Security News

Microsoft says the North Korean-sponsored Lazarus threat group is trojanizing legitimate open-source software and using it to backdoor organizations in many industry sectors, such as technology, defense, and media entertainment. The list of open-source software weaponized by Lazarus state hackers to deploy the BLINDINGCAN backdoor includes PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer.

Microsoft next month will start phasing out Client Access Rules in Exchange Online - and will do away with this means for controlling access altogether within a year. CARs are being replaced with Continuous Access Evaluation for Azure Active Directory, which can apparently in "Near-real time" pick up changes to access controls, user accounts, and the network environment and enforce the latest rules and policies as needed, according to a notice this week from Microsoft's Exchange Team.

A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?". What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.

Microsoft announced today that it will retire Client Access Rules in Exchange Online within a year, by September 2023. CARs are sets of conditions, exceptions, actions, and priority values that allow Microsoft 365 admins to filter client access to Exchange Online based on many factors.

In the latest version of Windows 11, Microsoft is introducing a feature in its Microsoft Defender SmartScreen tool designed to keep passwords safer. The enhanced phishing protection automatically detects when a user types their password into an app or website and knows immediately whether the app or site has a secure connection to a trusted website.

Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. "Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices," said David Bélanger, a Senior Program Manager for Azure Virtual Desktop at Microsoft.

As it rolled out a laundry list of features in the latest version of Windows 11, namely version 22H2, this month, Microsoft has also detailed some of the added security mechanisms. Included among the features is Kernel Mode Hardware Enforced Stack Protection, with Rick Munck, cloud security solution architect at Microsoft, stressing its dependency on hypervisor-protected code integrity.

The changes in the latest release of the security configuration baseline touch on a range of areas, including hardware - which Microsoft has increasingly emphasized in recent years - drivers and printers as well as protections against credential theft and account lookout. The feature is part of a larger push Microsoft has been making for several years to more tightly integrate hardware and software security capabilities.

Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.

Microsoft says that KB5017383, this month's Windows preview update, has been accidentally listed in Windows Server Update Services and may lead to security update install problems in some managed environments. Such updates are optional and available for manual importing via Windows Updates and the Microsoft Update Catalog to avoid pushing untested releases into production.