Security News

Microsoft SQL servers hacked in TargetCompany ransomware attacks
2022-09-24 15:12

Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.

Microsoft: Windows KB5017383 preview update added to WSUS by mistake
2022-09-23 14:47

Microsoft says that KB5017383, this month's Windows preview update, has been accidentally listed in Windows Server Update Services and may lead to security update install problems in some managed environments. Such updates are optional and available for manual importing via Windows Updates and the Microsoft Update Catalog to avoid pushing untested releases into production.

Microsoft shares workarounds for Windows Group Policy issues
2022-09-23 11:28

Microsoft has acknowledged a known issue where copying files/shortcuts using Group Policy Preferences on Windows client devices might not work as expected after installing recent Windows cumulative updates released during this month's Patch Tuesday. On affected systems, files or shortcuts will not copy to the target drives or end up as zero-byte files when using Group Policy file operations.

Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws
2022-09-22 20:15

Data-stealing spyware disguised as a banking rewards app is targeting Android users, Microsoft's security team has warned. The Microsoft threat hunters' investigation began after receiving a text message claiming to be from India's ICICI bank's rewards program.

Microsoft adds 'systemd' to the Windows Subsystem for Linux
2022-09-22 18:03

Microsoft and Canonical have teamed up to add systemd support to the Windows Subsystem for Linux, allowing a larger number of compatible apps to be installed. As systemd is responsible for launching all other services, it runs as the first process created by the Linux kernel on startup.

Microsoft Exchange servers hacked via OAuth apps for phishing
2022-09-22 17:13

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. "The unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server."

Microsoft Defender for Endpoint will turn on tamper protection by default
2022-09-20 12:54

Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint for better defense against ransomware attacks.Once toggled on, it locks Microsoft Defender Antivirus to secure default values and will prevent any security settings changes.

Microsoft 365 phishing attacks impersonate U.S. govt agencies
2022-09-19 20:28

An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents. The lure in these phishing emails is a request for bids for lucrative government projects, taking them to phishing pages that are clones of legitimate federal agency portals.

Microsoft Outlook is disabling Teams Meeting add-in, how to fix
2022-09-19 16:52

Microsoft is investigating a known issue affecting Outlook for Microsoft 365 users and preventing them from creating Teams meetings using the app's ribbon menu. The Teams Meeting add-in, as its name says, can be found in the Calendar view and it enables Outlook users to schedule a Teams meeting from Outlook.

VMware, Microsoft warn of widespread Chromeloader malware attacks
2022-09-19 16:07

VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. On Friday evening, Microsoft warned about an "Ongoing wide-ranging click fraud campaign" attributed to a threat actor tracked as DEV-0796 using Chromeloader to infect victims with various malware.