Security News

Microsoft says its new endpoint security solution for small and medium-sized businesses known as Microsoft Defender for Business has hit general availability. It has started rolling out to new and existing Microsoft 365 Business Premium customers worldwide starting today, March 1st. Microsoft Defender for Business helps companies with up to 300 employees defend against cybersecurity threats, including malware, phishing, and ransomware in environments with Windows, macOS, iOS, and Android devices.

Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center, noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery.

Microsoft shared info on a now-fixed known issue leading to Local Security Authority Subsystem Service crashes and Windows Server domain controller. As Microsoft explains in a new entry added to the Window Health dashboard, unexpected restarts are triggered on Windows Servers domain controllers after installing updates released during the January 2021 Patch Tuesday.

Phishing emails to Microsoft users warning of Moscow-led account hacking have started to make the rounds, looking to lift credentials and other personal details. That's according to Malwarebytes, which uncovered a spate of spam email that name-checks Russian hacking efforts.

Microsoft is decrying what it calls the "Tragic, unlawful and unjustified invasion of Ukraine" by Russia, and vowed to continue protecting the country from cyberattacks and state-sponsored disinformation campaigns. The software giant added it will support humanitarian efforts as Ukrainians try to fend off an invading Russian army and as hundreds of thousands flee Ukraine into such neighbors as Poland, Romania, and Moldova.

Microsoft said that Ukrainian networks were targeted with recently found malware several hours before Russia's invasion of Ukraine on February 24th. Researchers with the Microsoft Threat Intelligence Center observed destructive attacks targeting Ukraine and spotted a malware strain they named FoxBlade. "We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package, and provided technical advice on steps to prevent the malware's success."

Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th. Researchers with the Microsoft Threat Intelligence Center observed destructive attacks targeting Ukraine and spotted a new malware strain they dubbed FoxBlade. "Several hours before the launch of missiles or movement of tanks on February 24, Microsoft's Threat Intelligence Center detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure," Microsoft President and Vice-Chair Brad Smith said.

A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control domain used in recent campaigns.

The ransomware gang known as "Cuba" is increasingly shifting to exploiting Microsoft Exchange vulnerabilities - including ProxyShell and ProxyLogon - as initial infection vectors, researchers have found. At the time, the FBI noted that the Cuba ransomware is distributed using a first-stage implant that acts as a loader for follow-on payloads: the Hancitor malware, which has been around for at least five years.

Microsoft says Windows Server security updates released on and since the January 2022 Patch Tuesday might prevent applications and network appliances from creating Netlogon secure channels if installed on domain controllers. Netlogon is a remote procedure call interface and Windows Server process that authenticates services and users on Windows domain-based networks.