Security News

Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application appears to have been present in the Microsoft Store since October 19 but the cryptocurrency theft started being reported just a couple of days ago.

It mandates privileged admin accounts to complete MFA when accessing Microsoft admin portals such as Azure, Microsoft 365 admin center, and Exchange admin center. Admins can choose to opt out of the policy despite the warning, but Microsoft said in the future it will place an increasing number of MFA requirements on specific interactions regardless.

In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. Outlook.com users impacted by this known issue are seeing "Error code 550 5.7.520 Message blocked" errors when trying to send emails.

Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. Microsoft Authenticator is an app that provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts.

As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID to increase the use of multifactor authentication for enterprise accounts. Microsoft Entra Conditional Access policies are built with the current threat landscape in mind and with the objective to "Automatically protect tenants based on risk signals, licensing, and usage."

Microsoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365,...

Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defenses. The long and short of it is that Microsoft is pushing the big AI button a few more times, more deeply embedding the tech throughout its security operations and products.

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. ZDI-23-1578 - A remote code execution flaw in the 'ChainedSerializationBinder' class, where user data isn't adequately validated, allowing attackers to deserialize untrusted data.

Nearly 22 years after Bill Gates announced a concerted Microsoft-wide push to deliver Trustworthy Computing, the company is launching the Secure Future Initiative, to boost the overall security of Microsoft's products and its customers and users. "In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," says Brad Smith, Vice Chair and President of Microsoft.

Microsoft announced today the 'Secure Future Initiative,' pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats. "In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," said Microsoft President Brad Smith.