#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Microsoft | Breaking Cybersecurity News | The Hacker News

MS Office Built-in Feature Allows Malware Execution Without Macros Enabled

MS Office Built-in Feature Allows Malware Execution Without Macros Enabled
Oct 12, 2017
Since new forms of cybercrime are on the rise, traditional techniques seem to be shifting towards more clandestine that involve the exploitation of standard system tools and protocols, which are not always monitored. Security researchers at Cisco's Talos threat research group have discovered one such attack campaign spreading malware-equipped Microsoft Word documents that perform code execution on the targeted device without requiring Macros enabled or memory corruption. This Macro-less code execution in MSWord technique, described in detail on Monday by a pair of security researchers from Sensepost, Etienne Stalmans and Saif El-Sherei, which leverages a built-in feature of MS Office, called Dynamic Data Exchange (DDE), to perform code execution. Dynamic Data Exchange (DDE) protocol is one of the several methods that Microsoft allows two running applications to share the same data. The protocol can be used by applications for one-time data transfers and for continuous exc

Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter

 Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter
Oct 10, 2017
Microsoft today announced built-in support for Cortana—an artificial intelligence-powered smart assistant—in Skype messenger on Android as well as iOS devices. What purpose does it serve? Microsoft wants its AI-based smart assistance to understand your conversations and help you with quick suggestions, ideas and information right inside your chat window. "Cortana can also help you organize your day—no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled," Skype said in a blog post . In other words, it typically means — Microsoft's Cortana can now read your private Skype conversations. Should You Worry About Your Privacy? Yes, Cortana needs continuous monitoring of your private chats in order to come up with useful suggestions such as movie bookings, travel plans, nearby restaura

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Windows 10 to Give More Control Over App-level Permissions

Windows 10 to Give More Control Over App-level Permissions
Sep 14, 2017
Microsoft has been gradually changing its privacy settings in Windows 10 with the Fall Creators Update to give its users more controls over their data. In April, Microsoft addressed some initial privacy concerns in the Windows 10 Creators Update with simplified data collection levels—Security, Basic, Enhanced, and Full—and eventually revealed its data collection practices . Now, the software giant is making another privacy-related change with the upcoming Windows 10 Fall Creators Update, which is due for release in October 2017, giving you much more control over what apps can do with your device. Just like apps on your smartphone's app store, apps on Windows Store also require permission to access your computer's critical functionalities like camera, microphone, calendar, contacts, and music, pictures and video libraries. While Android and iOS allow you to limit an app's permissions to access these sensitive things, these permissions have currently been provided

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network

Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network
Aug 14, 2017
A growing number of enterprises are showing their interest in blockchains , but the underlying software fails to meet key enterprise requirements like performance, confidentiality, governance, and required processing power. However, Microsoft wants to help solve these issues and make it easier for the enterprises to build their networks using any distributed ledger. Microsoft has unveiled a framework called " Coco " — short for " Confidential Consortium " — a new open-source foundation for enterprise blockchain networks . Coco is an Ethereum-based protocol which has been designed to help commercial companies and large-scale enterprises process information on the Ethereum Blockchain with increased privacy. "Coco presents an alternative approach to Ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the inherent security and immutability they expect," Mark Russi

Microsoft Issues Security Patches for 25 Critical Vulnerabilities

Microsoft Issues Security Patches for 25 Critical Vulnerabilities
Aug 08, 2017
Here we go again… As part of its August Patch Tuesday, Microsoft has today released a large batch of 48 security updates for all supported versions Windows systems and other products. The latest security update addresses a range of vulnerabilities including 25 critical, 21 important and 2 moderate in severity. These vulnerabilities impact various versions of Microsoft's Windows operating systems, Internet Explorer, Microsoft Edge, Microsoft SharePoint, the Windows Subsystem for Linux, Adobe Flash Player, Windows Hyper-V and Microsoft SQL Server. CVE-2017-8620: Windows Search Remote Code Execution Vulnerability The most interesting and critical vulnerability of this month is Windows Search Remote Code Execution Vulnerability (CVE-2017-8620), affects all versions of Windows 7 and Windows 10, which could be used as a wormable attack like the one used in WannaCry ransomware , as it utilises the SMBv1 connection. An attacker could remotely exploit the vulnerability thro

Microsoft Is Paying Up To $250,000 With Its New Bug Bounty Program

 Microsoft Is Paying Up To $250,000 With Its New Bug Bounty Program
Jul 26, 2017
Microsoft has finally launched a new dedicated bug bounty program to encourage security researchers and bug hunters for finding and responsibly reporting vulnerabilities in its latest Windows versions of operating systems and software. Being the favourite target of hackers and cyber criminals, every single zero-day vulnerability in Windows OS—from critical remote code execution, mitigation bypass and elevation of privilege to design flaws—could cause a crisis like recent WannaCry and Petya Ransomware attacks. In past five years the tech giant has launched multiple time-limited bug bounty programs focused on various Windows features, and after seeing quite a bit of success, Microsoft has decided to continue. "Security is always changing, and we prioritise different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities." With its latest bu

How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group

How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group
Jul 21, 2017
What could be the best way to take over and disrupt cyber espionage campaigns? Hacking them back? Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups. It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by " Fancy Bear " hacking group by using the lawsuit as a tool — the tech company cleverly hijacked some of its servers with the help of law. Microsoft used its legal team last year to sue Fancy Bear in a federal court outside Washington DC, accusing the hacking group of computer intrusion, cybersquatting, and reserving several domain names that violate Microsoft's trademarks, according to a detailed report published  by the Daily Beast. Fancy Bear — also known as APT28, Sofacy, Sednit, and Pawn Storm — is a sophisticated hacking group that has been in operation since at least

Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

Critical Skype Bug Lets Hackers Remotely Execute Malicious Code
Jun 28, 2017
A critical vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could allow hackers to remotely execute malicious code and crash systems. Skype is a free online service that allows users to communicate with peers by voice, video, and instant messaging over the Internet. The service was acquired by Microsoft Corporation in May 2011 for US$8.5 Billion due to its worldwide popularity. Security researcher Benjamin Kunz-Mejri from Germany-based security firm Vulnerability Lab discovered the previously unknown stack buffer overflow vulnerability, which is documented in CVE-2017-9948 , in Skype Web's messaging and call service during a team conference call. The vulnerability is considered a high-security risk with a 7.2 CVSS score and affects Skype versions 7.2, 7.35, and 7.36 on Windows XP, Windows 7 and Windows 8, Mejri said in a public security disclosure published on Monday. "The issue can be exploi

Microsoft's Private Windows 10 Internal Builds and Partial Source Code Leaked Online

Microsoft's Private Windows 10 Internal Builds and Partial Source Code Leaked Online
Jun 24, 2017
A massive archive of Microsoft's top-secret Windows 10 builds, and the source codes for private software has been reportedly leaked online, which could lead to a nasty wave of Windows 10 exploits, journalist at the Reg claims. The Leaked files – uploaded on BetaArchive website – contains more than 32 terabytes of data, which includes many non-public Windows 10 and Windows Server 2016 builds created by Microsoft engineers for testing purpose. Interestingly, Windows 10 internal builds include private debugging symbols defined by the engineers usually to help other in-house developers understand how some specific codes in the operating system works and what functions it calls, the Register reports . Private debugging symbols reveal some sensitive in-depth knowledge about the operating system that could be used by exploit writers to find vulnerabilities. Moreover, the dump also contains Microsoft's Shared Source Kit , which includes source code for Windows 10 hardware

Two British Men Arrested For Hacking Microsoft

Two British Men Arrested For Hacking Microsoft
Jun 23, 2017
British police have arrested two men in the UK conspiring to hack into the computer networks of US tech giant Microsoft with plans to steal customers' data from the software giant. The suspects — 22-year-old from Sleaford and a 25-year-old from Bracknell — were arrested by the detectives from the Britain's South East Regional Organised Crime Unit (SEROCU) Thursday morning (22 June 2017). The UK authorities arrested them from their home in Lincolnshire and Bracknell and seized a number of devices after searching their home. While it is still unclear what systems were targeted, SEROCU believes the suspects are part of a larger international group that involved breaking into the Microsoft's network between January 2017 and March 2017 to scoop up the customer information. "This group is spread around the world and therefore the investigation is being coordinated with our various partners," Rob Bryant, detective sergeant SEROCU's Cyber Crime Unit said while

Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program

Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program
Jun 20, 2017
It seems Microsoft is planning to build its EMET anti-exploit tool into the kernel of Windows 10 Creator Update (also known as RedStone 3), which is expected to release in September/October 2017. So you may not have to separately download and install EMET in the upcoming version of the Windows 10. If true, this would be the second big change Microsoft is making in its Windows 10 Fall update after planning to remove SMBv1 to enhance its users security. EMET or Enhanced Mitigation Experience Toolkit, currently optional, is a free anti-exploit toolkit for Microsoft's Windows operating systems designed to boost the security of your computer against complex threats such as zero-day vulnerabilities. " EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software ," Microsoft site reads. Basically EMET detects and prevents buffer overflows and memory corruption vulnerabilities,

Microsoft to Remove SMBv1 Protocol in Next Windows 10 Version (RedStone 3)

Microsoft to Remove SMBv1 Protocol in Next Windows 10 Version (RedStone 3)
Jun 20, 2017
The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update. The SMBv1 is one of the internet's most ancient networking protocols that allows the operating systems and applications to read and write data to a system and a system to request services from a server. The WannaCry ransomware , which wreaked havoc last month, was also leveraging an NSA's Windows SMB exploit, dubbed EternalBlue , leaked by the Shadow Brokers in its April data dump. The WannaCry ransomware menace shut down hospitals , telecommunication providers, and many businesses worldwide, infecting hundreds of thousands of unpatched Windows servers running SMBv1 in more than 150 countries within just 72 hours on 12th of May. Although Microsoft patched the vulnerability in SMBv1 in March in MS17-010 , the company meanwhile strongly advised us

Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month

Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month
Jun 14, 2017
As part of June's Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month's patch release also includes emergency patches for unsupported versions of Windows platform the company no longer officially supports to fix three Windows hacking exploits leaked by the Shadow Brokers in the April's data dump of NSA hacking arsenal . The June 2017 Patch Tuesday brings patches for several remote code execution flaws in Windows, Office, and Edge, which could be exploited remotely by hackers to take complete control over vulnerable machines with little or no interaction from the user. While two of the vulnerabilities have been exploited in live attacks, another three flaws have publicly available proof-of-concept (POC) exploits that anyone could use to target Windows users. Vulnerabilities Under Active Attack The two vul

Microsoft Releases Patches for 3 Remaining NSA Windows Exploits

Microsoft Releases Patches for 3 Remaining NSA Windows Exploits
Jun 14, 2017
Did you know… last month's widespread WannaCry ransomware attack forced Microsoft to release security updates against EternalBlue SMB exploit for unsupported versions of Windows, but the company left other three Windows zero-day exploits unpatched? For those unaware, EternalBlue is a Windows SMB flaw that was leaked by the Shadow Brokers in April and then abused by the WannaCry ransomware to infect nearly 300,000 computers in more than 150 countries within just 72 hours on 12th of May. Shortly after WannaCry outbreak, we reported that three unpatched Windows exploits , codenamed " EsteemAudit, " " ExplodingCan ," and " EnglishmanDentist ," were also being exploited by individuals and state-sponsored hackers in the wild. Specially EsteemAudit , one of the dangerous Windows hacking tool that targets remote desktop protocol (RDP) service on Microsoft Windows Server 2003 and Windows XP machines, while ExplodingCan exploits bugs in IIS 6.0 and E

First-Ever Data Stealing Malware Found Using Intel AMT Tool to Bypass Firewall

First-Ever Data Stealing Malware Found Using Intel AMT Tool to Bypass Firewall
Jun 09, 2017
It's not hard for a well-funded state-sponsored hacking group to break into corporate networks and compromise systems with malware, but what's challenging for them is to keep that backdoor and its communication undetectable from a firewall and other network monitoring applications. However, a cyber-espionage group known as " Platinum ," that is actively targeting governmental organisations, defense institutes, and telecommunication providers since at least 2009, has found a way to hide its malicious activities from host-based protection mechanisms. Microsoft has recently discovered that the cyber-espionage group is now leveraging Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) channel as a file-transfer tool to steal data from the targeted computers without detection. Intel-based chip sets come with an embedded technology, called AMT, which is designed to allow IT administrators to remotely manage and repair PCs, workstations, and serve

Kaspersky Accuses Microsoft of Unfairly Disabling its Antivirus in Windows 10

Kaspersky Accuses Microsoft of Unfairly Disabling its Antivirus in Windows 10
Jun 07, 2017
Russian antivirus vendor Kaspersky Lab is so upset with US software giant Microsoft that the security firm has filed more antitrust complaints against the company. The antivirus firm initially filed a lawsuit late last year against Microsoft with Russian Federal Anti-monopoly Service (FAS) over alleged abuse of Microsoft's dominant position in the desktop market to push its own antivirus software with Windows 10 and unfair competition in the market. Microsoft ships Windows 10 with its own security software Windows Defender, which comes enabled it by default with the operating system. While Microsoft has made some changes in Windows Defender since the initial complaint, Kaspersky Lab is not satisfied with the changes, filing more antitrust complaints against the software giant, this time with the European Commission and the German Federal Cartel Office. Kaspersky Accuses Microsoft of Unfair Competitive Practices The antivirus firm told European antitrust regulators that Mi

Newly Found Malware Uses 7 NSA Hacking Tools, Where WannaCry Uses 2

Newly Found Malware Uses 7 NSA Hacking Tools, Where WannaCry Uses 2
May 22, 2017
A security researcher has identified a new strain of malware that also spreads itself by exploiting flaws in Windows SMB file sharing protocol, but unlike the WannaCry Ransomware that uses only two leaked NSA hacking tools , it exploits all the seven. Last week, we warned you about multiple hacking groups exploiting leaked NSA hacking tools, but almost all of them were making use of only two tools: EternalBlue and DoublePulsar. Now, Miroslav Stampar, a security researcher who created famous 'sqlmap' tool and now a member of the Croatian Government CERT, has discovered a new network worm, dubbed EternalRocks , which is more dangerous than WannaCry and has no kill-switch in it. Unlike WannaCry, EternalRocks seems to be designed to function secretly in order to ensure that it remains undetectable on the affected system. However, Stampar learned of EternalRocks after it infected his SMB honeypot . The NSA exploits used by EternalRocks, which Stampar called " Do

Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)

Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)
May 13, 2017
Update —  After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article " WannaCry Ransomware: Everything You Need To Know Immediately . "  In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft just took an unusual step to protect its customers with out-of-date computers. Also Read —   Google Researcher Finds Link Between WannaCry Attacks and North Korea . Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions. So, if your organization, for some reason, is still running on Windows XP or Vista, you are strongly advised to download and APPLY PATCH NOW ! WannaCrypt , or also known as WannaCry, is a new ransomware that wreaked havoc across the wo
Cybersecurity Resources