Security News

Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Today, Microsoft disclosed that the Clop and LockBit ransomware gangs are behind these PaperCut attacks and using them to steal corporate data from vulnerable servers.

You might want to think twice before typing anything into Microsoft's Edge browser, as an apparent bug in a recent release of Redmond's Chromium clone appears to be funneling URLs you visit back to the Bing API. The issue, identified by Redditor HackerMcHackface in the r/browsers subreddit last week, appears to be related to an opt-out content aggregation feature in Edge, called Collections, which offers suggestions for online creators that users may want to follow. Beginning with Microsoft Edge build 112.0.1722.34, the Redditor notes that the default behavior had changed.

Microsoft is rolling out Phone Link for iOS to all Windows 11 and iPhone users, with the rollout expected to complete by mid-May. The Phone Link app is designed to enable users to connect from their PC to Android and iOS devices via a Wi-Fi connection. "Today, we are excited to announce that Microsoft Phone Link for iOS on Windows 11 is beginning to rollout to our global audience in 39 languages across 85 markets," said Ali Akgun, Corporate Vice President of Software Engineering for Microsoft Devices.

Microsoft has fixed a known issue triggering Windows Security warnings that Local Security Authority Protection is off by removing the feature's UI from settings. Microsoft acknowledged a known issue causing persistent alerts asking for Windows restarts following a stream of reports mentioning "Local Security Authority protection is off. Your device may be vulnerable." warnings even though LSA Protection was already enabled.

Microsoft is investigating ongoing Microsoft 365 issues preventing some Exchange Online customers from accessing their mailboxes. According to outage monitoring platform Downdetector, thousands of Microsoft 365 report experiencing server connection and login issues, as well as when accessing their Outlook mailboxes.

Microsoft is investigating an ongoing issue preventing some customers from using the search functionality across multiple Microsoft 365 services. The list of affected services includes but is not limited to Outlook on the Web, SharePoint Online, Microsoft Teams, and Outlook desktop clients.

Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems. To be clear, AuKill takes the BYOVD approach: it brings onto the PC a vulnerable Microsoft driver to exploit.

The hacking tool, which Sophos X-Ops researchers are calling AuKill, is the latest example in a growing trend where threat gangs either abuse a legitimate commercial driver to get past endpoint detection and response software on the systems - the so-called bring-your-own-vulnerable-driver attack - or work to get a malicious driver digitally signed by a trusted certificate. As part of the research, Microsoft suspended various third-party developers of malicious Windows drivers and revoked certificates that were used to sign the drivers.

Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details. "We must create more inclusive and supportive learning environments, and we see greater success in building confidence and soft skills among women with cohorts that are majority women," Behncken said in a blog post announcing the new partnerships.

Microsoft is investigating an ongoing outage blocking customers worldwide from accessing and using web apps and online services. The list of affected services includes Microsoft 365 fort the web, the Microsoft 365 suite, Microsoft Teams, and Microsoft Planner.