Microsoft | Breaking Cybersecurity News | The Hacker News

Process Explorer , a part of the Microsoft's Sysinternals suite of applications is an alternate task manager for Windows, which offers far more features than 'on-board'. Microsoft's Windows Sysinternal Suite has released the latest version of Process Explorer v16.0  that has an awesome feature which allows a user to scan any running program files with a web-based multi-antivirus scanner VirusTotal . Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal,  and if they have been previously scanned, it reports how many antivirus engines identified them as possibly malicious. This new version of 'Process Explorer' is better than ever before, and is quite fast that allows you to find unwanted malware  immediately and respective hyper-linked result takes you to VirusTotal.com's  detailed report page and there you can even submit more files for scanning. Whenever your system starts doing sluggish behavior

Downfall in the monopoly of propriety software like Microsoft and Apple accelerated after the Snowden revelations of NSA spying, where technology giants like Microsoft, Google, Apple are sharing a bed with the NSA. The UK government is again planning to ditch Microsoft for Open Source and Free alternatives. Cabinet Office minister Francis Maude announced yesterday that they are move away from Microsoft Office, towards open source softwares like  OpenOffice & LibreOffice suites, in an effort to drive down costs and foster greater innovation. UK has spent about £200 million in the last three years for Microsoft's ubiquitous software suite, but now this migration will save large revenue of the kingdom, according to The Guardian . The cabinet Office minister said, " We know the best technology and digital ideas often come from small businesses, but too often in the past they were excluded from government work. In the civil service there was a sense that if you hired a

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

In October 2013, Microsoft adopted a silent, offensive method to tackle infection due to a Tor-based botnet malware called ' Sefnit '. In an effort to takedown of the Sefnit botnet to protect windows users, Microsoft r emotely removes the older versions of installed Tor Browser software and infection from 2 Million systems, even without the knowledge of the system's owner. Last year in August, after Snowden revelations about the National Security Agency's ( NSA ) Spying programs, the Internet users were under fear of being spied. During the same time Tor Project leaders noticed almost 600% increase in the number of users over the anonymizing networks of Tor i.e. More than 600,000 users join Tor within few weeks. In September, researchers identified the major reason of increased Tor users i.e. A Tor-based botnet called ' Sefnit malware ', which was infecting millions of computers for click fraud and bitcoin mining. To achieve the maximum number

It could be the worst day ever for Microsoft's patch management and Incident response team. A group of pro-Syrian  hackers ' Syrian Electronic Army ' has successfully compromised the official Twitter account of the Microsoft News ( @MSFTNews ), Xbox Support. They also defaced the Microsoft's TechNet blog ( blogs.technet.com ), and posted deface not over the blog. Microsoft says the situation is under control and no customer data was compromised. It seems that hackers have more internal access to the mailer system of the Microsoft, as they shared a screenshots of the internal communications between Microsoft's Public relations team and Steve Clayton, who is the manager in charge of Microsoft's corporate media platforms.  Last week, the SEA hacked Skype's blog and official twitter page, to spread the information about the NSA spying i.e. " Hacked by Syrian Electronic Army.. Stop Spying! " and today we have seen similar tweets from the Microsoft's N

I am sure that you all have been familiar with the above shown annoying Window Operating System error messages that many times pop ups on your screen while working on the system in case of process failure i.e. " The system has recovered from a serious error. A log of this error has been created. Please tell Microsoft about this problem " The message that prompts ask the user to report the problem to Microsoft followed by the options to Send an error report or Not send . Most of the time Gentle users like you and me used to submit these error reports to aware the Microsoft about the problem. But What if these crash reports can be abused to identify the vulnerabilities of your system for Spying? NSA is intercepting wide range of Internet Traffic including many Encrypted connections and naturally unencrypted also and surprisingly, by default Microsoft encrypts its reports, but the messages are transmitted unencrypted or over standard HTTP connections to watson.microsoft.com .

Happy 2014.. We are back with first hacking story of the year - SKYPE " Stop Spying " . Yes Skype Got hacked last night by an infamous hacker group called the Syrian Electronic Army , a group that supports Syria's president and typically they publish pro-Syrian government messages, but its first time they are taking about PRIVACY . Syrian Hackers posted some messages on Skype's Twitter account i.e. " Stop Spying on People! via Syrian Electronic Army ," Next tweet reads, " Don't use Microsoft emails (hotmail, outlook), They are monitoring your accounts and selling it to the governments. " Syrian Electronic Army hackers also compromised Skype's Facebook page and a company blog hosted on Skype's website. A blog post published on the official Skype blog featured the headline, " Hacked by Syrian Electronic Army.. Stop Spying! ", which now has been deleted by Microsoft. Now it appeared that Skype regained the access to their accounts and dele

Microsoft has  released  11 Security Patch this Tuesday, including one for CVE-2013-5065  zero-day vulnerability, recently discovered Local privilege escalation vulnerability that could allow a hacker to launch an attack using corrupted TIFF images to take over victims' computers. FireEye researchers said they found the exploit in the wild being used alongside a PDF-based exploit against a patched Adobe Reader vulnerability. December's Patch Tuesday update bundle brings five bulletins ranked critical, including a patch for a vulnerability that could allow remote code execution in Internet Explorer and another remote code execution vulnerability in Office and Microsoft Server is also addressed. Other patches addressing remote code execution vulnerabilities in Lync, all versions of Office and Microsoft Exchange. All supported versions of Windows, from XP to RT and 8.1, are affected by at least one of the critical vulnerabilities. The Six Security bulletins rated important de

Microsoft today announced that its Digital Crimes Unit ( a center of excellence for advancing the global fight against cybercrime ) has successfully disrupted the ZeroAccess botnet, one of the world's largest and most rampant botnet .The Botnet is " disrupted ," not "fully destroyed" , Microsoft itself admits that " do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat. " This is the Microsoft's 8th botnet takedown operation in the past three years. With the help of U.S. Federal Bureau of Investigation  ( FBI ) and Europol's European Cybercrime Centre (EC3), Microsoft led to the seizure of servers that had been distributing malware which has infected nearly 2 million computers all over the world, and with that, ZeroAccess botnet's masters are earning more than $2.7 million every month. ZeroAccess was first identified in 2011 by Symanetc, being used for click fraud, the malware can also be used to illicitly mine the v

Researchers at FireEye have discovered a new privilege escalation vulnerability  in Windows XP and Windows Server 2003. CVE-2013-5065, Local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit ( CVE-2013-3346 ) that appears to target a patched vulnerability. Microsoft has issued an advisory and warned that discovered bug in Windows XP's  NDPROXY.SYS driver could allow hackers to run code in the system's kernel from a standard user account. The exploit could allow a standard user account to execute code in the kernel, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges. "Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003 ," Microsoft advised. Last April

Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few days after Microsoft revealed the Microsoft Zero-day CVE-2013-3906 , a Zero-day vulnerability in Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Microsoft graphics component zero-day vulnerability allows attackers to install a malware via infected Word documents and target Microsoft Office users running on Windows Vista and Windows Server 2008. Recently reported new Internet Explorer zero-day vulnerability detected by FireEye affects the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, but according the experts it can be easily changed to leverage other languages. Experts at FireEye conf

Microsoft has released advanced notification for the November 2013 security updates that are scheduled to be released on November 12, 2013. The company plans to deliver eight security bulletins for Windows 8.1, three of them are rated critical and five are important. But there's no relief in sight for a zero-day vulnerability ( CVE-2013-3906 ) in how Office handles .TIFF graphics files . The bulletins listed in Microsoft's advanced notification as critical are for remote code execution vulnerabilities in Windows operating system and the remaining vulnerabilities listed as important are said to be remote code execution, elevation of privilege, information disclosure and denial of service flaws affecting Windows operating system, as well as Microsoft Office. A malicious zero day attack capable of hijacking your PC via a vulnerability found in Windows, Office, and Lync is being exploited more widely than originally thought. Some new reports of the security resea

Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents. A Zero-day Remote code execution flaw, which has been dubbed CVE-2013-3906 , exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office users running Windows Vista and Windows Server 2008. " The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images ," it said in the post .  Vulnerability was reported to Microsoft by McAfee Labs senior security researcher Haifei Li. A successful infection can give an attacker complete control over a system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Currently the company is only aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting v

Microsoft today announced that they had paid more than $28,000 in rewards to Security Researchers for its first Bug Bounty program, that went on for a month during the preview release of Internet Explorer 11 (IE11). The program was designed to run during Internet Explorer 11's browser beta test on June 26 and went on till July 26. They said it would pay researchers up to $11,000 for each Internet Explorer 11 vulnerability they found. In July, the company announced that the first such bounty award was given to a current employee of Google, Ivan Fratric. Today Microsoft has released the names of all the people who the company said found vulnerabilities that qualified for a bounty and paid out $28k a total of six researchers for reporting 15 different bugs. J ames Forshaw, Context Security 4 Internet Explorer 11 Preview Bug Bounty - $4,400 1 Bonus for finding cool IE design vulnerabilities - $5,000 Jose Antonio Vazquez Gonzalez, Yenteasy - Security Research 5 Internet Explorer 11

Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft's Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye , at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation DeputyDog , appears to target manufacturers, government entities and media organizations in Japan. The compromised sites recorded more than 75,000 page views before the exploits were discovered. The zero-day vulnerability in IE 8 and 9 allows the stealthy installation of software in the users' computers which then can be remotely accessed by the hackers. The hackers typically use Trojans designed specifically for a pay-to-order attack to steal intellectual property. Researchers saw a payload executable file used against a Japanese target posing as an image file hosted on a Hong Kong server. The attack in Japan was discovered two days after Microsoft disclosed the flaw ," The ex

All supported versions of Internet Explorer are vulnerable to a zero-day Exploit that is currently being exploited in targeted attacks against IE 8 and IE 9, dubbed " CVE-2013-3893 MSHTML Shim Workaround ". Microsoft confirmed that the flaw was unknown before the attacks and that it is already working on an official patch, meantime Microsoft released an emergency software fix for Internet Explorer (IE) Web browser. Advisory noted that Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. Victims could be infected despite the adoption of all necessary countermeasures due the nature of the flaw previously unknown. The flaw that has been recently targeted by hackers during attacks is considerable serious and complicated to fix. State-sponsored hackin

This Tuesday, Microsoft will be releasing its September's Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Software, Microsoft Windows, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. The four critical bulletins affect Sharepoint, Outlook, Internet Explorer and XP and Windows 2003. Bulletien second will address a Remote Code Execution flaw in Microsoft Office that can be triggered simply by previewing an email in Outlook, even without explicitly opening the e-mail. The problem for users is that Outlook automatically displays the content of each email it previews. The remaining 10 bulletins are all rated important by Microsoft, four of them patch remote code execution flaws in Office, while three other privilege escalati

This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol . Microsoft's optional updates : Microsoft Security Advisory 2661254: The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks . Microsoft Security Advisory 2862973: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7 , Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate

Yeah, it's Patch Tuesday once again. Almost 10 years ago in October, 2003 - Microsoft  invented the process of regularly scheduled security updates on every second Tuesday of the Month, as  Patch Tuesday. Today, the Microsoft Security team will i ssue eight security updates in total, out of that -- three of which are designated as " critical ," and rest five as " Important " updates, that patches vulnerabilities in Microsoft Windows, Microsoft Server Software, and Internet Explorer. The eight bulletins that Microsoft is releasing fixes a total of 23 different vulnerabilities in Microsoft products. Microsoft will be rolling out a total of three Critical patches dealing with Remote Code Execution. Windows 8 is expected to get four of the updates, one of them is critical and dealing with Remote Code Execution with Internet Explorer 10, while the other three updates are Important and deal with Elevation of Privilege and Denial of Service . Windows RT i

Microsoft has warned that a vulnerability in Windows Phone operating systems could allow hackers to access your login credentials. The vulnerability resides in a Wi-Fi authentication scheme known as PEAP-MS-CHAPv2, which Windows Phones use to access wireless networks protected by version 2 of the Wi-Fi Protected Access protocol. Cryptographic weaknesses in the technology can allow attackers to gain access to users encrypted domain credentials. These credentials could potentially give the attackers access to sensitive corporate networks. The bulletin, advisory 2876146 , says: To exploit this issue, an attacker controlled system could pose as a known Wi-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim's encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's d

Yammer , is the Enterprise Social Network service that was launched in 2008 and sold to Microsoft in 2012. Yammer is a secure, private social network for your company. Yammer is used for private communication within organizations or between organizational members and pre-designated groups, making it an example of enterprise social software. Ateeq Khan,  Pakistani researcher from The Vulnerability Laboratory Research  team has discovered multiple critical Vulnerabilities in the Microsoft Yammer Social Network. An  OAuth bypass session token web vulnerability is detected in the official Microsoft Yammer Social Network online-service application. OAuth is an emerging authorization standard that is being adopted by a growing number of sites such as Twitter, Facebook, Google, Yahoo!, Netflix, Flickr, and several other Resource Providers and social networking sites. According to the advisory , The vulnerability allows remote attackers to bypass the token protecti