Security News

The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.The ongoing IcedID campaign was discovered this month by researchers at Intezer, who have shared their findings with Bleeping Computer prior to publication.

Lapsus$ gang says it has breached Okta and MicrosoftAfter breaching NVIDIA and Samsung and stealing and leaking those companies' propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta. How to become a passwordless organizationIn this interview with Help Net Security, Den Jones, CSO at Banyan Security, explains the benefits of implementing passwordless authentication and the process every organization has to go through when deploying such technology.

Microsoft says Windows 7 recovery discs created using the Control Panel Backup and Restore app will fail to start after installing Windows updates released since January 11, 2022. While Microsoft did not explain why this happens, it said the recovery discs would work on systems where the problematic updates weren't installed.

A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public. This group of packages grew from about 50 to at least 200 by March 21.

As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. The latest public message from the group on Wednesday announced that some of its members were taking a vacation until March 30.

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.

Researchers report a new version of the JSSLoader remote access trojan being distributed malicious Microsoft Excel addins. The latest campaign involving a stealthier new version of JSSLoader was observed by threat analysts at Morphisec Labs, who say the delivery mechanism is currently phishing emails with XLL or XLM attachments.

Microsoft has addressed a new known issue causing DNS stub zones loading failures that could lead to DNS resolution issues on Windows Server 2019 systems. DNS stub zones are copies of DNS zones containing resource records needed to determine the authoritative DNS servers for a specific zone and resolve names between separate DNS namespaces.

The trick to this particular campaign is that it conceals its complex malware behind a Microsoft Compiled HTML Help file, Microsoft's proprietary file format for help documentation saved in HTML. In other words, it's the kind of file you almost never look at or even think about. CHM files in a nested attack that prioritizes obfuscation.

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "Limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. Identity and access management company Okta, which also acknowledged the breach through the account of a customer support engineer working for a third-party provider, said that the attackers had access to the engineer's laptop during a five-day window between January 16 and 21, but that the service itself was not compromised.