Security News

Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled "Digital threats from East Asia increase in breadth and effectiveness." In the report, Redmond's Threat Intelligence group expounds on its fresh insight into evolving online aggressions from both China and North Korea. The report details the work of a group Microsoft has named "Raspberry Typhoon" that "Typically conducts intelligence collection and malware execution" and likes to target ministries that oversee defense, intelligence, economic matters, and trade.

Microsoft is rolling out a new version of the Paint application on Windows 11 Insider builds that can remove the background from any picture with the click of a button. You can see a demonstration of the background removal below using the Windows wallpaper.

Microsoft says North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year. "Multiple North Korean threat actors have recently targeted the Russian government and defense industry - likely for intelligence collection - while simultaneously providing material support for Russia in its war on Ukraine," said Clint Watts, the head of Microsoft's Digital Threat Analysis Center.

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365's email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn't have been - Microsoft's corporate environment. The signing key was included in the snapshot of the crashed process of a consumer signing system because of an unexpected race condition, and its presence in the crash dump wasn't detected by Microsoft's credential scanning methods.

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer's corporate account. "A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process," the Microsoft Security Response Center said in a post-mortem report.

Mistakes were made, lessons learned, stuff now fixed, says Windows maker Remember that internal super-secret Microsoft security key that China stole and used to break into US government email...

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer's corporate account. While investigating Storm-0558's attack, Microsoft found that the MSA key was leaked into a crash dump after a consumer signing system crashed in April 2021.

A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts. In ten months, security researchers discovered that W3LL's utilities and infrastructure were used to set up about 850 phishing that targeted credentials for more than 56,000 Microsoft 365 accounts.

A previously undocumented "Phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise attacks," Group-IB said in a report shared with The Hacker News.

Qualys's method for ranking these security holes took into account several factors, we're told, including the number of attackers known to exploit the vulnerability. Finally, more mature exploit code and inclusion in the US government's CISA list of top-exploited vulnerabilities will also boost a bug's rank on Qualys' index.