Security News

Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution. The Microsoft 365 Defender suite is used by security teams for coordinated threat protection in enterprise environments for protecting devices, identity, data, and applications.

A Microsoft root certificate is expiring at the end of this month, and Microsoft warns that removing it could cause problems with the operating system. Earlier this month, BornCity reported that the 'Microsoft Root Authority' certificate in Microsoft's Trusted Root Certification Authorities was expiring at the end of the month, on 12/31/20.

"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.

Microsoft has acknowledged a new issue impacting Windows 10 customers that might cause booting to fail on devices where the chkdsk tool has been used to repair logical file system errors. Chkdsk is a command-line utility that can be used to check a Windows device's volumes for file system and file system metadata logical and physical errors.

The ongoing, growing campaign is "Effectively an attack on the United States and its government and other critical institutions," Microsoft warned. There are six known federal entities that have been impacted by the attack: The Pentagon, the Department of Energy, the Department of Homeland Security, the National Institute of Health, the Department of Treasury and the Department of Commerce.

More high-profile organizations are named as victims of the cyber-espionage campaign that involved an attack on Texas-based IT management and monitoring company SolarWinds. Politico reported on Thursday that the U.S. Energy Department and National Nuclear Security Administration were also targeted in the attack.

Microsoft has confirmed that it, too, is among the companies who have downloaded the compromised SolarWinds Orion updates, but that they have isolated and removed them. "While investigations continue, Microsoft has identified and has been working this week to notify more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures," Smith said.

After the malicious Orion upgrades were installed on the systems of thousands of SolarWinds customers, Microsoft President Brad Smith said that the suspected Russian hacking group were able to "Pick and choose" targets of interest already compromised organizations. Based on information gathered while investigating the still ongoing hacking campaign, Microsoft has notified the over 40 organizations that were "Targeted more precisely and compromised through additional and sophisticated measures."

America's nuclear weapons agency was hacked by the suspected Russian spies who backdoored SolarWinds' IT monitoring software and compromised several US government bodies, and Microsoft was caught up in the same cyber-storm, too, it was reported Thursday. The Windows giant uses SolarWinds' network management suite Orion, downloads of which were secretly trojanized earlier this year so that when installed within certain targets - such as the US government departments of State, Treasury, Homeland Security, and Commerce - the malicious code's masterminds could slip into their victims' networks, execute commands, read emails, steal data, and so on.

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others." Characterizing the hack as "a moment of reckoning," Microsoft president Brad Smith said it has notified over 40 customers located in Belgium, Canada, Israel, Mexico, Spain, the UAE, the UK, and the US that were singled out by the attackers.