Security news aggregator

Latest coverage for Microsoft

Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.

26 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.

Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.

Showing 20 most recent headlines of 26 Filtered view

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season

That should solve the global cybercrime problem, right? Microsoft has taken down US-based infrastructure and websites used by a cybercrime group to sell fraudulent online accounts to other crooks including Scattered Spider, the infamous social-engineering and extortion crew that hacked two Las Vegas casinos over the summer.…

Business email compromise, illicit cryptomining, phishing ... if it makes a dollar, this lot do it Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise (BEC), phishing, large-scale spamming campaigns – and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft.…

Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting them millions of dollars in illicit revenue

Bank Info Security 2 years, 7 months ago

Microsoft Warns of OAuth Attacks Tied to Cryptomining

Microsoft Details OAuth Tactics, Says Losses Reached Up to $1.5M Per VictimHackers are exploiting OAuth applications to compromise user accounts, manipulate and confer elevated privileges, and set up cryptomining operations, which has cost some organizations up to $1.5 million in losses, according to Microsoft's Threat Intelligence team.

The Register 2 years, 7 months ago

Final Patch Tuesday of 2023 goes out with a bang

Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party It's the last Patch Tuesday of 2023, which calls for celebration – just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course.…

Krebs on Security 2 years, 7 months ago

Microsoft Patch Tuesday, December 2023 Edition

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known "zero-day" threats targeting any of the vulnerabilities in December's patch batch. Still, four of the updates pushed out today address "critical" vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.

Loading more headlines...