Security News
Cybercriminals have been increasingly using a new phishing-as-a-service platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication protection. Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim's input and relays them to the legitimate service.
In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case...
ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security...
Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. "After March 20, 2024, you will not be able to access those Microsoft products or services, or any data stored in them." - Microsoft.
Microsoft has released emergency out-of-band updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. If you installed previous Windows Server updates, only the new updates in these packages will be downloaded and installed.
Microsoft is the subject of growing criticism in the US over allegations that its Bing search engine censors results for users in China that relate to sensitive subjects the state wants blocked. Republican Senator Marco Rubio has added his voice to criticism of the Redmond software giant for reportedly removing search results from Bing on human rights, democracy, climate change, and other sticky issues within China.
Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. The known issue impacts all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates.
As the digital wolves dress in sheep's tax forms, Microsoft has thrown a spotlight on a crafty 2024 phishing expedition, unraveled in January, that preys on the unsuspecting herd of early tax filers. The malicious email campaign, purporting to be employees' tax returns, contained an attachment that, when clicked, directs the user to a phony website that looks like a blurred spreadsheet, with a download documents button marked "Confidentials to users[dot]name[at] contoso[dot]com."
A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the...
Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. 1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor.