Microsoft has come under fire from the U.S. Cyber Safety Review Board (CSRB) for a string of security failings that allowed a nation-state group named Storm-0558, based in China, to compromise almost two dozen businesses in Europe and the United States last year. According to the results, which were made public by the Department of […]
Microsoft has announced the seizure of 42 domains used by Nickel a China-based cyber espionage group which has its sights on organizations in the U.S. and 28 other countries. Nickel has targeted organizations in both private and public sectors including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, Europe
Malicious Web Domain Used By Chinese Hackers Seized by Microsoft Read More »
An extensive series of credential phishing campaigns has been discovered and disclosed by Microsoft on Thursday. This campaign is taking advantage of custom phishing kit that stitched together components from at least five different circulated ones with the aim of siphoning user login information. This discovery was first made in December 2020 and dubbed the
Microsoft Cautions on TodayZoo Phishing Kit Used in Credential Stealing Attacks Read More »
Microsofts Azure cloud platform suffered a 2.4 Tbps distributed denial-of-service (DD0S) attack in the last week of August however this was mitigated. The attack targeted an unnamed customer in Europe surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. Amir Dahan, senior program manager of Azure Network has said in a
Attempted 2.4 Tbps DDoS Attack on Microsoft Azure Fended Off Read More »
An actively exploited zero-day flaw Tracked as CVE-2021-40444 (CVSS score: 8.8), has been discovered to be impacting Internet Explorer. The remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.
A new Malware was revealed on Monday by Microsoft developed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers. Microsofts’ Threat Intelligence Center (MSTIC) codenamed the “passive and highly targeted backdoor” FoggyWeb, making it the threat
Microsoft cautions on FoggyWeb Malware Targeting Active Directory FS Servers Read More »
100,000 login names and passwords for Windows domains worldwide has been leaked as a result of an unpatched design flaw in the implementation of Microsoft Exchange’s Autodiscover protocol. “This is a severe security issue, since if an attacker can control such domains or has the ability to ‘sniff’ traffic in the same network, they can
100,000 Windows Domain Credentials Leaked due to Microsoft Exchange Bug Read More »
