Security News

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. Cisco Talos added: "Masslogger is a credential stealer and keylogger with the ability to exfiltrate data through SMTP, FTP or HTTP protocols. For the first two, no additional server-side components are required, while the exfiltration over HTTP is done through the Masslogger control panel web application."

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims' credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML files.

Microsoft has released the January 2021 non-security Microsoft Office updates with fixes for known issues impacting Windows Installer editions of Office 2016 products. Microsoft has also released non-security updates in Current Channel releases for Microsoft 365 Apps to address Excel crashes and Outlook hangs.

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities- from collecting browser credentials to targeting Outlook files. "AridViper is an active threat group that continues developing new tools as part of their arsenal," researchers with Palo Alto's Unit42 research team said in a Monday analysis.

Microsoft has released the November 2020 non-security Microsoft Office updates with performance enhancements and fixes for known issues impacting Windows Installer editions of Office 2016 products. Four of the Office November 2020 non-security updates apply to the entire Microsoft Office 2016 software suite, while five others address issues impacting standalone Office products like Word, Project, and Visio.

The report also illustrates a shift in the way workers perceive IT. Half of the respondent employees said they "Had more empathy, had more respect or were more grateful for IT.". On Thursday, Snow Software released its "2021 IT Priorities Report." The findings are based on a survey involving 1,000 leaders in IT and 3,000 workers located in the US, UK, Australia, and Germany.

Microsoft is investigating a recently discovered issue that causes deleted emails to reappear in the mail inbox of Outlook.com accounts. The exact cause behind these Outlook.com undeletable emails but the company says that it's working on a fix to be deployed when a resolution is available.

Microsoft users are currently experiencing issues around the world, with users unable to access Windows Store, Xbox Live services, and Outlook. When attempting to access Microsoft Store, users are seeing loading screen, which suggests that the Store is unable to connect to the Microsoft servers.

New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms - most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web - in order to steal business credentials and other sensitive data. APTs Flock Exchange, OWA. One advanced persistent threat group that has been targeting Exchange and OWA is what researchers dub "BELUGASTURGEON".

The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a remote code execution vulnerability that leads to remote code execution when previewing or opening maliciously crafted emails with a vulnerable Microsoft Outlook version. CVE-2020-16947 affects several Office products including Microsoft Outlook 2016 and Microsoft Office 2019, as well as Microsoft 365 Apps for Enterprise.