Security News

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations globally spanning government, non-government organizations, IT services, technology, discrete manufacturing, and media sectors.

Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks. These new domains were part of the 'onmicrosoft.com' domain, a legitimate Microsoft domain that is automatically used by Microsoft 365 for fallback purposes in case a custom domain is not created.

Microsoft fixed a known issue impacting WSUS servers upgraded to Windows Server 2022, causing them not to push Windows 11 22H2 updates to enterprise endpoints. This issue only affects WSUS servers running Windows Server 2022, specifically, those upgraded from Windows Server 2016 or Windows Server 2019.

Infosec in brief US senator Ron Wyden thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "Hold Microsoft responsible for its negligent cyber security practices." The Chinese hack of Microsoft's hosted email service, you may recall, occurred because suspected Chinese hackers were able to steal an encryption key used for Microsoft account services.

Microsoft has quietly announced an enhancement to the Edge browser's dark mode, making it even darker. The current dark mode, characterized by its grey tones, is set to be replaced with a richer black version, providing users with an even darker browsing experience.

OpenAI, Google, Microsoft and Anthropic have announced the formation of the Frontier Model Forum. The goal of the Frontier Model Forum is to have member companies contribute technical and operational advice to develop a public library of solutions to support industry best practices and standards.

Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. Amid its rapid rebranding over the last few days, Twitter has also ditched the famed bird icon for a Unicode character which resembles the letter X but infact bears Mathematical meaning. Microsoft Edge warns this is a potential security issue-and it's working as intended.

Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [...]

Microsoft has fixed a known issue causing video recording and playing failures in some apps on Windows 10 and Windows 11 systems. The list of impacted platforms includes Windows 10 22H2, Windows 11 21H2, and Windows 11 22H2. The issue is triggered after installing preview cumulative updates released in the last two months.

Microsoft has fixed a known issue causing video recording and playing failures in some apps on Windows 10 and Windows 11 systems. The list of impacted platforms includes Windows 10 22H2, Windows 11 21H2, and Windows 11 22H2. The issue is triggered after installing preview cumulative updates released in the last two months.