Malware now using NVIDIA's stolen code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. [...]
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. [...]
70k staff email addresses and NTLM password hashes also dumped online An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems.…
Vade's annual phishing report reveals a sharp rise in Facebook phishing and growing sophistication in Microsoft phishing attacks.
Microsoft announced it will stop all new sales of services and products in Russia in response to Russia's "unjustified, unprovoked and unlawful invasion" of Ukraine. [...]
A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.
Microsoft reminded enterprise customers this week that App Assure engineers are ready to help resolve any app compatibility issues encountered after upgrading to Windows 11. [...]
We can still hear the echoes of the launch fanfare from 2020 Microsoft's attempt to put its homegrown Pluton security processor architecture into third-party Windows 11 PCs is right now more work-in-progress than the slam dunk its publicity would have you believe.…
While Apple halts all sales in Russia, Visa and Mastercard block banks The disk-wiping malware that tore through at least hundreds of Ukrainian Windows systems at the start of Russia's occupation wasn't alone. Slovakian infosec firm ESET has found a second similar strain in Ukraine.…
While Apple halts all sales in Russia, Visa and Mastercard block banks The disk-wiping malware that tore through at least hundreds of Ukrainian Windows systems at the start of Russia's occupation wasn't alone. Slovakian infosec firm ESET has found a second similar strain in Ukraine.…
Microsoft has started rolling out its new endpoint security solution for small and medium-sized businesses (SMBs) known as Microsoft Defender for Business to Microsoft 365 Business Premium customers worldwide starting today, March 1st. [...]
Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week.
Microsoft shared info on a now-fixed known issue leading to Local Security Authority Subsystem Service (LSASS) crashes and Windows Server domain controller. [...]
Malicious emails warning Microsoft users of "unusual sign-on activity" from Russia are looking to capitalizing on the Ukrainian crisis.
Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week
Windows giant says it detected 'destructive cyberattacks', DDoS malware aimed at now occupied nation Microsoft is decrying what it calls the "tragic, unlawful and unjustified invasion of Ukraine" by Russia, and vowed to continue protecting the country from cyberattacks and state-sponsored disinformation campaigns.…
Microsoft said that Ukrainian networks were targeted with recently found malware several hours before Russia's invasion of Ukraine on February 24th. [...]
Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th. [...]