Security News

This article provides two ways you can download the latest Windows 10 ISO images from Microsoft. Microsoft recommends using their Windows 10 Media Creation Tool to download the latest ISO image or create a bootable USB drive.

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its...

Microsoft acknowledged Thursday that attackers who spearheaded a massive hack of government and private computer networks gained access to its internal "source code," a key building block for its...

The threat actors behind the SolarWinds attack could breach internal Microsoft accounts to view the source code for Microsoft products. [...]

Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. As the Microsoft 365 Defender Team explains, after infiltrating a target's network with the help of the Sunburst backdoor, the attackers' goal is to gain access to the victims' cloud assets.

Google Project Zero has disclosed a Windows zero-day vulnerability caused by the improper fix for CVE-2020-0986, a security flaw abused in a campaign dubbed Operation PowerFall. Tracked as CVE-2020-17008, the new vulnerability was reported to Microsoft on September 24.

"CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment," the US federal agency said. Sparrow checks the unified Azure/M365 audit log for indicators of compromise, lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions to discover potential malicious activity.

The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "Abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago. The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.

Microsoft is believed to be working on a new virtualized desktop experience called 'Cloud PC' to help administrators deploy and manage Windows 10 PCs in the cloud via web browser, mobile app or another PC. Cloud PC will also allow Microsoft to handle your organization's device configuration by applying updates security improvements regularly, and offer managed support. Cloud PC is based on Azure and Windows Virtual Desktop and it won't replace any version of Windows.

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," Microsoft 365 research team said on Friday in a post detailing the Sunburst malware.