Security News

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a.LNK files to other devices in the target network.

Vade announced its H1 2022 Phishers' Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks. With 11,041 unique phishing URLs, Microsoft is the top target for brand impersonation.

Another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There's an entire industry devoted to undermining all of our security.

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics. "On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections," Microsoft revealed Thursday.

With Microsoft taking steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures. In its place, adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut files in campaigns to distribute malware.

A cyber mercenary that "Ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor, is an Austria-based outfit called DSIRF that's linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero, which can be used to hack targets' phones, computers, and internet-connected devices.

Microsoft has released the first preview build of Windows 10, version 22H2, to Windows Insiders for enterprise testing before the general release later this year. "Commercial devices configured for the Release Preview Channel via the Windows Insider Program Settings page or via Windows Update for Business policy, whether through Microsoft Intune or through Group Policy, will automatically be offered Windows 10, version 22H2 as an optional update."

Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies rented through online proxy services. To steal a device's bandwidth, the threat actors install software called 'proxyware' that allocates a device's available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research.

Threat actors are finding their way around Microsoft's default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The beginning of the decrease coincided with Microsoft's plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year.

Microsoft is investigating an ongoing incident impacting administrators in North America who report seeing blank pages and 404 errors when trying to access the Microsoft 365 admin center.This outage could affect any admin in North America, as the company revealed on the Microsoft 365 Service health status page.