Security News

The Lapsus$ extortion gang briefly alleged over the weekend it had compromised Microsoft. "We are aware of the claims and are investigating," a Microsoft spokesperson told The Register on Monday.

Microsoft says they are investigating claims that the Lapsus$ data extortion hacking group breached their internal Azure DevOps source code repositories and stolen data. Early Sunday morning, the Lapsus$ gang indicated that they hacked Microsoft's Azure DevOps server by posting a screenshot on Telegram of alleged internal source code repositories.

Microsoft is investigating claims that an extortion-focused hacking group that has previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal Microsoft systems, according to a statement from the company.The hacking group, which goes by the self-designated name LAPSUS$, has successfully breached a wave of corporations recently. The group has so far not made any public demands against Microsoft. On Sunday, LAPSUS$ posted a screenshot of what appeared to be an internal Microsoft developer account to their Telegram channel. Shortly after posting the screenshot, an administrator of LAPSUS$’s Telegram channel deleted the image.

Microsoft has reminded Windows customers today that they'll finally retire the Internet Explorer 11 web browser from some Windows 10 versions in June and replace it with the new Chromium-based Microsoft Edge. After Internet Explorer is retired, Microsoft will still support legacy Internet Explorer-based websites and applications within Microsoft Edge via the built-in Internet Explorer mode feature.

Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers. For years, TrickBot has used IoT devices, such as routers, to act as a proxy between an infected device and command and control servers.

Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. In a new report today by cybersecurity firm AhnLab, researchers outline how the threat actors behind GhostCringe are targeting poorly secured database servers with weak account credentials and no oversight.

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. Following the surge of reports, Microsoft confirmed the Office updates were mistakenly marked as ransomware activity due to false positives.

Last November, Rajesh Ramamurthy, director of product management for Azure DevOps, announced plans to phase out support for TLS 1.0/1.1 because of the risk of protocol downgrade attacks and other TLS vulnerabilities outside Microsoft's control. TLS downgrade attacks aim to turn strong, more recent versions of TLS into weaker, earlier versions of the protocol to facilitate further exploitation.

Microsoft has begun testing promotions for some of its other products in the File Explorer app on devices running its latest Windows 11 Insider build. The new Windows 11 "Feature" was discovered by a Windows user and Insider MVP who shared a screenshot of an advertisement notification displayed above the listing of folders and files to the File Explorer, the Windows default file manager.

Microsoft has removed the last Windows 11 safeguard hold after Oracle addressed a known VirtualBox issue causing errors and virtual machine start failures when Hyper-V or the Windows Hypervisor were installed. Safeguard holds prevent users from upgrading to Windows 11 to protect their systems against potential upgrade issues, in this case, software instability caused by compatibility issues between Windows and VirtualBox.