Security News

Microsoft patches actively exploited Follina Windows zero-day
2022-06-14 18:00

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. "Microsoft recommends installing the updates as soon as possible," the company further urged customers in a post on the Microsoft Security Response Center.

Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws
2022-06-14 17:45

Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. Microsoft has fixed the widely-exploited Windows Follina MSDT zero-day vulnerability tracked as CVE-2022-30190 in the June 2022 Updates.

Microsoft: Exchange servers hacked to deploy BlackCat ransomware
2022-06-13 17:14

Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.

Microsoft helps prevent lateral movement from compromised unmanaged devices
2022-06-13 10:28

A new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent traffic flowing to and from unmanaged devices that have been compromised. "While devices enrolled in Microsoft Defender for Endpoint can be isolated to prevent bad actors from compromising other devices, responding to a compromised device not enrolled in Microsoft Defender for Endpoint can be a challenge for organizations today," noted Yossi Basha, Principal Product Manager, M365 Defender at Microsoft.

Microsoft starts rolling out Windows 11 File Explorer tabs
2022-06-09 21:43

Microsoft is finally rolling out the new File Explorer tabbed interface with the release of Windows 11 Insider Preview Build 25136 to the Dev Channel. "To help you work across multiple locations at the same time, the title bar of File Explorer now has tabs. We'd love your feedback on which tabs features you'd like to see next," the Windows Insider team said.

Microsoft Defender now isolates hacked, unmanaged Windows devices
2022-06-09 16:35

Microsoft has announced a new feature for Microsoft Defender for Endpoint to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.There's a catch: the new MDE capability works only with onboarded devices running Windows 10 and later or Windows Server 2019 and later.

Supply chain attacks will get worse: Microsoft Security Response Center boss
2022-06-09 02:30

Major supply-chain attacks of recent years - we're talking about SolarWinds, Kaseya and Log4j to name a few - are "Just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center. As the head of MSRC, Gupta has a unique vantage point.

Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability
2022-06-08 22:26

An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool, even as the Follina flaw continues to be exploited in the wild. The issue - referenced as DogWalk - relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a specially crafted ".

State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S
2022-06-07 05:27

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190. The payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named "Seller-notification[.]live."

Microsoft seizes 41 domains tied to Iranian phishing ring
2022-06-07 00:04

Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs. "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit.