Security News

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and...

A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. "Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in the number of initial entry attacks using the malware has been observed," they noted.

Between July and September, DarkGate malware attacks have used compromised Skype accounts to infect targets through messages containing VBA loader script attachments. According to Trend Micro security researchers who spotted the attacks, this script downloads a second-stage AutoIT script designed to drop and execute the final DarkGate malware payload. "Access to the victim's Skype account allowed the actor to hijack an existing messaging thread and craft the naming convention of the files to relate to the context of the chat history," Trend Micro said.

On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities. CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could allow attackers to grab NTLM hashes.

A vulnerability in Skype mobile apps can be exploited by attackers to discover a user's IP address - a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. Vulnerability specifics have not been publicly shared since it has yet to be patched, but Cox says it's "Trivially easy to exploit and involves changing a certain parameter related to the link."

New Skype users report frustration after being presented with a captcha that requires them to solve a complex puzzle ten times before signing up for the service. Tests by BleepingComputer confirmed the problematic captcha required when signing up for a Microsoft account via Skype-even after verifying your email address.

New Skype users report frustration after being presented with a captcha that requires them to solve a complex puzzle ten times before signing up for the service. Tests by BleepingComputer confirmed the problematic captcha required when signing up for a Microsoft account via Skype-even after verifying your email address.

Microsoft's inattentive approach to Linux has continued unabated, with reports that the signing key for its Debian Skype repository has expired. Far be it from us to suggest that we are perhaps witnessing an attempt by Microsoft to steer users toward Teams on Linux rather than that old Skype thing.

There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. That does not mean that Microsoft 365 administrators cannot control certain aspects of Skype for Business using PowerShell commands.

Skype users are currently experiencing issues around the world, with users reporting that they are getting signed out of their Skype account automatically. When attempting to access Skype website, users are given "We're unable to complete your request" errors or other messages stating that the company is aware of the problem and are working on restoring access.