Microsoft Archives - Page 3 of 23

Pierluigi Paganini April 14, 2022

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Microsoft’s Digital Crimes Unit (DCU) announced to have shut down dozens C2 servers used by the infamous ZLoader botnet. Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. The IT giant obtained a court order that allowed it to sinkhole 65 domains used by […]

Pierluigi Paganini April 08, 2022

Microsoft disrupted APT28 attacks on Ukraine through a court order

Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 […]

Pierluigi Paganini March 23, 2022

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source code of some projects. Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source code of some projects. Yesterday the cybercrime gang leaked 37GB of source code stolen from […]

Pierluigi Paganini March 22, 2022

Lapsus$ extortion gang leaked the source code for some Microsoft projects

The Lapsus$ extortion group claims to have hacked Microsoft ‘s internal Azure DevOps server and leaked the source code for some projects. Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. On Sunday, the Lapsus$ gang announced to have compromised Microsoft’s Azure DevOps […]

Pierluigi Paganini March 21, 2022

Lapsus$ gang claims to have hacked Microsoft source code repositories

Microsoft is investigating claims that the Lapsus$ hacking group breached its internal Azure DevOps source code repositories. Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Over the last months, the gang compromised other prominent companies such as NVIDIA, Samsung, Ubisoft, Mercado […]

Pierluigi Paganini February 07, 2022

Microsoft disables the ms-appinstaller protocol because it was abused to spread malware

Microsoft temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. Microsoft announced to have temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. In December, Microsoft addressed a vulnerability, tracked as CVE-2021-43890, in AppX installer that affects Microsoft Windows which is under active exploitation. “We have […]

Pierluigi Paganini December 23, 2021

Three trivial bugs in Microsoft Teams Software remain unpatched

Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from cybersecurity firm Positive Security discovered four vulnerabilities in the Teams business communication software that could allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address, and triggering a […]

Pierluigi Paganini December 23, 2021

A flaw in Microsoft Azure App Service exposes customer source code

A vulnerability in the Microsoft Azure App Service led to the exposure of customer source code for at least four years. Early this month, Microsoft has notified a small group of Azure customers that have been impacted by a recently discovered bug, dubbed NotLegit, that exposed the source code of their Azure web apps since at […]

Pierluigi Paganini December 15, 2021

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. Microsoft December 2021 Patch Tuesday addressed 67 vulnerabilities in Microsoft Windows and Windows Components, ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, […]

Pierluigi Paganini November 23, 2021

Malware are already attempting to exploit new Windows Installer zero-day

Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a […]

Microsoft

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Microsoft disrupted APT28 attacks on Ukraine through a court order

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Lapsus$ gang claims to have hacked Microsoft source code repositories

Microsoft disables the ms-appinstaller protocol because it was abused to spread malware

Three trivial bugs in Microsoft Teams Software remain unpatched

A flaw in Microsoft Azure App Service exposes customer source code

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

Malware are already attempting to exploit new Windows Installer zero-day

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

Wing FTP Server flaw actively exploited shortly after technical details were made public

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

McDonald’s job app exposes data of 64 Million applicants

QUICK LINKS

Microsoft

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!