Emotet malware now distributed in Microsoft OneNote files to evade defenses
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [...]
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [...]
Microsoft says it will provide developers with a new API that also asks Windows users for permission when pinning their apps to the taskbar, desktop, or the Start Menu. [...]
DDoS cyberattack campaigns from the pro-Russian group have spiked significantly.
Microsoft is working on a non-custodial built-in Ethereum crypto wallet for Microsoft Edge to allow users to send and receive cryptocurrency and NFTs. [...]
Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware
Organizations outside Ukraine could be targeted
Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment (WinRE). [...]
Microsoft has announced a new assistant powered by artificial intelligence to help boost productivity across Microsoft 365 apps, currently being tested by select commercial customers. [...]
In an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally. It seems, this isn't the first time either that a Microsoft support professional has employed such workarounds. [...]
Why patching matters: Everyone seemingly had a crack at security bug Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution.…
An unpatched Microsoft Web server allowed multiple cybersecurity threat groups to steal data from a federal civilian executive branch.
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]
Last year, a U.S. federal agency's Microsoft Internet Information Services (IIS) web server was hacked by exploiting a critical .NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component. [...]
Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.
They include one likely exploited by Russian-linked threat actors
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party Patch Tuesday Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix.…
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.