HackDig : Dig high-quality web security articles

Microsoft illegally collected and retained children's data, says FTC

Microsoft is counting the cost of privacy violations, with $20m in fines related to illegal data collection from children’s Xbox accounts. The Xbox manufacturer has reached a settlement with the Federal Trade Commision (FTC), a result which promises to have other console developers looking closely at their privacy policies. The FTC’s release
Publish At:2023-06-07 22:03 | Read:41033 | Comments:0 | Tags:Personal Microsoft Xbox privacy children COPPA FTC fine sett

Update now! May 2023 Patch Tuesday tackles three zero-days

It’s that time of the month again: We're looking at May's Patch Tuesday roundup. Microsoft has released its monthly update, and while the total number of patched vulnerabilities is relatively low at 38, among them are three zero-day vulnerabilities. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exp
Publish At:2023-05-10 22:02 | Read:151473 | Comments:0 | Tags:Exploits and vulnerabilities News Microsoft CVE-2023-29336 C

Microsoft vs Google spat sees users rolling back security updates to fix browser issues

We like to imagine we’re in total control of our desktop experience, carefully curated to look and work the way we want it to. However, every so often a story comes along which reminds us how little control we have when the big players notice one another's existence. A recent Windows update really wants you to use Edge instead of rival browsers, to the
Publish At:2023-05-06 22:02 | Read:158074 | Comments:0 | Tags:News Chrome Windows Edge browser update Microsoft default in

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linu
Publish At:2023-04-20 21:31 | Read:233271 | Comments:0 | Tags:A Little Sunshine Latest Warnings Ne'er-Do-Well News The Com

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures (TTPs). Specifically, this subset has rapidly weaponized N-day vulnerabilities in common enterprise applications and conducted highly-targeted phishing campa
Publish At:2023-04-18 13:15 | Read:279841 | Comments:0 | Tags:Cybersecurity Microsoft Microsoft security intelligence Mint

Update now! April’s Patch Tuesday includes a fix for one zero-day

It’s Patch Tuesday again. Microsoft and other vendors have released their monthly updates. Among a total of 97 patched vulnerabilities there is one actively exploited zero-day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. The Common Vulnerabilities and Exposures (CV
Publish At:2023-04-12 22:01 | Read:216919 | Comments:0 | Tags:Exploits and vulnerabilities News Microsoft Apple Google Ado

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Sou

Microsoft Threat Intelligence analysts assess with high confidence that a threat group tracked by Microsoft as DEV-0196 is linked to an Israel-based private sector offensive actor (PSOA) known as QuaDream. QuaDream reportedly sells a platform they call REIGN to governments for law enforcement purposes. REIGN is a suite of exploits, malware, and infrastructur
Publish At:2023-04-11 13:15 | Read:215457 | Comments:0 | Tags:Cybersecurity Microsoft Microsoft security intelligence Mobi

MERCURY and DEV-1084: Destructive attack on hybrid environment

Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the u
Publish At:2023-04-07 13:15 | Read:359844 | Comments:0 | Tags:Cybersecurity MERCURY Microsoft Microsoft security intellige

DevOps threat matrix

The use of DevOps practices, which enable organizations to deliver software more quickly and efficiently, has been on the rise. This agile approach minimizes the time-to-market of new features and bug fixes. More and more companies are implementing DevOps services, each with its own infrastructure and emphasis on distinctive features. As the use of these
Publish At:2023-04-06 13:15 | Read:261325 | Comments:0 | Tags:Cybersecurity Microsoft Microsoft security intelligence Secu

New Generation of Phishing Hides Behind Trusted Services

The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible. Phishing tactics have evolved
Publish At:2023-04-04 11:48 | Read:303837 | Comments:0 | Tags:Cloud Security Risk Management Amazon AWS Cloud Cybercrimina

Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer

Researchers at Orca Security disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. The vulnerability was reported to the Microsoft Security Response Center (MSRC) with responsible disclosure and was included by Microsoft in their March 2023 Patch Tuesday round. The Common Vulnerabilities and Exposures (CVE) dat
Publish At:2023-04-03 22:37 | Read:310978 | Comments:0 | Tags:Exploits and vulnerabilities News Azure Microsoft Super Fabr

"BingBang" flaw enabled altering of Bing search results, account takeover

Researchers from Wiz have discovered a way to allow for search engine manipulation and account takeover. The research in question focuses on several Microsoft applications, with everything stemming from a new type of attack aimed at Azure Active Directory. Azure Active Directory is a single sign-on and multi-factor authentication service used by organisation
Publish At:2023-03-30 22:37 | Read:275003 | Comments:0 | Tags:News bing microsoft azure takeover search results access

Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

Researchers shared details about a flaw, dubbed Super FabriXss, in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Researchers from Orca Security shared details about a new vulnerability, dubbed Super FabriXss (CVE-2023-23383 – CVSS score: 8.2), in Azure. The experts demonstrated how to escalate a reflec
Publish At:2023-03-30 17:55 | Read:548776 | Comments:0 | Tags:Breaking News Hacking Azure Service Fabric Explorer hacking

A week in security (March 13 - 19)

Last week on Malwarebytes Labs: "Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06 Breast cancer photos published by ransomware gang WhatsApp refuses to weaken encryption, would rather leave UK "Just awful" experiment points suicidal teens at chatbot Investment fraud o
Publish At:2023-03-20 20:08 | Read:311668 | Comments:0 | Tags:News Becky Holmes Lock and Code S04E06 ransomware WhatsApp A

Update now! Microsoft fixes two zero-day bugs

Microsoft, and other vendors, have released their monthly updates. In total Microsoft has fixed a total of 101 vulnerabilities for several titles (including Edge), with two of them being actively exploited zero-days. On top of that, Adobe has fixed an actively exploited vulnerability in ColdFusion. The Common Vulnerabilities and Exposures (CVE) database list
Publish At:2023-03-15 21:08 | Read:390055 | Comments:0 | Tags:Exploits and vulnerabilities News patch Tuesday March 2023 M


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud