Security News

A phishing operation compromised over one hundred UK National Health Service employees' Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky. During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to 139 NHS employees in England and Scotland.

For about half a year, work email accounts belonging to over 100 employees of the National Health System in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.

Microsoft has warned Windows 11 users that they might experience issues launching and using some. Affected apps use optional components such as Windows Workflow and Windows Communication Foundation.

A cyber-spy group is targeting Microsoft Exchange deployments to steal data related to mergers and acquisitions and large corporate transactions, according to Mandiant. The infosec giant's researchers have dubbed the cyber-espionage threat group UNC3524.

Microsoft has made a standalone version of Microsoft Defender for Business generally available, aimed at customers not keen on paying for one of its subscriptions. The product is already bundled with Microsoft 365 Business Premium but can now be picked up as a standalone product for $3 per user per month, as we reported from Ignite late last year.

Microsoft says that its enterprise-grade endpoint security for small to medium-sized businesses is now generally available as a standalone solution.Known as Microsoft Defender for Business, this product is designed for SMBs with up to 300 employees who need protection against malware, phishing, and ransomware attacks on Windows, macOS, iOS, and Android devices.

Microsoft has addressed a newly acknowledged known issue that caused flickering screen problems and made some Windows apps seem unstable in Safe Mode without Networking. "Devices experiencing this issue can log a System error on the Windows Event Log, with Source 'Winlogon' and the following description: 'The shell stopped unexpectedly and explorer.exe was restarted'," Microsoft explained.

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. DesertBlade, also a data wiper, is said to have been launched against an unnamed broadcasting company in Ukraine on March 1.

Microsoft appears to be planning a VPN-like solution for its Edge browser judging by a support page for the upcoming feature. The change is described as a "Preview feature." It has yet to show up on our Canary and Dev versions of Microsoft's browser, however.

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," Microsoft Security Response Center said.