the company. Using a VPN server located in Russia, BleepingComputer has confirmed that attempting to download the Windows 10 Update Assistant, the Windows 10 Media Creation Tool, and the Windows 11 Installation Assistant, Russian users are shown a message stating, "404 - File or Directory not found."
A recently launched carding site called 'BidenCash' is trying to get notoriety by leaking credit card details along with information about their owners. On Thursday, June 16, BidenCash admins decided to give away a CSV file containing names, addresses, telephone numbers, emails, and credit card numbers for free to promote their platform.
A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. The operation is ongoing and the threat actor behind it uses fake voicemail notifications to lure victims into opening a malicious HTML attachment.
The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "Misconfigured web application firewall."
More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found. Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years.