Microsoft

Pierluigi Paganini September 16, 2024
Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer. Although […]

Pierluigi Paganini June 30, 2024
Russia-linked Midnight Blizzard stole email of more Microsoft customers

Microsoft warned more customers about email theft linked to the previously reported Midnight Blizzard hacking campaign. The Russia-linked cyberespionage group Midnight Blizzard continues to target Microsoft users to steal other emails, warn the IT giant. The company is identifying more customers targeted by the Midnight Blizzard hacking campaign following Microsoft’s corporate infrastructure breach. In January, […]

Pierluigi Paganini June 20, 2024
An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks.  The researchers demonstrated the bug exploitation to TechCrunch, Kokorin […]

Pierluigi Paganini June 05, 2024
Malware can steal data collected by the Windows Recall tool, experts warn

Cybersecurity researchers demonstrated how malware could potentially steal data collected by the new Windows Recall tool. The Recall feature of Microsoft Copilot+ is an AI-powered tool designed to help users search for past activities on their PC. The data collected by the tool is stored and processed locally. After its presentation, it raised security and […]

Pierluigi Paganini May 24, 2024
Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. The UK data watchdog, the Information Commissioner’s Office (ICO), is investigating a new feature, called Recall, implemented by Microsoft” Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. […]

Pierluigi Paganini April 11, 2024
Microsoft fixed two zero-day bugs exploited in malware attacks

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed […]

Pierluigi Paganini February 23, 2024
Microsoft released red teaming tool PyRIT for Generative AI

Microsoft has released an open-access automation framework, called PyRIT, to proactively identify risks in generative artificial intelligence (AI) systems. Microsoft has released a Python Risk Identification Tool for generative AI (PyRIT), it is an open-access automation framework to proactively find risks in generative AI systems. The tool aims at helping red teaming activity of AI systems, Microsoft […]

Pierluigi Paganini February 15, 2024
CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week. Microsoft released Patch Tuesday security updates for February 2024 that resolved a total of 72 vulnerabilities, […]

Pierluigi Paganini January 11, 2024
CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805, and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. Software firm […]

Pierluigi Paganini September 29, 2023
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a briefing by U.S. State Department IT officials, […]