Security News
Microsoft says Windows customers might find that some of their files are not deleted after resetting their Windows devices with the "Remove everything" option. "When attempting to reset a Windows device with apps which have folders with reparse data, such as OneDrive or OneDrive for Business, files which have been downloaded or synced locally from OneDrive might not be deleted when selecting the 'Remove everything' option," Microsoft explains on the Windows health dashboard.
As for its endgame, CPR researchers described the newly discovered and analyzed Electron Bot backdoor as "a modular SEO-poisoning malware" used "For social-media promotion and click fraud." Electron Bot can also promote online products: another way to generate PPC revenue or increase a store's rating for higher sales.
The Cuba ransomware operation is exploiting Microsoft Exchange vulnerabilities to gain initial access to corporate networks and encrypt devices. Cybersecurity firm Mandiant tracks the ransomware gang as UNC2596 and the ransomware itself as COLDDRAW. However, the ransomware is more commonly known as Cuba, which is how BleepingComputer will reference them throughout this article.
A sophisticated phishing campaign directed at a "Major, publicly traded integrated payments solution company located in North America" made use of DocuSign and a compromised third party's email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous emails around the company, with the goal of stealing Microsoft login credentials, researchers at Armorblox revealed.
A malware named Electron Bot has found its way into Microsoft's Official Store through clones of popular games such as Subway Surfer and Temple Run, leading to the infection of roughly 5,000 computers in Sweden, Israel, Spain, and Bermuda. The operation was first discovered at the end of 2018 when an early Electron Bot variant was submitted to the Microsoft Store as "Album by Google Photos," published by a spoofed Google LLC entity.
Microsoft Defender's tentacles have spread to include the Google Cloud Platform and beefed up visibility with a public preview of CloudKnox Permissions. The addition of GCP was a while coming after Microsoft confirmed the arrival of Defender for Cloud on Amazon Web Services at its Ignite event in November.
In recent years, Microsoft's security offerings have shifted from security for Microsoft products and services to security from Microsoft for the full range of products and services an enterprise needs to protect. Last year Microsoft Defender for Cloud added features for managing and monitoring security settings on AWS as well as on Azure; now it covers GCP as well, with a dashboard showing your security settings and whether you're following best practices across all three clouds.
Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform environments, providing security recommendations and threat detection across clouds. Defender for Cloud is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.
Microsoft, Apple and Google top the list of the most spoofed brands in 2021. Microsoft, Apple and Google were the top three brands criminals attempted to mimic in 2021, according to IBM's newly released X-Force Threat Intelligence Index.
A Data Protection Impact Assessment has been published by a Dutch ministry, noting that Microsoft still has work to do if the country's institutions are to use the company's products without all manner of mitigations. The DPIA - issued by the Netherland's department of Justice and Security - focused on Teams, OneDrive, Sharepoint and Azure Active Directory and was conducted by SLM Rijk, the central negotiator for Microsoft, Google and AWS for Dutch government organisations, and by SURF, the central IT procurement organisation for Dutch universities.