October 2018 Patch Tuesday – #Microsoft releases security patches for a total 49 vulnerabilities, 12 of which are critical in severity.

https://thehackernews.com/2018/10/microsoft-windows-update.html

Details of 3 flaws were publicly disclosed, and one is under active attack.

WARNING! All versions of #Microsoft Windows (7, 8.1, 10, Server 2008, 2012, 2016, 2019) operating systems contain 2 new font parsing library RCE vulnerabilities that are:


—CRITICAL

—UNPATCHED

—Under active ZERO-DAY attacks


No patch available, so all Windows users are highly recommended to immediately apply workarounds (mentioned in the article) to reduce the risk of getting hacked.


Details ➤ https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html

WARNING!

[New] Experts today uncovered an ongoing cyberattack campaign wherein hackers are compromising over 2000 #Microsoft SQL Servers every day to install secret backdoors or deploy malware, like cryptocurrency miners.

Details ➤ https://thehackernews.com/2020/04/backdoor-.html

⚠️ WARNING : "A sophisticated threat actor" compromised the digital certificate 'Mimecast' provided to certain customers to connect its products securely with cloud-based #Microsoft 365 Exchange.

Read details here: https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html

Black Kingdom ransomware is hunting unpatched #Microsoft Exchange servers affected by ProxyLogon vulnerabilities.

Read: https://thehackernews.com/2021/03/black-kingdom-ransomware-hunting.html

Researchers are warning of four vulnerabilities in #Microsoft's Office suite—one of which will be patched today—that hackers can exploit in Word and Excel documents to inject malicious code.

Details: https://thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html

Israeli firm Candiru is embroiled in a scandal for selling 0-day exploits to governments & helping them spy on 100s of dissidents, journalists, activists & politicians globally.

Details: https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html

...including, 2 Windows flaws that #Microsoft patched this week.

Chinese cyberespionage group PKPLUG deployed a previously undocumented variant of PlugX RAT on compromised systems during the recent wave of attacks on #Microsoft Exchange servers.

Read details: https://thehackernews.com/2021/07/chinese-hackers-implant-plugx-variant.html

A vulnerability (CVE-2022-29972) in #Microsoft Azure Synapse and Azure Data Factory could have led to remote code execution attacks, allowing attackers to gain control of other Synapse workspaces and leak sensitive data, including Azure service keys and API tokens, as well as passwords for other services.

Read: https://thehackernews.com/2022/05/microsoft-mitigates-rce-vulnerability.html

In an ongoing malware campaign baiting with fake job offers, attackers are exploiting a known vulnerability in #Microsoft Office to install Cobalt Strike beacons on compromised computers.

Read: https://thehackernews.com/2022/09/new-malware-campaign-targeting-job.html

🛑 A new DarkGate malware campaign uses a recently patched #Microsoft Windows flaw (CVE-2024-21412) to deploy malicious software via bogus installers.

Learn more: https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html

Threat actors like APT28, REF2924, and Red Stinger are weaponizing #Microsoft Graph API to evade detection and communicate with their command-and-control infrastructure hosted on Microsoft cloud services.

Read: https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html

🚨 Cyber Alert: #Microsoft highlights Morocco-based Storm-0539, stealing up to $100,000/day in gift card fraud.

🔗 Discover the full story: https://thehackernews.com/2024/05/moroccan-cybercrime-group-steals-up-to.html

⚠️ Attention IT Pros!

#Microsoft reveals critical vulnerabilities in Rockwell Automation PanelView Plus. Unauthenticated attackers could exploit these to execute code remotely or trigger DoS attacks.

Read: https://thehackernews.com/2024/07/microsoft-uncovers-critical-flaws-in.html

New APT group CloudSorcerer targets Russian govt entities using #Microsoft Graph, Yandex Cloud, & Dropbox for C2, with GitHub as an initial C2 server, adapting its behavior dynamically based on host processes like mspaint.exe.

Learn more: https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html

A critical security flaw in #Microsoft's Copilot Studio, tracked as CVE-2024-38206, has been disclosed, potentially exposing sensitive information.

Learn more: https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html

A critical zero-day vulnerability in Google Chrome has been exploited by North Korean actors to deploy the FudModule rootkit.

#Microsoft links the attack to a Lazarus Group subgroup, notorious for advanced cyber campaigns.

https://thehackernews.com/2024/08/north-korean-hackers-deploy-fudmodule.html

#Microsoft’s September Patch Tuesday addresses 79 vulnerabilities, including 7 critical ones, with 3 under active attack. CVE-2024-43491 (CVSS 9.8) is a major threat with remote code execution risk.

Details here: https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html

Patch your systems immediately!

The U.S. Department of Justice and #Microsoft have seized 107 domains used by Russia-linked COLDRIVER hackers to launch phishing attacks, frequently targeting experts in Russian affairs, #privacy advocates, and intelligence officials.

Read: https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html

⚡ 35,000 DDoS attacks in one year—Anonymous Sudan orchestrated this by running a DDoS botnet-for-hire.

Two Sudanese brothers face charges for targeting critical infrastructure and major companies, including #Microsoft, worldwide.

Read: https://thehackernews.com/2024/10/us-charges-two-sudanese-brothers-for.html