A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked … [Read more...] about Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
microsoft
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a … [Read more...] about Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud … [Read more...] about Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
Mar 07, 2025Ravie LakshmananMalvertising / Open Source Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the … [Read more...] about Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Feb 17, 2025Ravie LakshmananEndpoint Security / Malware Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat … [Read more...] about Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network … [Read more...] about Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Jan 14, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The … [Read more...] about Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Jan 11, 2025Ravie LakshmananAI Security / Cybersecurity Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant's … [Read more...] about Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
Jan 02, 2025Ravie LakshmananVulnerability / Data Protection Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's … [Read more...] about Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
Dec 17, 2024Ravie LakshmananMalware / Credential Theft A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit … [Read more...] about Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware