Security News

Today is Microsoft's September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. Five of the 63 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.

Reports of such malicious events can come from a range of sources and those that are identified by security event and incident management and extended detection and response systems are automatically collected into alerts, which then become incidents. Given that, Microsoft is introducing a feature to Sentinel to enable security analysts to manually create an incident report and the ability to manually delete the incident if needed.

A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs.The new attack scenario, shared exclusively with BleepingComputer, illustrates how attackers can string together numerous Microsoft Teams vulnerabilities and flaws to abuse legitimate Microsoft infrastructure to deliver malicious files, commands, and perform exfiltrating data via GIFs.

"This issue only affects devices after adding a Microsoft account. It does not affect Active Directory domain users accounts or Azure Active Directory accounts." Microsoft says it addressed this issue via Known Issue Rollback, a Windows capability designed to revert buggy Windows non-security fixes pushed through Windows Update.

Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems. This aligns with Microsoft's findings that DEV-0270 uses BitLocker, a data protection feature that provides full volume encryption on devices running Windows 10, Windows 11, or Windows Server 2016 and above.

Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "Form of moonlighting" for personal gain. "DEV-0270 leverages exploits for high-severity vulnerabilities to gain access to devices and is known for the early adoption of newly disclosed vulnerabilities," Microsoft said.

Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them. Chat in Microsoft's forums, helped along by a volunteer expert, diagnosed the issue as a false positive produced by Windows Defender, possibly due to recent browser updates somehow confusing matters.

A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive. The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.

The new Microsoft Edge 105 is not starting for many Windows users due to a deprecated group policy used to disable reporting of usage and crash-related data to Microsoft. On Thursday, Microsoft Edge 105 was released with numerous enhancements, including enhanced security mode improvements and new group policies.

Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022."Since our first announcement nearly three years ago, we've seen millions of users move away from basic auth, and we've disabled it in millions of tenants to proactively protect them. We're not done yet though, and unfortunately usage isn't yet at zero. Despite that, we will start to turn off basic auth for several protocols for tenants not previously disabled," the Exchange Team said today.