Security News

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer's corporate account. "A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process," the Microsoft Security Response Center said in a post-mortem report.

Mistakes were made, lessons learned, stuff now fixed, says Windows maker Remember that internal super-secret Microsoft security key that China stole and used to break into US government email...

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer's corporate account. While investigating Storm-0558's attack, Microsoft found that the MSA key was leaked into a crash dump after a consumer signing system crashed in April 2021.

A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts. In ten months, security researchers discovered that W3LL's utilities and infrastructure were used to set up about 850 phishing that targeted credentials for more than 56,000 Microsoft 365 accounts.

A previously undocumented "Phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise attacks," Group-IB said in a report shared with The Hacker News.

Qualys's method for ranking these security holes took into account several factors, we're told, including the number of attackers known to exploit the vulnerability. Finally, more mature exploit code and inclusion in the US government's CISA list of top-exploited vulnerabilities will also boost a bug's rank on Qualys' index.

Microsoft has reminded users that TLS 1.0 and 1.1 will soon be disabled by default in Windows. SQL Server 2008 R2 finally dropped out of Extended Security Updates in July, although Microsoft has published instructions for adding TLS 1.2 support.

Microsoft reminded users that insecure Transport Layer Security 1.0 and 1.1 protocols will be disabled soon in future Windows releases. The original TLS 1.0 specification and its TLS 1.1 successor have been used for nearly two decades, with TLS 1.0 initially introduced in 1999 and TLS 1.1 in 2006).

Microsoft announced today that it will deprecate WordPad with a future Windows update as it's no longer under active development, though the company did not specify the precise timing of this change. "We recommend Microsoft Word for rich text documents like.doc and.rtf and Windows Notepad for plain text documents like.txt."

Microsoft has reminded customers that systems running Windows 11 21H2 will be force-updated before the end of servicing next month. Since Windows 11 21H2 devices will no longer receive security updates starting October 10, 2023, they will be updated to Windows 11 22H2 to continue receiving the latest updates, security updates, and improvements.