Security News
Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.
Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.
Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control servers located in China. The driver, called "Netfilter," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "The actor's goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere."
Microsoft is investigating an incident where a threat actor submitted malicious drivers for certification through the Windows Hardware Compatibility Program. "We have seen no evidence that the WHCP signing certificate was exposed. The infrastructure was not compromised," Microsoft says.
Microsoft on Friday admitted it had signed malicious third-party driver code submitted for certification through its Windows Hardware Compatibility Program. According to Microsoft, the miscreant behind the subverted driver was focused on computer game players in China, and is not the sort of nation-state-backed group that has been giving Microsoft and its enterprise customers headaches over the past few months.
The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft's corporate networks to gain access to specific organizations - primarily, U.S.-based IT and government organizations. Microsoft officially announced the attacks after Reuters obtained an email sent to customers which explained that the threat group Nobelium stole customer-service-agent credentials to gain access and launch attacks against Microsoft customers.
Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit. G DATA malware analyst Karsten Hahn first noticed the rootkit, publicly posting the find on June 17 and simultaneously reaching out to Microsoft.
Microsoft says it has observed new activity associated with Nobelium, the Russia-linked threat actor that compromised IT management and monitoring solutions provider SolarWinds. The SolarWinds attack was brought to light in early December 2020 and it involved compromising SolarWinds' Orion monitoring product to deliver trojanized updates to the company's customers worldwide, in an effort to breach their networks.
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506, the weakness stems from a universal cross-site scripting issue that's triggered when automatically translating web pages using the browser's built-in feature via Microsoft Translator.
Later this year or early next, Windows 11 will begin rolling out to new and existing devices with a range of new features and major design improvements. Windows 11 is technically Windows 10 with rounded corners, a new modern design and Fluent icons.