Security News

The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications macros by default across its products. Calling the new activity a "Departure" from the group's typical behavior, ProofPoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now "Engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns."

The San Diego Supercomputer Center in the US is ditching its lead-acid uninterruptible power supply batteries for more environmentally friendly rechargeables - though it's avoiding lithium-ion, and going with a new form of rechargeable alkaline. Currently, the SDSC relies on a generator and UPS to provide emergency power.

A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon. From there, the threat actors perform network reconnaissance, steal admin account credentials, exfiltrate valuable data, ultimately deploying the file-encrypting payload. The details come from security and analytics company Varonis, who was called in to investigate a ransomware attack on one of its customers.

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money," Amy Hogan-Burney, general manager of Microsoft's Digital Crimes Unit, said.

Microsoft announced today that the 30-year-old SMBv1 file-sharing protocol is now disabled by default on Windows systems running the latest Windows 11 Home Dev channel builds, the last editions of Windows or Windows Server that still came with SMBv1 enabled. Redmond first announced plans to disable SMBv1 in most versions of the Windows operating system in June 2017 after first disabling it for internal builds of Windows 10 Enterprise and Windows Server 2016.

Microsoft will pay more - up to $26,000 more - for "High-impact" bugs in its Office 365 products via its bug bounty program. The new "Scenario-based" payouts to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program aim to incentivize bug hunters to focus on finding vulnerabilities with "The highest potential impact on customer privacy and security," Microsoft said late last week.

Microsoft has reminded customers earlier this week that Microsoft Office 2013 is approaching its end of support next year, advising them to switch to a newer version to reduce their exposure to security risks. "After five years of Mainstream Support, and five years of Extended Support, Office 2013 will reach the End of Extended Support on April 11, 2023. Per the Fixed Lifecycle Policy, after this date security updates for Office 2013 will no longer be available," Microsoft told customers.

Sandworm hackers tried to disrupt Ukraine's power gridThe Computer Emergency Response Team of Ukraine, with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried to shut down electrical substations run by an energy provider in Ukraine. How to improve enterprise password security?In this video for Help Net Security, Darren Siegel, Product Specialist at Specops Software, talks about the importance of password security and what makes them vulnerable.

Three days have passed since Microsoft's latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. CVE-2022-26809 is a remote code execution vulnerability in Microsoft Remote Procedure Call runtime and affects a wide variety of Windows and Windows Server versions.