Security News

A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide using a new PowerShell-based stealer dubbed PowerShortShell by security researchers at SafeBreach Labs. They target Windows users with malicious Winword attachments that exploit a Microsoft MSHTML remote code execution bug tracked as CVE-2021-40444.

Microsoft has quietly added a 'Super Duper Secure Mode' to the Microsoft Edge web browser, a new feature that brings security improvements without significant performance losses. Users can enable Super Duper Secure Mode after upgrading Edge to stable version 96.0.1054.29 or later, and they can toggle between Balanced and Strict modes for different levels of security increase.

Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 and was patched by Microsoft during this month's Patch Tuesday.

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet FortiOS vulnerabilities dating back to March 2021 as well as a remote code execution flaw affecting Microsoft Exchange Servers since at least October 2021, according to the U.S. Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the Australian Cyber Security Centre, and the U.K.'s National Cyber Security Centre.

Microsoft released Windows 10 21H2, the November 2021 Update, last week and you can now download an ISO image for the new version to put aside for emergencies or clean installs. If you plan on upgrading to the new version of Windows it is always recommended that you download or create an ISO to have on hand for troubleshooting problems or performing clean installs of Windows.

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. TrendMicro researchers have discovered an interesting tactic used of distributing malicious email to a company's internal users using the victim's compromised Microsoft exchange servers.

Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection.Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with automated attack remediation and defends them from various threats, including business email compromise and credential phishing.

Microsoft has fixed a recently confirmed Windows 11 issue in a newly released build for Windows Insiders in the Beta and Release Preview channels. This issue would prevent apps from opening on multiple client and server Windows versions after being repaired or updated using the Windows Installer system tool.

Microsoft has added new security features for Microsoft Authenticator users that further secure the app and make it easier to roll out in enterprise environments.Microsoft Authenticator is an authentication tool that helps users log into their accounts using 2FA, passwordless sign-in, or password autofill.

Microsoft has confirmed a new known issue impacting client and server Windows versions that breaks apps after updating or repairing them using the Windows Installer. This issue affects systems where Windows users have installed cumulative updates released during this month's Patch Tuesday.