- 20-Year-Old BreachForums Founder Faces Up to 5 Years in Prisonby firstname.lastname@example.org (The Hacker News) on March 27, 2023 at 3:18 pm
Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker “pompompurin,” faces a maximum penalty of up to five years in prison. He was arrested on March 15, 2023. “Cybercrime victimizes and steals financial
- Where SSO Falls Short in Protecting SaaSby email@example.com (The Hacker News) on March 27, 2023 at 10:56 am
Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. By
- New MacStealer macOS Malware Steals iCloud Keychain Data and Passwordsby firstname.lastname@example.org (The Hacker News) on March 27, 2023 at 10:38 am
A new information-stealing malware has set its sights on Apple’s macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it’s the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. “MacStealer has the
- Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Toolsby email@example.com (The Hacker News) on March 27, 2023 at 9:48 am
Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS
- U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminalsby firstname.lastname@example.org (The Hacker News) on March 25, 2023 at 8:52 am
In what’s a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. “All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to
- Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackersby email@example.com (The Hacker News) on March 25, 2023 at 6:13 am
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. “External
- OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incidentby firstname.lastname@example.org (The Hacker News) on March 25, 2023 at 5:51 am
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users’ personal information and chat titles in the upstart’s ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users’ conversations from the chat history sidebar, prompting the company to
- Guidance for investigating attacks using CVE-2023-23397by Microsoft Security Threat Intelligence – Editor on March 24, 2023 at 6:30 pm
This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397. The post Guidance for investigating attacks using CVE-2023-23397 appeared first on Microsoft Security Blog.
- Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Databy email@example.com (The Hacker News) on March 24, 2023 at 1:40 pm
A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before attracting
- THN Webinar: Inside the High Risk of 3rd-Party SaaS Appsby firstname.lastname@example.org (The Hacker News) on March 24, 2023 at 11:43 am
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don’t realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their
- GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operationsby email@example.com (The Hacker News) on March 24, 2023 at 11:06 am
Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations “out of an abundance of caution” after it was briefly exposed in a public repository. The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or
- Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategiesby firstname.lastname@example.org (The Hacker News) on March 24, 2023 at 9:59 am
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a
- Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sitesby email@example.com (The Hacker News) on March 24, 2023 at 7:51 am
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1. Put differently, the issue could permit
- Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accountsby firstname.lastname@example.org (The Hacker News) on March 23, 2023 at 4:29 pm
Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI’s ChatGPT service to harvest Facebook session cookies and hijack the accounts. The “ChatGPT For Google” extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally
- Microsoft continues to innovate to help secure small businessesby Brianna McGovern on March 23, 2023 at 4:00 pm
The latest Microsoft Defender for Business innovations offer new security features for small and medium-sized businesses so they can focus on what they care about most. The post Microsoft continues to innovate to help secure small businesses appeared first on Microsoft Security Blog.
- Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Appsby email@example.com (The Hacker News) on March 23, 2023 at 11:55 am
An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. “Nexus appears to be in its early stages of development,” Italian cybersecurity firm Cleafy said in a report published this week. “Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and
- 2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacksby firstname.lastname@example.org (The Hacker News) on March 23, 2023 at 10:39 am
In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in threats, budgets, and solutions, how prepared are industries
- Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providersby email@example.com (The Hacker News) on March 23, 2023 at 9:29 am
Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps. “The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy
- German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tacticsby firstname.lastname@example.org (The Hacker News) on March 23, 2023 at 7:37 am
German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users’ Gmail inboxes. The joint advisory comes from Germany’s domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea’s National Intelligence Service (NIS). The intrusions are
- The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)by Christine Barrett on March 22, 2023 at 5:00 pm
Organizations are turning to cloud native application protection platforms (CNAPPs) to overcome the challenges of securing the entire cloud lifecycle. Here are the major advantages Microsoft Defender for Cloud offers as a CNAPP. The post The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP) appeared first on Microsoft Security Blog.
- Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023by Christine Barrett on March 22, 2023 at 4:00 pm
Microsoft is named as a Leader in Forrester’s 2023 Wave for Data Security Platforms for Microsoft Purview Information Protection, data loss prevention, insider risk management, and Microsoft Priva. The post Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023 appeared first on Microsoft Security Blog.
- CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systemsby email@example.com (The Hacker News) on March 22, 2023 at 1:09 pm
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics’ InfraSuite Device Master, a real-time device monitoring software. All versions prior to 1.0.5 are
- ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniquesby firstname.lastname@example.org (The Hacker News) on March 22, 2023 at 12:24 pm
The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware onto targeted machines. According to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler, the development is illustrative of the group’s continuous efforts to refine and retool its tactics
- Preventing Insider Threats in Your Active Directoryby email@example.com (The Hacker News) on March 22, 2023 at 11:20 am
Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes the potential for abuse. Insider threats offer some of the most potentials for destruction. Many internal users have over-provisioned access and visibility into the internal network. Insiders’ level of access and trust in a network leads to unique
- Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malwareby firstname.lastname@example.org (The Hacker News) on March 22, 2023 at 8:58 am
The NuGet repository is the target of a new “sophisticated and highly-malicious attack” aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. “The packages contained a PowerShell script that would execute upon installation and trigger a download of a ‘
- NAPLISTENER: New Malware in REF2924 Group’s Arsenal for Bypassing Detectionby email@example.com (The Hacker News) on March 22, 2023 at 7:19 am
The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade “network-based forms of detection.” REF2924 is the moniker assigned to an activity cluster linked to attacks against an entity
- BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forumby firstname.lastname@example.org (The Hacker News) on March 22, 2023 at 4:37 am
In a sudden turn of events, Baphomet, the current administrator of BreachForums, said in an update on March 21, 2023, that the hacking forum has been officially taken down but emphasized that “it’s not the end.” “You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all,” Baphomet noted in a message posted on the BreachForums Telegram
- Gain real-time identity protection with Microsoft and Recorded Futureby Christine Barrett on March 21, 2023 at 4:00 pm
Learn how to protect your organization beyond multifactor authentication with the integration of Microsoft Sentinel with Identity Intelligence from Recorded Future. The post Gain real-time identity protection with Microsoft and Recorded Future appeared first on Microsoft Security Blog.
- New ‘Bad Magic’ Cyber Threat Disrupts Ukraine’s Key Sectors Amid Warby email@example.com (The Hacker News) on March 21, 2023 at 3:01 pm
Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. “Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar
- New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Serversby firstname.lastname@example.org (The Hacker News) on March 21, 2023 at 11:41 am
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. “ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server,” AhnLab Security Emergency response Center (ASEC) said in a report. ShellBot is installed on servers that
- The Best Defense Against Cyber Threats for Lean Security Teamsby email@example.com (The Hacker News) on March 21, 2023 at 11:28 am
H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… You. That is, if you’re in charge of cybersecurity for a small-to-midsize enterprise (SME). Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and
- From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022by firstname.lastname@example.org (The Hacker News) on March 21, 2023 at 9:54 am
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The
- Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flawby email@example.com (The Hacker News) on March 21, 2023 at 6:55 am
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. “The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using ‘batm’ user privileges,” the company said in an advisory published over the
- Microsoft achieves first native Cloud Data Management Capabilities certificationby Emma Williams on March 20, 2023 at 5:00 pm
Today marks a significant industry milestone accelerating cloud adoption by ensuring sensitive data is secure and enabling organizations to focus on deriving value from data. As the first cloud provider to be CDMC certified, Microsoft demonstrates a commitment to trust. The post Microsoft achieves first native Cloud Data Management Capabilities certification appeared first on Microsoft Security Blog.
- Leverage cloud-powered security with Microsoft Defender for IoTby Christine Barrett on March 20, 2023 at 4:00 pm
Learn how the new Microsoft Defender for IoT delivers integrated, comprehensive security for your IoT and OT environment. Powered by Microsoft cloud technology, Defender for IoT manages assets, emerging threats, and risks across connected or air-gapped environments—from enterprise networks to mission-critical networks. The post Leverage cloud-powered security with Microsoft Defender for IoT appeared first on Microsoft Security Blog.
- New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Adsby firstname.lastname@example.org (The Hacker News) on March 20, 2023 at 1:39 pm
A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. “DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families,” Check
- Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolenby email@example.com (The Hacker News) on March 20, 2023 at 12:26 pm
A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu (
- New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breachesby firstname.lastname@example.org (The Hacker News) on March 20, 2023 at 10:44 am
2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in risky ways you may not expect. Evaluating stolen
- Researchers Shed Light on CatB Ransomware’s Evasion Techniquesby email@example.com (The Hacker News) on March 20, 2023 at 10:26 am
The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an “evolution or direct rebrand” of another ransomware strain known as Pandora based on code-level similarities. It’s worth noting that the use
- Emotet Rises Again: Evades Macro Security via OneNote Attachmentsby firstname.lastname@example.org (The Hacker News) on March 20, 2023 at 5:51 am
The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A
- Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attackby email@example.com (The Hacker News) on March 18, 2023 at 11:30 am
The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. American cybersecurity company Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim
- Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New Yorkby firstname.lastname@example.org (The Hacker News) on March 18, 2023 at 5:59 am
U.S. law enforcement authorities have arrested a 21-year-old New York man in connection with running the infamous BreachForums hacking forum under the online alias “Pompompurin.” The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators “spent hours inside and outside of a home in Peekskill.” “At one point, investigators
- THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeterby email@example.com (The Hacker News) on March 18, 2023 at 5:55 am
Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. “I’m in!” he shouts in triumph. Clearly, there are many problems with this scenario – and it’s not just the hoodie. What’s even more inaccurate is that most cyber attackers today do
- LockBit 3.0 Ransomware: Inside the Cyberthreat That’s Costing Millionsby firstname.lastname@example.org (The Hacker News) on March 18, 2023 at 5:17 am
U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. “The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,”
- FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Appsby email@example.com (The Hacker News) on March 17, 2023 at 6:15 pm
An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. “FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim’s device,” cybersecurity firm Check Point said.
- KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacksby Microsoft Security Threat Intelligence – Editor on March 17, 2023 at 4:00 pm
KillNet, a group that the US Department of Health and Human Services (DHHS) has called pro-Russia hacktivists, has been launching waves of attacks targeting governments and companies with focus on the healthcare sector. In this blog post, we provide an overview of the DDoS attack landscape against healthcare applications hosted in Azure over three months. The post KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks appeared first on Microsoft Security Blog.
- New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacksby firstname.lastname@example.org (The Hacker News) on March 17, 2023 at 12:07 pm
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. “The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as ‘Hinata–,'” Akamai said in a
- A New Security Category Addresses Web-borne Threatsby email@example.com (The Hacker News) on March 17, 2023 at 10:46 am
In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of
- Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malwareby firstname.lastname@example.org (The Hacker News) on March 17, 2023 at 10:22 am
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. “All of them are after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets,” ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of
- Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officialsby email@example.com (The Hacker News) on March 17, 2023 at 7:06 am
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The
- Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chipsby firstname.lastname@example.org (The Hacker News) on March 17, 2023 at 6:53 am
Google is calling attention to a set of severe security flaws in Samsung’s Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123
- Join us at Microsoft Secure to discover the latest security solutionsby Emma Williams on March 16, 2023 at 4:00 pm
Register for Microsoft Secure on March 28, 2023, for insights on AI, identity, data security, and more. In this blog post, we preview what to expect and session highlights you won’t want to miss. The post Join us at Microsoft Secure to discover the latest security solutions appeared first on Microsoft Security Blog.
- Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detectionby email@example.com (The Hacker News) on March 16, 2023 at 3:30 pm
Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that’s designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver the commercial adversary simulation software. The development comes as
- Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltrationby firstname.lastname@example.org (The Hacker News) on March 16, 2023 at 1:39 pm
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That’s according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the
- Authorities Shut Down ChipMixer Platform Tied to Crypto Laundering Schemeby email@example.com (The Hacker News) on March 16, 2023 at 9:46 am
A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. “The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking,
- What’s Wrong with Manufacturing?by firstname.lastname@example.org (The Hacker News) on March 16, 2023 at 7:12 am
In last year’s edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other
- Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agencyby email@example.com (The Hacker News) on March 16, 2023 at 6:34 am
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
- CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wildby firstname.lastname@example.org (The Hacker News) on March 16, 2023 at 4:47 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution. “Adobe ColdFusion
- Gain flexibility and scale with a cloud-native DLP solutionby Christine Barrett on March 15, 2023 at 4:00 pm
Learn the three stages of migrating to cloud-based data loss prevention (DLP), along with how to overcome perceived challenges to create a scalable, holistic DLP solution. The post Gain flexibility and scale with a cloud-native DLP solution appeared first on Microsoft Security Blog.
- YoroTrooper Stealing Credentials and Information from Government and Energy Organizationsby email@example.com (The Hacker News) on March 15, 2023 at 1:49 pm
A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. “Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies, system information and screenshots,” Cisco
- Microsoft Mitigates Outlook Elevation of Privilege Vulnerabilityon March 14, 2023 at 1:00 pm
March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 – Microsoft Security Blog. March 23, 2023 update: See Releases for Microsoft Products below for clarification on product changes and defense in depth update availability. Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft to an untrusted network, such as the Internet.
- 2023 年 3 月のセキュリティ更新プログラム (月例)on March 14, 2023 at 7:00 am
2023 年 3 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
- マイクロソフトは Outlook の 特権昇格の脆弱性を緩和しますon March 14, 2023 at 7:00 am
本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 2023
- Azure Kubernetes Service (AKS) Threat Huntingon March 1, 2023 at 8:00 am
As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases.
- Configuring host-level audit logging for AKS VMSSon March 1, 2023 at 8:00 am
This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future.
- First steps in CHERIoT Security Researchon February 28, 2023 at 8:00 am
At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important. Hardware solutions are an attractive approach because they introduce very powerful security properties with low overheads compared to purely software solutions.
- 2023 年 2 月のセキュリティ更新プログラム (月例)on February 14, 2023 at 8:00 am
2023 年 2 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
- 新しい MSRCのブログサイトon February 9, 2023 at 9:14 pm
2023 年 2 月 9 日 (米国時間) から MSRC のブログサイトが新しくなりました。 2023 年 2 月 9 日 (米国時間) 以降は https://msrc.microsoft.com/blog をご
- New MSRC Blog Siteon February 8, 2023 at 8:00 am
We are excited to announce the release of the new Microsoft Security Response Center (MSRC) blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved site performance, search, categories, and tags to help users easily find content.
- BlueHat 2023: Connecting the security research community with Microsofton February 6, 2023 at 8:00 am
We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where the security research community, and Microsoft security professionals, come together as peers to connect, share, learn, and exchange ideas in the interest of creating a safer and more secure world for all.
- Microsoft の調査 – 検証済みの発行者確認を悪用する脅威アクターの同意フィッシング キャンペーンについてon February 1, 2023 at 8:00 am
本ブログは、Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process の抄訳版です。最新の情報は原文を参照してくださ
- Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher processon January 31, 2023 at 8:00 am
Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly known as Microsoft Partner Network (MPN)). The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.
- サイバーセキュリティ月間 2023on January 31, 2023 at 8:00 am
政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ
- Congratulations to the Top MSRC 2022 Q4 Security Researchers!on January 26, 2023 at 8:00 am
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q4 Security Researcher Leaderboard are: goodbyeselene, Jarvis_1oop, and kap0k! Check out the full list of researchers recognized this quarter here.
- Microsoft は、Azure クラウド サービスにおける 4 つの SSRF の脆弱性を解決しました。on January 18, 2023 at 8:00 am
本ブログは、Microsoft resolves four SSRF vulnerabilities in Azure cloud services の抄訳版です。最新の情報は原文を参照してください。 概要
- Microsoft resolves four SSRF vulnerabilities in Azure cloud serviceson January 17, 2023 at 8:00 am
Summary Summary Microsoft recently fixed a set of Server-Side Request Forgery (SSRF) vulnerabilities in four Azure services (Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins) reported by Orca Security. These SSRF vulnerabilities were determined to be low risk as they do not allow access to sensitive information or Azure backend services.
- 2023 年 1 月のセキュリティ更新プログラム (月例)on January 10, 2023 at 8:00 am
2023 年 1 月 10 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
- セキュリティ更新プログラムガイド CVRF API での CBL-Mariner CVE の 公開についてon January 10, 2023 at 8:00 am
本ブログは、Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API の抄訳版です。最新の情報は原文を参照してください。
- セキュリティ更新プログラムガイドの改善 – ホットパッチ更新プログラムの記載on January 9, 2023 at 8:00 am
本ブログは、Security Update Guide Improvement – Representing Hotpatch Updatesの抄訳版です。最新の情報は原文を参照してくださ
- Publishing CBL-Mariner CVEs on the Security Update Guide CVRF APIon January 6, 2023 at 8:00 am
Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide (SUG) Common Vulnerability Reporting Framework (CVRF) API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and is currently in preview as an AKS Container Host.
- Security Update Guide Improvement – Representing Hotpatch Updateson December 29, 2022 at 8:00 am
Today we are updating the way Microsoft Security Update Guide (SUG) represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch and security updates. Hotpatching was introduced a year ago as a new way to install updates on supported Windows Server Azure Edition virtual machines (VMs) without requiring a reboot after installation.
- 2022 年 12 月のセキュリティ更新プログラム (月例)on December 13, 2022 at 8:00 am
2022 年 12 月 13 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
- BlueHat 2023: Applications to Attend NOW OPEN!on December 2, 2022 at 8:00 am
We are excited to announce that applications to attend BlueHat 2023 are now open We are excited to announce that applications to attend BlueHat 2023 are now open BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be on the Microsoft campus in Redmond, WA, USA, from February 8 – 9, 2023.
- A Ride on the Wild Side with Hacking Heavyweight Sick Codeson November 29, 2022 at 8:00 am
Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies (Present & Past): Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently has 2,000 tabs open
- マイクロソフト 機械学習 メンバーシップ推論コンペティション (MICO) の発表on November 20, 2022 at 8:00 am
本ブログは、Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)の抄訳版です。最新の情報は原文を参照してく
- Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)on November 16, 2022 at 8:00 am
We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security and privacy guarantees provided by state-of-the-art ML algorithms – indeed this is one of Microsoft’s Responsible AI Principles.
- 2022 年 11 月のセキュリティ更新プログラム (月例)on November 8, 2022 at 8:00 am
2022 年 11 月 8 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
- セキュリティ更新プログラム リリース スケジュール (2023 年)on November 8, 2022 at 8:00 am
- OpenSSL 3.0 ~ 3.0.6 のリスク (CVE-2022-3786 および CVE-2202-3602) に関する認識とガイダンスon November 3, 2022 at 7:00 am
本ブログは、Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)の抄訳版です。最新の
- マイクロソフト、Jupyter Notebooks for Azure Cosmos DB の脆弱性を修正on November 2, 2022 at 7:00 am
本ブログは、Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB の抄訳版です。最新の情報は原文を参照してください。 概
- Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)on November 2, 2022 at 7:00 am
Summary Summary Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services. Any customer action that is required will be highlighted in this blog and our associated Security Update Guides (CVE-2022-3786 Security Update Guide and CVE-2022-3602 Security Update Guide).
- Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DBon November 1, 2022 at 7:00 am
Summary Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide on Oct 6th, two days after it was reported.
- Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about Peopleon October 31, 2022 at 7:00 am
As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology problem, but at its core, it’s really about people: the customers and communities we work to protect and defend, the current and future cybersecurity professionals on the front lines of the fight, and the larger security community coming together to strengthen cybersecurity for all.
- Congratulations to the Top MSRC 2022 Q3 Security Researchers!on October 24, 2022 at 7:00 am
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang , Yuki Chen , and Dang The Tuyen! Check out the full list of researchers recognized this quarter here.
- Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client riskon October 19, 2022 at 7:00 am
Summary Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web client version (SFXv1).
- Investigation Regarding Misconfigured Microsoft Storage Locationon October 19, 2022 at 7:00 am
October 28, 2022 update: Added a Customer FAQ section. Summary Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.
- Microsoft Storage Location における構成の誤りに関する調査on October 19, 2022 at 7:00 am
本ブログは、Investigation Regarding Misconfigured Microsoft Storage Locationの抄訳版です。最新の情報は原文を参照し
- 潜在的な Service Fabric Explorer (SFX) v1 Web クライアント リスクに関する認識とガイダンスon October 19, 2022 at 7:00 am
本ブログは、Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client riskの抄訳版です。最新の情報は原文を参照し
- セキュリティ更新プログラムの通知・配信の改善 – 新しい配信方法についてon October 16, 2022 at 7:00 am
本ブログは、Improvements in Security Update Notifications Delivery – And a New Delivery Method の抄訳版です。最新の情報は原文を参照してく