Security News

Microsoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization's environment that attackers could use to breach their networks. Dubbed Microsoft Defender External Attack Surface Management, this new product provides customers with an overview of their businesses' attack surface, making it simpler to discover vulnerabilities and block potential attack vectors.

Microsoft Defender Experts for Hunting, a new managed security service for Microsoft 365 Defender customers, is now generally available. Microsoft's security experts will use Defender data for threat investigation and to provide customers with remediation instructions, as well as help deploy threat hunting across all Microsoft 365 Defender products within hours, according to Redmond.

Microsoft says the Outlook email client will crash when opening and reading emails with tables such as Uber receipt emails. "When opening, replying, or forwarding some emails that include complex tables, Outlook stops responding," the company explains in a support document.

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a.LNK files to other devices in the target network.

Vade announced its H1 2022 Phishers' Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks. With 11,041 unique phishing URLs, Microsoft is the top target for brand impersonation.

Another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There's an entire industry devoted to undermining all of our security.

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics. "On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections," Microsoft revealed Thursday.

With Microsoft taking steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures. In its place, adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut files in campaigns to distribute malware.

A cyber mercenary that "Ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor, is an Austria-based outfit called DSIRF that's linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero, which can be used to hack targets' phones, computers, and internet-connected devices.

Microsoft has released the first preview build of Windows 10, version 22H2, to Windows Insiders for enterprise testing before the general release later this year. "Commercial devices configured for the Release Preview Channel via the Windows Insider Program Settings page or via Windows Update for Business policy, whether through Microsoft Intune or through Group Policy, will automatically be offered Windows 10, version 22H2 as an optional update."