Security News

Microsoft has added a new safeguard hold blocking Windows 11 upgrades for Windows 10 customers who don't import their Internet Explorer 11 data into Microsoft Edge before trying to install the newest Windows version. "After upgrading to Windows 11, saved information and data from Internet Explorer 11 might not be accessible if you did not accept to import it into Microsoft Edge before the upgrade," Microsoft explained in the Windows health dashboard.

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page. The phishing attack begins with phishing emails generated on the Calendly platform that inform the recipient they received new Fax documents.

SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks. Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.

Google Chrome and Microsoft Edge have been updated to patch a security flaw an exploit for which is said to be in the wild. Chromium is at the heart of Google Chrome as well as Microsoft Edge.

The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.The ongoing IcedID campaign was discovered this month by researchers at Intezer, who have shared their findings with Bleeping Computer prior to publication.

Lapsus$ gang says it has breached Okta and MicrosoftAfter breaching NVIDIA and Samsung and stealing and leaking those companies' propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta. How to become a passwordless organizationIn this interview with Help Net Security, Den Jones, CSO at Banyan Security, explains the benefits of implementing passwordless authentication and the process every organization has to go through when deploying such technology.

Microsoft says Windows 7 recovery discs created using the Control Panel Backup and Restore app will fail to start after installing Windows updates released since January 11, 2022. While Microsoft did not explain why this happens, it said the recovery discs would work on systems where the problematic updates weren't installed.

A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public. This group of packages grew from about 50 to at least 200 by March 21.

As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. The latest public message from the group on Wednesday announced that some of its members were taking a vacation until March 30.