Security News

Microsoft's warning on Wednesday that the China-sponsored actor Volt Typhoon attacked U.S. infrastructure put a hard emphasis on presentations by cybersecurity and international affairs experts that a global war in cyberspace is pitting authoritarian regimes against democracies. Microsoft's notification pointed out that Volt Typhoon - which hit organizations in sectors spanning IT, communications, manufacturing, utility, transportation, construction, maritime, government and education - has been pursuing a "Living off the land" strategy focused on data exfiltration since 2021.

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files are encrypted email message attachments created using Microsoft's Rights Management Services and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....

Microsoft says some 32-bit applications are impacted by recurring failures when saving and copying files across multiple Windows versions. The intermittent issue only affects apps that are large address aware and are also using the CopyFile API on Windows 11 21H2 and 22H2 or Windows 10 21H2 and 22H2. "Windows devices are more likely to be affected by this issue when using some commercial/enterprise security software which uses extended file attributes," Microsoft said.

China has attacked critical infrastructure organizations in the US using a "Living off the land" attack that hides offensive action among everyday Windows admin activity. The attack was spotted by Microsoft and acknowledged by intelligence and infosec agencies from the Five Eyes nations - Australia, Canada, New Zealand, the UK and the US. A joint cyber security advisory [PDF] from ten agencies describes "a recently discovered cluster of activity of interest associated with a People's Republic of China state-sponsored cyber actor, also known as Volt Typhoon."

A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. Notably, the malware communicates with its command-and-control server via emails sent using the Exchange Web Services API, sending stolen info and receiving base64-encoded commands through text attachments to emails with the "Update Microsoft Edge" subject.

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services. "GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center, which detailed the advanced persistent threat's continued abuse of DLL side-loading techniques to deploy malware.

Microsoft has updated PowerToys with two new tools that help control multiple Windows systems with the same keyboard/mouse and quickly preview various file types. As its name implies, the new Mouse Without Borders utility can let users control up to four computers using a single mouse and keyboard.

It does exactly what the name suggests: Users can drag and drop unstructured data from Excel - or give Copilot a link to the file - and the Power Platform will analyze it, enrich it with the extra information Dataverse needs, and turn it into an app, Nirav Shah, the vice president of Dataverse at Microsoft explained to TechRepublic. Data in Excel might be easy for users to work with individually, but bringing it to Dataverse connects it to a range of new AI tools.