Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free.
The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to research published Wednesday by Trustwave’s SpiderLabs. When opening attachments, there are no warnings or pop-ups alerting victims, researchers said. The attack uses malicious Word attachments.Read more
A researcher is warning that a programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime, including potentially malicious files. However, Microsoft does not view the issue as a security threat.
According to Omri Misgav, security researcher at enSilo, the bug affects all Windows operating systems from Windows 2000 to Windows 10. Specifically, the flaw pertains to a security mechanism called PsSetLoadImageNotifyRoutine, which provides notifications when PE image files are loaded in runtime to virtual memory space.Read more
Hackers are calling MPs and trying to trick them into revealing their personal parliamentary details. Politicians and aides have been warned that hackers are posing as parliamentary officials asking for their passwords.
The warning comes after Parliament suffered its biggest ever cyber attack as hackers launched a "sustained and determined" attempt to break into emails. Parliament was forced to lock MPs out of their accounts. Parliamentary officials have said that hackers are still attempting to gain access. The message sent to MPs and staff warned: "This afternoon we've heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.Read more
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft warned on Tuesday.
What are Azure AD and Azure AD Connect? Microsoft Azure AD (Active Directory) is often used by enterprises to provide employees and business partners single sign-on access to cloud SaaS Applications (e.g. Office365, DropBox, etc.). It can also be integrated with an organization’s existing Windows Server Active Directory, so that they can use existing on-premises identity solutions to manage access to cloud based SaaS applications.Read more
A portion of Microsoft’s Windows 10 source code has leaked online. Files related to Microsoft’s USB, storage, and Wi-Fi drivers in Windows 10 were posted to Beta Archive.
Beta Archive is a site that tracks Windows releases, and asks members to donate money or contribute something Windows-related if they access a free private FTP full of archived Windows builds. The leaked code was published to Beta Archive’s FTP, and is part of Microsoft's Shared Source Kit. “Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners,” reveals a Microsoft spokesperson.Read more
Microsoft-owned Skype is suffering widespread borkage that has left many unable to access the service. Problems first began on Monday, with Skype admitting that its users had been plagued by connectivity problems. "We are aware of an incident where users will either lose connectivity to the application and may be unable to send or receive messages," it said.
"Some users will be unable to see a black bar that indicates them that a group call is ongoing, and longer delays in adding users to their buddy list." Despite claiming at around 1.45am UK time that the connectivity issues had been resolved, problems are continuing into Tuesday.Read more
A newly discovered malware infection is masquerading in the form of a Microsoft PowerPoint file which downloads the infection as soon as users hover over a link. The file is sent as an attachment through email to victims.
The attachment may sometimes even contain zip files, which when extracted show the PowerPoint files. While PowerPoint files are written as PPTX, this file that comes attached in the mail reads as PPSX. The file format is identical to PowerPoint files but they enter the PowerPoint presentation view directly when opened. On opening a blank page, there is a message written in bright blue font saying, "Loading Please Wait" which is the malicious link.Read more
Microsoft Rewards has launched in the UK, and aims to tempt more people over to Bing. It’s the company’s latest attempt to poach Google’s users, and arguably the most desperate so far. Microsoft will reward you for using the Bing search engine, with points you can exchange for a number of freebies.
You’ll need to be signed into Bing with your Microsoft account, in order to earn points. Each Bing search will get you three points, but this will be doubled if you’re also using Edge, Microsoft’s answer to Google Chrome. ‘Level 1’ users can earn up to 60 points per day, simply by searching for 10 things through Bing.Read more
As you wrestle the tablets from your square-eyed kids for the 10th time today, it might be reassuring to hear the king of Silicon Valley shares your worries. Bill Gates is the legendary founder of the world’s largest software firm, Microsoft – a company that made him the richest man in the world.
But even one of humanity’s greatest technological innovators still banned his kids from having mobiles until they were 14, forbids them at the dinner table and limits his youngest’s screen time. Father to Jennifer, Rory, and Phoebe, he admits: “We often set a time after which there is no screen time and in their case that helps them get to sleep at a reasonable hour.“Read more
You might be aware of an ongoing cyber attack that silently installs malware on fully-patched computers by exploiting an unpatched Microsoft Word vulnerability in all current versions of Microsoft Office.
Now, according to security firm Proofpoint, the operators of the Dridex malware started exploiting the unpatched Microsoft Word vulnerability to spread a version of their infamous Dridex banking trojan. Dridex is currently one of the most dangerous banking trojans on the Internet that exhibits the typical behavior of monitoring a victim's traffic to bank sites by infiltrating PCs and stealing victim's online banking credentials and financial data.Read more