Security News

Microsoft has enabled a fix for a Kernel information disclosure vulnerability by default for everyone after previously disabling it out of concerns it could introduce breaking changes to Windows. While it is not believed to have been exploited in the wild, Microsoft initially released the security update with the fix disabled, warning that it could cause breaking changes in the operating system.

Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security's Cyber Safety Review Board. The decision to investigate the July Outlook intrusion, and cloud security more broadly, was welcomed by senator Ron Wyden, who last week blamed Microsoft for its failure to protect cloud accounts belonging to US government officials and called for the CSRB to investigate the incident.

Fifteen bugs in Codesys' industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed. In a report and more published on GitHub, Microsoft threat intel specialist Vladimir Tokarev says the Windows giant - no stranger to security holes, cough - disclosed details of vulnerabilities in the Codesys V3 SDK to the Germany-based vendor in September 2022.

The Department of Homeland Security's Cyber Safety Review Board has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as 'Storm-0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using forged authentication tokens from a stolen Microsoft consumer signing key.

The U.S. Cybersecurity and Infrastructure Security Agency has added a recently patched security flaw in Microsoft's.NET and Visual Studio products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.

Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs. [...]

A phishing campaign leveraging the EvilProxy phishing-as-a-service tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world. As organizations increasingly employ multi-factor authentication, threat actors have switched to using phishing services such as EvilProxy, which uses reverse proxy and cookie injection methods to steal authentication credentials and session cookies.

This attack vector enables an attacker operating in a compromised tenant to abuse a misconfigured Cross-Tenant Synchronization configuration and gain access to other connected tenants or deploy a rogue CTS configuration to maintain persistence within the tenant. Terminologies# Source tenant Tenant from where users & groups are getting synced Target tenant Tenant with resources where users & groups are getting synced Resources Microsoft applications and non-Microsoft applications CTS Abbreviation to reference 'Cross Tenant Synchronization' in this document CTA Abbreviation to reference 'Cross Tenant Access' in this document Compromised Account Adversaries initial point of access The Facilitator#.

The August 2023 Microsoft security updates are out, with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft's offical bug listing page is topped by two special items dubbed Exploitation Detected.

EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails sent to over a hundred organizations to steal Microsoft 365 accounts. A new phishing campaign observed by Proofpoint since March 2023 is using the EvilProxy service to send emails that impersonate popular brands like Adobe, DocuSign, and Concur.