Microsoft: RaaS attacks continue to evolve and expand
Microsoft has been tracking over 100 threat actors using 50 unique active ransomware families in attacks around the globe.
Microsoft
Microsoft January 2023 Security Updates addresses 98 vulnerabilities (11 rated Critical, 1 zero day)
The Microsoft January 2023 Security Updates includes patches and advisories for 98 vulnerabilities, including 11 Critical severity issues.
Microsoft report highlights Mac ransomware threats and techniques
Microsoft has released new details on Mac ransomware threats, techniques and provided guidance on how to protect networks and systems from ransomware attacks.
MCCrash botnet launches DDoS attacks against Minecraft servers
Microsoft researchers have detected a cross-platform botnet designed to infect Windows, Linux, and IoT devices. The botnet dubbed “MCCrash” then launches distributed denial of service (DDoS) attacks against private Minecraft servers.
‘Achilles’ vulnerability exploit bypasses macOS Gatekeeper
Microsoft researchers discovered a vulnerability dubbed “Achilles” in macOS that could allow attackers to bypass Apple’s Gatekeeper security feature designed to ensure that only trusted software runs on your Mac.
CISA adds 6 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include iOS, Microsoft, Fortinet, Citrix and Veeam vulnerabilities)
The Cybersecurity and Infrastructure Security Agency (CISA) has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include iOS, Microsoft, Fortinet, Citrix and Veeam vulnerabilities.
Rackspace suffers from security incident involving Hosted Exchange services
Cloud computing services company Rackspace has reported a security incident involving Hosted Exchange services.
Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA
The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.
Microsoft disables Basic authentication in Exchange Online to fight password spray attacks
Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.
CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Exchange and Atlassian flaws.