Microsoft | Breaking Cybersecurity News | The Hacker News

Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. This month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity. In a nutshell, your Windows computer can be hacked if you: Play a video file — thanks to flaws in Microsoft Media Foundation and Windows Codecs Listen to audio — thanks to bugs affecting Windows Media Audio Codec Browser a website — thanks to 'all time buggy' Internet Explorer Edit an HTML page — thanks to an MSHTML Engine flaw Read a PDF — thanks to a loophole in Microsoft Edge PDF Reader Receive an email message — thanks to yet another bug in Microsoft Outlook But don't worry, you don't need to stop using your computer or without Windows OS on it. All you need to do is click on the Start Menu → open Settings → click Security

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta , is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits , and other stealthy malware techniques such as process hiding . The project is named after Warsaw's Freta Street , the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I. "Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every us

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July. That's likely because both flaws reside in the Windows Codecs Library , an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet. For those unaware, Codecs is a collection of support libraries that help the Windows operating system to play, compress and decompress various audio and video file extensions. The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457 , are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer. According to Microsoft, both remote code executi

It's April 2020 Patch Tuesday , and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of software security updates for all supported versions of its Windows operating systems and other products that patch a total of 113 new security vulnerabilities, 17 of which are critical and 96 rated important in severity. Patches for 4 Zero-Days Exploited In the Wild Most importantly, two of the security flaws have been reported as being publicly known at the time of release, and the 3 are being actively exploited in the wild by hackers. One of the publicly disclosed flaws, which was also exploited as zero-day, resides in the Adobe Font Manager Library used by Windows, the existence of which Microsoft revealed last month within an early security warning for its millions of users. Tracked as CVE-2020-10

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio — that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. However, unlike last month , none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release. It's worth highlighting that the patch addresses critical flaws that could be potentially exploited by bad actors to execute malicious code by specially crafted LNK files and word documents. Titled "LNK Remote Code Execution Vulnerability" ( CVE-2020

Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving international police and private tech companies across 35 countries. The operation was conducted successfully after researchers successfully broke the domain generation algorithm (DGA) implemented by the Necurs malware, which helped it remain resilient for a long time. DGA is basically a technique to unpredictably generate new domain names at regular intervals, helping malware authors to continuously switch the location of C&C servers and maintain undisrupted digital communication with the infected machines. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective r

Almost within a year after releasing Microsoft Defender Advanced Threat Protection (ATP) for macOS computers , Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian. If this news hasn't gotten you excited yet... Microsoft is also planning to soon release Defender ATP anti-malware apps for smartphones and other devices running Google's Android and Apple's iOS mobile operating systems. "We know our customers' environments are complex and heterogeneous. Providing comprehensive protection across multiple platforms through a single solution and streamlined view is more important than ever," the company said . "Next week at the RSA Conference, we'll provide a preview of our investments in mobile threat defense with the work we're doing to bring our solutions to Android and iOS." I am sure you might have heard this many times that 'Linux doesn&#

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes. According to a report researchers shared with The Hacker News, the first security vulnerability ( CVE-2019-1234 ) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft. If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn't matter if they're running on a shared, dedicated or isolated vir

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers. According to Bob Diachenko, a cybersecurity researcher who spotted the unprotected database and reported to Microsoft, the logs contained records spanning from 2005 right through to December 2019. In a blog post, Microsoft confirmed that due to misconfigured security rules added to the server in question on December 5, 2019, enabled exposure of the data, which remained the same until engineers remediated the configuration on December 31, 2019. Microsoft also said that the database was redacted using automated tools to remove the personally identifiable info

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 moderate, and one is low in severity—brief information on which you can find later in this article. Tracked as CVE-2019-1458 and rated as Important, the newly patched zero-day Win32k privilege escalation vulnerability, reported by Kaspersky, was used in Operation WizardOpium attacks to gain higher privileges on targeted systems by escaping the Chrome sandbox. Although Google addressed the flaw in Chrome 78.0.3904.87 with the release of an emergency update last month after Kaspersky disclosed it to the tech giant, hackers are still targeting users who are using vulnerable versions of th

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to heal. Many countries, including the largest democracy in the world i.e., India, believe the best way to ensure the security of EVMs is to make its technology opaque to bad actors, but in recent years a large section of the population is losing trust in any system that has been certified by a closed group of experts only. To make a balance between transparency and security, in May 2019, Microsoft released a free, open-source software development kit (SDK) called ElectionGuard that aims to enable end-to-end verification of voting. Microsoft's ElectionGuard SDK can be integra

Microsoft today rolling out its October 2019 Patch Tuesday security updates to fix a total of 59 vulnerabilities in Windows operating systems and related software, 9 of which are rated as critical, 49 are important, and one is moderate in severity. What's good about this month's patch update is that after a very long time, none of the security vulnerabilities patched by the tech giant this month is being listed as publicly known or under active attack. Moreover, there is no roll-up patch for Adobe Flash Player bundled in Windows update for this month. Besides this, Microsoft has also put up a notice as a reminder for Windows 7 and Windows Server 2008 R2 users, warning them that the extended support for these two operating systems is about to end in the next two months and that they will no longer receive updates as of January 14, 2020. Two of the critical vulnerabilities patched this month are remote code execution flaws in the VBScript engine, and both exist in the way VBS

Watch out Windows users! There's a new strain of malware making rounds on the Internet that has already infected thousands of computers worldwide and most likely, your antivirus program would not be able to detect it. Why? That's because, first, it's an advanced fileless malware and second, it leverages only legitimate built-in system utilities and third-party tools to extend its functionality and compromise computers, rather than using any malicious piece of code. The technique of bringing its own legitimate tools is effective and has rarely been spotted in the wild, helping attackers to blend in their malicious activities with regular network activity or system administration tasks while leaving fewer footprints. Independently discovered by cybersecurity researchers at Microsoft and Cisco Talos, the malware — dubbed " Nodersok " and " Divergent " — is primarily being distributed via malicious online advertisements and infecting users using

Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162 , by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC). A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10. The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher privileged application. MSCTF is a module in Text Services Framework (TSF) of the Windows operating system that manages things like input methods, keyboard layouts, text processing, and speech recognition. In a nutshell, when you log in to your Windows machine, it starts a CTF monitor service that works as a central manager to handle communications between all c

Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Exchange Server. Details of 6 security vulnerabilities, all rated important, were made public before a patch was released, none of which were found being exploited in the wild. However, two new privilege escalation vulnerabilities, one affects all supported versions of the Windows operating system, and the other affects Windows 7 and Server 2008, have been reported as being actively exploited in the wild. Both actively exploited vulnerabilities lead to elevation of privilege, one (CVE-2019-1132)

After Adobe , the technology giant Microsoft today—on June 2019 Patch Tuesday—also released its monthly batch of software security updates for various supported versions of Windows operating systems and other Microsoft products. This month's security updates include patches for a total of 88 vulnerabilities, 21 are rated Critical, 66 are Important, and one is rated Moderate in severity. The June 2019 updates include patches Windows OS, Internet Explorer, Microsoft Edge browser, Microsoft Office and Services, ChakraCore, Skype for Business, Microsoft Lync, Microsoft Exchange Server, and Azure. Four of the security vulnerabilities, all rated important and could allow attackers to escalate privileges, patched by the tech giant this month were disclosed publicly, of which none were found exploited in the wild. Unpatched Issue Reported by Google Researcher However, Microsoft failed to patch a minor flaw in SymCrypt , a core cryptographic function library currently used by

Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10 , the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task Scheduler utility, SandboxEscaper claimed to have discovered four more zero-day bugs, exploits for two has now been publicly released. AngryPolarBearBug2 Windows Bug One of the latest Microsoft zero-day vulnerabilities resides in the Windows Error Reporting service that can be exploited using a discretionary access control list (DACL) operation—a mechanism that identifies users and groups that are assigned or denied access permissions to a securable object. Upon successful exploitation, an attacker can del

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal and access information related to some email accounts registered with the company's Outlook service. Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019. Another user on Reddit also confirmed that he/she too received the same email from Microsoft. According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft's customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not