Security News

Cisco's Talos team said 35% of incidents led back to Microsoft Exchange Server vulnerabilities reported early in 2021, but new ransomware families have been appearing to fill the Emotet hole, too. Cisco's Talos Intelligence Group has released its incident response trends report for spring 2021, and found that Microsoft Exchange Server vulnerabilities reported in early 2021 were the most detected incident over the past three months.

A recent Microsoft Teams update is causing a "Select a certificate" prompt to be displayed to Teams users before they can use the software. Microsoft has acknowledged the bug and is tracking the issue under the 'TM261228' advisory, where they state a recent update to the software is causing the problem.

Microsoft has finally shared a solution for game installation, update, and launch issues plaguing Xbox Game Pass users on Windows 10 for years. Gamers have reported encountering issues when trying games they got through the Xbox Game Pass video game subscription since at least 2019.

Microsoft and five other companies have received fines totaling US$75K from South Korea's Personal Information Protection Commission, for running afoul of local data protection laws. The Commission fined Microsoft 16.4 million won for failing to have protective measures on administrative accounts that led to the leak of over 119,000 email accounts, 144 of which belonged to South Korean residents.

Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency. The attacks had started towards the end of May when Microsoft security researchers observed a sudden increase in TensorFlow machine learning pod deployments.

Microsoft may have mistakenly leaked that the upcoming next generation of Windows 10 will move away from its current naming scheme and switch to a macOS scheme using geographic locations or development names. "Learn about managing applications in Windows 10 and Windows Sun Valley."

Despite a quick pivot to digital, most companies did not have a roll out plan: Since the speed of deployment was crucial to workplace productivity, 75% of organizations deployed Microsoft Teams without proper governance or security in place, leaving them vulnerable to internal and external threats. Consistent with the over 145 million daily active Teams users Microsoft recently announced, only 3% of companies do not leverage Teams today.

Microsoft's traditional Patch Tuesday saw the software giant release fixes for 50 flaws, and a reminder to apply updates as soon as possible because six of them are being exploited in the wild by miscreants. A maliciously crafted webpage or some other file can execute arbitrary code on the machine when opened and parsed by MSHTML, which is "Used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control," according to Microsoft.

ITC Secure announced it has joined the Microsoft Intelligent Security Association, an ecosystem of independent software vendors and managed security service providers that have integrated their solutions to better defend against a world of increasing threats. This announcement follows the recent successes of ITC achieving Microsoft Gold Partner competencies for Security in May 2021 and Cloud Platform in November 2020.

Microsoft jumped on 50 vulnerabilities in this month's Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows,. The six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution vulnerability.