Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.

Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.

Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware. This is a change in the way DCU has...

L'uso di piattaforme didattiche fornite da Google e Microsoft nelle scuole italiane solleva interrogativi sullo scambio di dati con gli Stati Uniti, al centro di un braccio di ferro tra Washington e la Commissione europea. E per il ministero dell'Istruzione il problema è delle scuole

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.

As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.

Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes.

Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files.

Today, Microsoft’s Digital Threat Analysis Center (DTAC) is attributing a recent influence operation targeting the satirical French magazine Charlie Hebdo

A software development toolset, VSTO is available in Microsoft’s Visual Studio IDE. It enables Office Add-In’s (a type of Office application extension) to be developed in .NET and also allows for Office documents to be created that will deliver and execute these Add-In’s.

Cyble Research & Intelligence Labs analyzes new strategies deployed by Qakbot to infect users via Microsoft OneNote.

Microsoft's move last year to block macros by default in Office applications is forcing miscreants to find other tools with which to launch cyberattacks, including the software vendor's LNK files – the shortcuts Windows uses to point to other files.

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.

Microsoft has revoked several Chardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.