Security News

Data-stealing spyware disguised as a banking rewards app is targeting Android users, Microsoft's security team has warned. The Microsoft threat hunters' investigation began after receiving a text message claiming to be from India's ICICI bank's rewards program.

Microsoft and Canonical have teamed up to add systemd support to the Windows Subsystem for Linux, allowing a larger number of compatible apps to be installed. As systemd is responsible for launching all other services, it runs as the first process created by the Linux kernel on startup.

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. "The unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server."

Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint for better defense against ransomware attacks.Once toggled on, it locks Microsoft Defender Antivirus to secure default values and will prevent any security settings changes.

An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents. The lure in these phishing emails is a request for bids for lucrative government projects, taking them to phishing pages that are clones of legitimate federal agency portals.

Microsoft is investigating a known issue affecting Outlook for Microsoft 365 users and preventing them from creating Teams meetings using the app's ribbon menu. The Teams Meeting add-in, as its name says, can be found in the Calendar view and it enables Outlook users to schedule a Teams meeting from Outlook.

VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. On Friday evening, Microsoft warned about an "Ongoing wide-ranging click fraud campaign" attributed to a threat actor tracked as DEV-0796 using Chromeloader to infect victims with various malware.

The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been correctly set. Discovered by Bobby Rauch, the GIFShell attack technique enables bad actors to exploit several Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and other network monitoring tools.

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend.

Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information and in some cases, passwords, to Google and Microsoft respectively. In cases where Chrome Enhanced Spellcheck or Edge's Microsoft Editor were enabled, "Basically anything" entered in form fields of these browsers was transmitted to Google and Microsoft.