Security News

STEALTHbits, a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data, announced a free program designed to help organizations mitigate the risks of operational outage associated with Microsoft's pending update to Active Directory slated for March 2020. Microsoft is recommending organizations enable the LDAP channel binding and LDAP signing features they will enforce by default in March before the update is provided, as a means by which to identify systems, applications, and other devices that will be incompatible with the more secure configuration.

Microsoft is offering rewards of up to $20,000 for finding vulnerabilities in its Xbox gaming platform through its latest bug bounty program unveiled this week. The Xbox Bounty Program is open to gamers, security researchers and basically anyone who can help the tech giant identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team, Chloé Brown, a Microsoft Security Response Center program manager, said in a blog post Thursday.

Gamers, security researchers, and technologists have been invited to identify security vulnerabilities in Xbox network and services and report them to Microsoft. Microsoft runs a number of bug bounty programs and has now decided that their Xbox offerings need extra attention from security researchers.

According to the confidential document, at least 42 U.N. servers were compromised in Geneva and Vienna, potentially exposing staff personnel data and sensitive documents for other organizations collaborating with the U.N. "Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report implies that internal documents, databases, emails, commercial information and personal data may have been available to the intruders - sensitive data that could have far-reaching repercussions for staff, individuals and organisations communicating with and doing business with the U.N.," Ben Parker, with The New Humanitarian, said on Wednesday. Servers in three separate locations were compromised: the U.N. office at Vienna; the U.N. office at Geneva; and the U.N. Office of the High Commissioner for Human Rights headquarters, also in Geneva.

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. According to a report researchers shared with The Hacker News, the first security vulnerability is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents. "We don't know why specifically these countries, the attackers simply hardcoded these countries in the malware. The attackers had complete control of the compromised systems. The purpose of the campaigns were cyber espionage," Rascagneres said.

Microsoft this week announced the availability of Azure Security Benchmark v1, a collection of more than 90 security best practices recommendations for Azure customers. ASB, Microsoft says, was designed to improve the consistency of security documentation for Azure services by creating a framework containing all recommendations for Azure services, in the same format.

Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. Once alerted, Microsoft quickly closed the hole, investigated the breach, communicated to customers, and graciously thanked the security researchers.

Microsoft accidentally internet-exposed for three weeks 250 million customer support records stored in five misconfigured Elasticsearch databases. Microsoft says the investigation had not uncovered signs of malicious use, and it noted that most of the personal data that had been exposed was redacted.

Microsoft has today announced a data breach that affected one of its customer databases. The company informed Microsoft, and Microsoft quickly secured the data.