Tag: Microsoft

18 Apr

Introducing Microsoft’s Cyber Security Assistant Powered by AI Technology

Microsoft Unveils 'Security Copilot' Tool to Boost Cybersecurity Efforts. Microsoft has launched a new tool designed to help cyber security professionals detect and identify breaches and threat signals more efficiently. Called 'Security Copilot', the tool is powered by OpenAI's latest GPT-4 generative artificial intelligence model. Its primary function is to aid security analysts in tasks such as summarising incidents, analysing vulnerabilities, and sharing information with colleagues...

12 Apr

Two Exploited Bugs Addressed in Microsoft’s Latest Patches

in Cyber Security, Cybersecurity

Comments

Microsoft Releases 76 Fixes in Latest Patch Tuesday Collection. Microsoft has released a collection of 76 fixes for various vulnerabilities as part of its Patch Tuesday update. Of these, two bugs are currently under active exploitation. One of the bugs, CVE-2023-23415, appears to be a “ping of death” and is an ICMP remote code execution (RCE) vulnerability with a CVSS score of 9.8. Attackers can exploit this...

09 Apr

Shein’s Android Application Found Sending Clipboard Data to External Servers

in Cyber Security, Cybersecurity

Comments

Chinese online fashion retailer, Shein, has been found to have had a bug in an older version of its Android application that periodically captured and transmitted clipboard contents to a remote server. The issue was discovered by the Microsoft 365 Defender Research Team in version 7.9.2 of the app, which was released on December 16, 2021. The issue has since been addressed as of May...

07 Apr

A New Threat Using Facebook Ads to Target Critical Infrastructure Firms: SYS01stealer

in Cyber Security, Cybersecurity

Comments

A new information stealer called SYS01stealer has been discovered by cybersecurity researchers, targeting critical government infrastructure employees, manufacturing companies, and other sectors. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information. The Israeli cybersecurity company Morphisec reported that the campaign was initially tied to a financially motivated cybercriminal operation dubbed Ducktail by Zscaler. However, WithSecure, which...

23 Mar

BlackLotus Malware Successfully Bypasses Secure Boot on Windows 11, Becoming First UEFI Bootkit

in Cyber Security, Cybersecurity

Comments

Today marks a significant milestone in the cyber threat landscape, as the first publicly known malware capable of bypassing Secure Boot defenses has been discovered. Dubbed BlackLotus, the stealthy Unified Extensible Firmware Interface (UEFI) bootkit is being offered for sale at $5,000 and is programmed in Assembly and C. According to ESET, a Slovak cybersecurity company, BlackLotus is capable of running on fully up-to-date Windows 11...

23 Feb

China-Linked Cyber Espionage Group Targeting South American Nations

in Advanced Persistent Threats, Cyber Security, Cyberattacks, Cybersecurity, Remote Access Security

Comments

China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team.

The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday.

DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance...

18 Feb

The Rising Risks of Cryptocurrency Use: Exploring Enigma, Vector, and TgToxic

in Cyber Security, Cybersecurity

Comments

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts.The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar...

15 Feb

Pakistan Targeted by Malicious Campaign from NewsPenguin Threat Actor

in Cyber Security, Cybersecurity

Comments

A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for PIMEC-23," the BlackBerry Research and Intelligence Team said.PIMEC, short for...

Microsoft Tag

Introducing Microsoft’s Cyber Security Assistant Powered by AI Technology

Two Exploited Bugs Addressed in Microsoft’s Latest Patches

Shein’s Android Application Found Sending Clipboard Data to External Servers

A New Threat Using Facebook Ads to Target Critical Infrastructure Firms: SYS01stealer

BlackLotus Malware Successfully Bypasses Secure Boot on Windows 11, Becoming First UEFI Bootkit

China-Linked Cyber Espionage Group Targeting South American Nations

Pakistan Targeted by Malicious Campaign from NewsPenguin Threat Actor

Cloud Backup Feature for TOTP Codes Now Available on Google Authenticator App

Accounts left vulnerable to permanent compromise due to Google OAuth bug

How Fancy Bear Infected Routers Using an Old SNMP Bug

AI-generated YouTube videos used to distribute difficult-to-detect malware loader

Navigation

Connect with us on social