Security News

Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. Microsoft also shared guidance on how to block future attacks targeting this vulnerability, urging organizations to install the recently released Outlook security update.

American cybersecurity officials have released an early-warning system to protect Microsoft cloud users. Dubbed the Untitled Goose Tool, CISA said it "Offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services."

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory, and Microsoft 365 cloud environments have a new free solution at their disposal: Untitled Goose Tool. As an agency charged with - among other things - helping US-based organizations in the government and private sector protect themselves against cyber attackers, CISA regularly releases free open-source services and tools for defenders to use.

Competitors successfully exploited zero-day bugs in multiple products during the second day of Pwn2Own Vancouver 2023, including the Tesla Model 3, Microsoft's Teams communication platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop operating system. Team Viettel hacked also Microsoft Teams via a 2-bug chain to earn $78,000 and Oracle's VirtualBox using a Use-After-Free bug and an uninitialized variable for $40,000.

New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign. According to Microsoft, the threat actor described the kit as a phishing application with "Reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook."

The U.S. Cybersecurity & Infrastructure Security Agency has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed 'Acropalypse' privacy flaw that allows the partial restoration of cropped images. As first spotted by Windows enthusiast Xeno, Microsoft released Windows 11 Snipping Tool version 11.2302.20.0 yesterday to Windows Insiders in the Canary channel via the Microsoft Store.

Microsoft has released a new Windows 11 preview build that adds a new dedicated USB4 settings page and support for displaying seconds in the system tray clock. "We are adding a USB4 hubs and devices Settings page for users under Settings > Bluetooth & devices > USB > USB4 Hubs and Devices," said Microsoft's Amanda Langowski and Brandon LeBlanc.

Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority Protection is off. LSA Protection is a security feature that defends sensitive information like credentials from theft by blocking untrusted LSA code injection and process memory dumping.

Given how many organizations now use two or more public clouds - 87 percent of respondents in Flexera's 2023 State of the Cloud report said they have a multicloud strategy - it was important that Microsoft also look outward when talking about security baselines, according to Jim Cheng, senior software engineer at Microsoft. "Today we see that our customers often have to aggregate and reconcile their security management across multiple cloud platforms to meet security and compliance requirements," Cheng wrote in October 2022, when MCSB v1 entered public preview.