Security News

An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "Unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021.

Digital Guardian announced the availability of its endpoint DLP visibility and security controls for Microsoft Teams. "With Digital Guardian's Endpoint DLP now integrated with Microsoft Teams, enterprise organizations can apply our proven enterprise DLP to their Teams environment, helping to prevent inadvertent or malicious data loss," said Digital Guardian Chief Executive Officer Mordecai Rosen.

The bug is in Hyper-V's network switch driver and affects Windows 10 and Windows Server 2012 through 2019. The two researchers found the bug together and disclosed it privately to Microsoft.

Microsoft has extendend the phishing protection offered by Microsoft Defender for Office 365's Safe Links feature to Microsoft Teams. On Monday, the company announced that the Safe Links feature will now be available for Microsoft Teams - if the customers also use Microsoft Defender for Office 365.

EMQ announced that EMQ X Cloud is now available on Microsoft Azure. EMQ X Cloud is a fully managed MQTT service built on the worldwide used open-source MQTT broker - EMQ X, which has more than 10 million downloads and hundreds of thousands of deployments around the globe.

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller. Microsoft is sounding an alert about a threat against Windows domain controllers that would allow attackers to capture NTLM credentials and certificates.

Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks. "With today's announcement, organizations with Microsoft Defender for Office 365 can further protect Microsoft Teams users from malicious phishing attacks that are often orchestrated using weaponized URLs," Microsoft said.

To address this increased security exposure, Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. "We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios," Microsoft said.

Microsoft was quick to respond with a fix to an attack dubbed "PetitPotam" that could force remote Windows systems to reveal password hashes that could then be easily cracked. The PetitPotam PoC is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system.

If you want people to trust the photos and videos your business puts out, it might be time to start learning how to prove they haven't been tampered with. Microsoft has a quiz you can take to see if you can spot deepfakes yourself; that's less a training tool and more an attempt to increase awareness and media literacy.