Security News

Microsoft is working on a built-in VPN functionality for the Edge browser called 'Edge Secure Network', but there's a catch - it is not a proper replacement for your VPN. Edge's Secure Network is powered by Cloudflare - one of the most trusted DNS hosts in the industry - and it aims to protect your device and sensitive data as you browse. The feature is in the early stage of development available to select users in Edge Canary and it's not a full-fledged VPN service offered in rival browsers like Opera.

Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," the Microsoft Security Response Center team explained today.

At least six Russian Advanced Persistent Threat actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating.

Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, say Microsoft researchers. It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire.

Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian-backed hacking groups targeting infrastructure and Ukrainian citizens. Microsoft has also observed a direct link between cyberattacks and military operations, with the timing between hacking attempts and breaches closely matching that of missile strikes and sieges coordinated by the Russian military.

Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called "Nimbuspwn," the flaws "Can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution," Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a report.

The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications macros by default across its products. Calling the new activity a "Departure" from the group's typical behavior, ProofPoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now "Engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns."

The San Diego Supercomputer Center in the US is ditching its lead-acid uninterruptible power supply batteries for more environmentally friendly rechargeables - though it's avoiding lithium-ion, and going with a new form of rechargeable alkaline. Currently, the SDSC relies on a generator and UPS to provide emergency power.

A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon. From there, the threat actors perform network reconnaissance, steal admin account credentials, exfiltrate valuable data, ultimately deploying the file-encrypting payload. The details come from security and analytics company Varonis, who was called in to investigate a ransomware attack on one of its customers.

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.