Security News

A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public. This group of packages grew from about 50 to at least 200 by March 21.

As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. The latest public message from the group on Wednesday announced that some of its members were taking a vacation until March 30.

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.

Researchers report a new version of the JSSLoader remote access trojan being distributed malicious Microsoft Excel addins. The latest campaign involving a stealthier new version of JSSLoader was observed by threat analysts at Morphisec Labs, who say the delivery mechanism is currently phishing emails with XLL or XLM attachments.

Microsoft has addressed a new known issue causing DNS stub zones loading failures that could lead to DNS resolution issues on Windows Server 2019 systems. DNS stub zones are copies of DNS zones containing resource records needed to determine the authoritative DNS servers for a specific zone and resolve names between separate DNS namespaces.

The trick to this particular campaign is that it conceals its complex malware behind a Microsoft Compiled HTML Help file, Microsoft's proprietary file format for help documentation saved in HTML. In other words, it's the kind of file you almost never look at or even think about. CHM files in a nested attack that prioritizes obfuscation.

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "Limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. Identity and access management company Okta, which also acknowledged the breach through the account of a customer support engineer working for a third-party provider, said that the attackers had access to the engineer's laptop during a five-day window between January 16 and 21, but that the service itself was not compromised.

Microsoft warns of destructive attacks by Lapsus$ cybercrime group. In a blog post published Tuesday, Microsoft provides insight into the group's tactics and techniques and offers tips on how to protect your organization from these attacks.

Microsoft says the Outlook PDF preview feature might be broken for some Microsoft 365 customers on systems where the company's PowerToys open-source toolset is also installed. According to Microsoft, one of the reasons this error is displayed is the PDF preview File Explorer add-on bundled with Microsoft PowerToys.

Microsoft has fixed a known Bluetooth issue causing some Windows 10 systems to crash with a blue screen of death after installing the January KB5009596 cumulative update. The list of affected Windows versions includes only client platforms: Windows 10 21H2, Windows 10 21H1, and Windows 10 20H2. "After installing KB5009596 or later updates, some organizations which have Windows devices paired to Bluetooth devices might receive an error message 'Your device ran into a problem and needs to restart.' with a blue screen and 'Stop code: IRQ NOT LESS OR EQUAL'," Microsoft explains.