Security News
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. "The most straight-forward implication of a SIP bypass is that an attacker can create files that are protected by SIP and therefore undeletable by ordinary means," Microsoft researchers Jonathan Bar Or, Michael Pearse, and Anurag Bohra said.
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection to install "Undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control security checks. Apple has patched the vulnerability in security updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, released two weeks ago, on May 18.
Microsoft has shared a temporary fix for a widespread issue triggered by a buggy driver that causes built-in cameras on some ARM-based Windows devices to stop working. The issues started last Tuesday, May 23, when many customers began reporting that their cameras had stopped working without warning.
Microsoft has introduced a new Microsoft Defender capability named "Performance mode" for developers on Windows 11, tuned to reduce the impact of antivirus scans when analyzing files stored on Dev Drives.As Microsoft's Chief Product Officer for Windows and Devices Panos Panay stated, the Dev Drive and Defender performance mode combination can lead to a build speed boost of up to 30%. "Dev Drive is based on the Resilient File System, which, combined with a new performance mode capability in Microsoft Defender for Antivirus, offers up to 30% file system improvement in build times for file I/O scenarios," Panay said.
Phishers are using encrypted restricted-permission messages attached in phishing emails to steal Microsoft 365 account credentials. "The initial emails are sent from compromised Microsoft 365 accounts and appear to be targeted towards recipient addresses where the sender might be familiar."
Microsoft's warning on Wednesday that the China-sponsored actor Volt Typhoon attacked U.S. infrastructure put a hard emphasis on presentations by cybersecurity and international affairs experts that a global war in cyberspace is pitting authoritarian regimes against democracies. Microsoft's notification pointed out that Volt Typhoon - which hit organizations in sectors spanning IT, communications, manufacturing, utility, transportation, construction, maritime, government and education - has been pursuing a "Living off the land" strategy focused on data exfiltration since 2021.
Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files are encrypted email message attachments created using Microsoft's Rights Management Services and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.
TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....
Microsoft says some 32-bit applications are impacted by recurring failures when saving and copying files across multiple Windows versions. The intermittent issue only affects apps that are large address aware and are also using the CopyFile API on Windows 11 21H2 and 22H2 or Windows 10 21H2 and 22H2. "Windows devices are more likely to be affected by this issue when using some commercial/enterprise security software which uses extended file attributes," Microsoft said.
China has attacked critical infrastructure organizations in the US using a "Living off the land" attack that hides offensive action among everyday Windows admin activity. The attack was spotted by Microsoft and acknowledged by intelligence and infosec agencies from the Five Eyes nations - Australia, Canada, New Zealand, the UK and the US. A joint cyber security advisory [PDF] from ten agencies describes "a recently discovered cluster of activity of interest associated with a People's Republic of China state-sponsored cyber actor, also known as Volt Typhoon."