Microsoft | Breaking Cybersecurity News | The Hacker News

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser over the past month. The two security shortcomings that have come under exploitation are below - CVE-2024-38080 (CVSS score: 7.8) - Windows Hyper-V Elevation of Privilege Vulnerability CVE-2024-38112 (CVSS score: 7.5) - Windows MSHTML Platform Spoofing Vulnerability "Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment," Microsoft said of CVE-2024-38112. "An attacker would have to send the victim a malicious file that the victim would have to execute." Check Point securi

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console ( MMC ) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (" sccm-updater.msc ") that was uploaded to the VirusTotal malware scanning platform on June 6, 2024. "When a maliciously crafted console file is imported, a vulnerability in one of the MMC libraries can lead to running adversary code, including malware," the company said in a statement shared with The Hacker News. "Attackers can combine this technique with DotNetToJScript to gain arbitrary code execution, which can lead to unauthorized access, system takeover and more." The use of uncommon file types as a malware distribution vector is seen as an alternative attempt by adversaries to get around security guardrails erected

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo

Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program ( WIP ) in the coming weeks. "We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security," it said in an update. "This decision is rooted in our commitment to providing a trusted, secure and robust experience for all customers and to seek additional feedback prior to making the feature available to all Copilot+ PC users." First unveiled last month, Recall was originally slated for a broad release on June 18, 2024, but has since waded into controversial waters after it was widely panned as a privacy and security risk and an alluring target for threat ac

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month. None of the security flaws have been actively exploited in the wild, with one of them listed as publicly known at the time of the release. This concerns a third-party advisory tracked as CVE-2023-50868 (CVSS score: 7.5), a denial-of-service issue impacting the DNSSEC validation process that could cause CPU exhaustion on a DNSSEC-validating resolver. It was reported by researchers from the National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt back in February, alongside KeyTrap ( CVE-2023-50387 , CVSS score: 7.5). "NSEC3 is an improved version of NSEC (Next Secure) that provides authenticated denial of existence," Tyler Reguly, associate director of Security

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall , currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing screenshots of what appears on users' screens every five seconds, which are subsequently analyzed and parsed to surface relevant information. But the feature, meant to serve as some sort of an AI-enabled photographic memory, was met with instantaneous backlash from the security and privacy community, which excoriated the company for having not thought through enough and implementing adequate safeguards that could prevent malicious actors from easily gaining a window into a victim's digital life. The recorded information could include screenshots of documents, emails, or messages containing sensitive details that may have been deleted or shared temporarily using disappearing

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools. To that end, apps that generate content using AI must ensure they don't create Restricted Content , have a mechanism for users to report or flag offensive information , and market them in a manner that accurately represents the app's capabilities. App developers are also being recommended to rigorously test their AI models to ensure they respect user safety and privacy. "Be sure to test your apps across various user scenarios and safeguard them against prompts that could manipulate your generative AI feature to create harmful or offensive content," Prabhat Sharma, director of trust and safety for Google Play, Android, and Chrome, said . The development com

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422, is an advanced persistent threat (APT) group affiliated with Russia's strategic military intelligence unit, the GRU. The hacking crew operates with a high level of stealth and sophistication, often demonstrating their adaptability through deep preparedness and custom tooling, and relying on legitimate internet services (LIS) and living off-the-land binaries (LOLBins) to conceal their operations within regular network traffic. "From April to December 2023, BlueDelta deployed Headlace malware in three distinct phases using geofencing techniques to target networks throughout Europe with a heavy focus on Ukraine," Recorded Future's Insikt

Cybersecurity researchers are alerting of phishing campaigns that abuse  Cloudflare Workers  to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle ( AitM ) phishing, "uses Cloudflare Workers to act as a reverse proxy server for a legitimate login page, intercepting traffic between the victim and the login page to capture credentials, cookies, and tokens," Netskope researcher Jan Michael Alcantara  said  in a report. A majority of phishing campaigns hosted on Cloudflare Workers over the past 30 days have targeted victims in Asia, North America, and Southern Europe, spanning technology, financial services, and banking sectors. The cybersecurity firm said that an increase in traffic to Cloudflare Workers-hosted phishing pages was first registered in Q2 2023, noting it observed a spike in the total number of distinct domains

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell," Microsoft Program Manager Naveen Shankar  said . "These languages offer broader capabilities and are better suited for modern web development and automation tasks." The tech giant originally  announced  its plans to gradually sunset VBScript in October 2023. The scripting language, also called Visual Basic Scripting Edition, was first introduced by Microsoft in 1996 as a Windows system component, offering users the ability to automate tasks and develop interactive web pages using Internet Explorer and Edge (in  Internet Explorer mode ). The announced deprecation plan consists of three phases, with the first phase kicking off in the second h

 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the tech giant  said . The Windows maker  originally announced  its decision to drop NTLM in favor of Kerberos for authentication in October 2023. NTLM's lack of support for cryptographic methods such as AES or SHA-256 notwithstanding, the protocol has also been rendered susceptible to relay attacks, a technique that has been widely exploited by the Russia-linked  APT28 actor  via zero-day flaws in Microsoft Outlook. Other changes coming to Windows 11 include enabling  Local Security Authority (LSA) protection  by default for new consumer devices and the use of virtualization-based secur

The North Korea-linked  Kimsuky hacking group  has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity disguised as a public official working in the North Korean human rights field," South Korean cybersecurity company Genians  said  in a report published last week. The multi-stage attack campaign, which impersonates a legitimate individual, is designed to target activists in the North Korean human rights and anti-North Korea sectors, it noted. The approach is a departure from the typical email-based spear-phishing strategy in that it leverages the social media platform to approach targets through Facebook Messenger and trick them into opening seemingly private documents written by the persona. The decoy documents, hosted on OneDrive, is a Microsoft Common Console document that masquerades as an essay or cont

The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name  Storm-1811  abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy  Black Basta  ransomware," the company  said  in a report published on May 15, 2024. The attack chain involves the use of impersonation through voice phishing to trick unsuspecting victims into installing remote monitoring and management (RMM) tools, followed by the delivery of  QakBot , Cobalt Strike, and ultimately Black Basta ransomware. "Threat actors misuse Quick Assist features to perform social engineering attacks by pretending, for example, to be a trusted contact like Microsoft technical support or an IT professional from the target user's company to gain initial access to a target device," the tech giant said. Quick Assist is a  legitimate application  from Microsoft t