Security News

Microsoft pushes OOB security updates for Windows Snipping tool flaw
2023-03-25 17:54

Microsoft released an emergency security update for the Windows 10 and Windows 11 Snipping tool to fix the Acropalypse privacy vulnerability. With this bug, both the Google Pixel's Markup Tool and the Windows Snipping Tool were found to be leaving the cropped data within the original file.

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
2023-03-25 06:13

Microsoft on Friday shared guidance to help customers discover indicators of compromise associated with a recently patched Outlook vulnerability.Tracked as CVE-2023-23397, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager hashes and stage a relay attack without requiring any user interaction.

Microsoft shares tips on detecting Outlook zero-day exploitation
2023-03-24 20:09

Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. Microsoft also shared guidance on how to block future attacks targeting this vulnerability, urging organizations to install the recently released Outlook security update.

CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud
2023-03-24 19:16

American cybersecurity officials have released an early-warning system to protect Microsoft cloud users. Dubbed the Untitled Goose Tool, CISA said it "Offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services."

CISA releases free tool for detecting malicious activity in Microsoft cloud environments
2023-03-24 12:31

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory, and Microsoft 365 cloud environments have a new free solution at their disposal: Untitled Goose Tool. As an agency charged with - among other things - helping US-based organizations in the government and private sector protect themselves against cyber attackers, CISA regularly releases free open-source services and tools for defenders to use.

Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
2023-03-23 23:33

Competitors successfully exploited zero-day bugs in multiple products during the second day of Pwn2Own Vancouver 2023, including the Tesla Model 3, Microsoft's Teams communication platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop operating system. Team Viettel hacked also Microsoft Teams via a 2-bug chain to earn $78,000 and Oracle's VirtualBox using a Use-After-Free bug and an uninitialized variable for $40,000.

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office
2023-03-23 19:18

New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign. According to Microsoft, the threat actor described the kit as a phishing application with "Reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook."

New CISA tool detects hacking activity in Microsoft cloud services
2023-03-23 18:34

The U.S. Cybersecurity & Infrastructure Security Agency has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

Microsoft fixes Acropalypse privacy bug in Windows 11 Snipping Tool
2023-03-23 17:23

Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed 'Acropalypse' privacy flaw that allows the partial restoration of cropped images. As first spotted by Windows enthusiast Xeno, Microsoft released Windows 11 Snipping Tool version 11.2302.20.0 yesterday to Windows Insiders in the Canary channel via the Microsoft Store.

Microsoft adding a USB4 troubleshooting page to Windows 11
2023-03-22 17:56

Microsoft has released a new Windows 11 preview build that adds a new dedicated USB4 settings page and support for displaying seconds in the system tray clock. "We are adding a USB4 hubs and devices Settings page for users under Settings > Bluetooth & devices > USB > USB4 Hubs and Devices," said Microsoft's Amanda Langowski and Brandon LeBlanc.