Security News

Microsoft says Iranian-backed hacking groups have increasingly attempted to compromise IT services companies this year to steal credentials they could use to breach the systems of downstream clients. According to security analysts at Microsoft Threat Intelligence Center and Digital Security Unit, this activity is part of a wider espionage objective to compromise entities of interest to the Iranian regime.

Microsoft has started rolling out the Windows 11 upgrade to more eligible Windows 10 devices faster after not detecting update experience issues during the first rollout phases. Microsoft released Windows 11 on October 5 and is now rolling it out to eligible Windows 10 devices via Windows Update.

Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat actors affiliated with the West Asian country have been discovered deploying ransomware to achieve their strategic objectives, researchers from Microsoft Threat Intelligence Center revealed, adding "These ransomware deployments were launched in waves every six to eight weeks on average."

"FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware," CISA said. The Iranian state hackers focus their attacks on US critical infrastructure sectors and Australian organizations.

I received email from two people who told me that Micorosoft Edge enabled synching without warning or consent, which means that Micorosoft sucked up all of their bookmarks. Of course they can turn synching off, but it's too late.

Microsoft is now rolling out a new media player that matches Windows 11's look and feel as a replacement for the Windows 10 Groove Music and the legacy Windows Media Player app. The rollout started Tuesday, with the new player to be automatically installed as an update through the Microsoft Store to Windows Insiders in the Dev Channel.

The Microsoft Threat Intelligence Center has presented an analysis of the evolution of several Iranian threat actors at the CyberWarCon 2021, and their findings show increasingly sophisticated attacks. Since September 2020, Microsoft has been tracking six Iranian hacking groups deploying ransomware and exfiltrating data to cause disruption and destruction for victims.

Microsoft has introduced an AI-driven ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by evaluating risks and blocking actors at the perimeter. As human-operated ransomware attacks are characterized by a specific set of methods and behaviors, Microsoft believes that they can use a data-driven AI approach to detect these types of attacks.

Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers running supported versions of Windows Server. These issues affect systems running Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. The emergency updates address "a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self," a Microsoft announcement explained on Sunday.

An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft's management controls for Azure Cosmos DB - with full read and write privileges over customer databases. The so-called ChaosDB vuln gave Wiz researchers "Access to the control panel of the underlying service" that hosts Azure Cosmos, Microsoft's managed cloudy document database service, they said.