Stay informed with Security World Trend Now! Discover the latest security trends, technologies, and strategies to protect your data, networks, and digital identity. Get expert insights and practical advice for ensuring your online safety. Explore now!
Cybercrime Adaptation to Macroblockade: an Analysis of the Evolution of Strategies In February 2022, Microsoft implemented a decision to disable macros by default, which had long been a favored attack vector for cybercriminals, enabling the automation of malicious scripts in specific file types, and resulting in malware downloads in email phishing campaigns. The decision forced…
Microsoft Macroblocking and the Evolution of Malware Delivery Ever since Microsoft made a policy change by blocking Office macros by default, cybercriminals have been forced to evolve and find new ways of delivering malware. For a long time, attackers used malicious Microsoft Office macros to gain access to their target’s computers. This prompted Microsoft to…
Microsoft Enhances Security of MFA with “Number Matching” Feature Multi-factor authentication (MFA) is an essential security measure in identity and access management, but it is not infallible against attackers who use social engineering to bypass MFA controls. As a way to enhance the security of MFA, Microsoft is enforcing “number matching” for all users of…
## Cybersecurity risks increase with rapid IoT adoption The increasing adoption of Internet of Things/Operational Technology (IoT/OT) by organizations holds great promise for digital transformation. However, it has also increased the number of attack vectors and the exposure risk to organizations. According to a survey conducted by Microsoft and Ponemon, 60% of respondents recognize that…
Microsoft has addressed a severe vulnerability, CVE-2023-29324, that allowed attackers to bypass mitigations rolled out for a no-interaction Outlook zero-day, leading to credential theft. The issue was addressed as part of the May 2023 Patch Tuesday updates, which resolved the bypass of fixes released in March 2023 to resolve CVE-2023-23397. The previous critical Outlook flaw…
Microsoft‘s May 2023 Patch Tuesday updates include a cautious patch for a zero-day vulnerability that has been exploited in the wild. Black Lotus ransomware gang is among the cybercriminals that have used the vulnerability (CVE-2023-24932: Secure Boot Security Feature Bypass Vulnerability) to execute their attacks. This vulnerability impacts the Secure Boot feature, which protects the…
## Microsoft Patches High-Risk Flaws in Azure Cloud Platform On May 4th, the Ermetic Research Team reported the discovery of three high-risk vulnerabilities in the Azure API Management Service that could have allowed cybercriminals to access sensitive information on targeted services, deny access to servers, or scan internal networks to mount further attacks. These vulnerabilities…
Microsoft‘s May 2023 Security Update: A Lighter Volume with Two Actively Exploited Flaws Microsoft‘s latest security update in May 2023 is the smallest in volume since August 2021, with 49 new vulnerabilities addressed. However, two of these vulnerabilities are actively exploited, making it the fifth consecutive month that Microsoft has disclosed at least one zero-day…
Microsoft‘s May 2023 security update includes a patch for a vulnerability in Outlook that allows attackers to easily bypass a fix the company issued in March for a critical privilege-escalation bug in Outlook that attackers have already exploited (CVE-2023-23397). The March patch essentially prevented the Outlook client from making connections that would lead to coercion…
Microsoft‘s latest report, the “Digital Defense Report 2022,” sheds light on the most pressing cyber threats facing organizations today. One of the key findings in Part 1 of the report, “The State of Cybercrime,” is the growing trend of Cybercrime-as-a-service (CaaS), a thriving ecosystem that facilitates various cybercrimes, including human-operated ransomware and business email compromise…