Tag: microsoft
-
Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates
Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-disrupts-ransomware-abusing-azure-certificates
-
Microsoft lifts more safeguard holds blocking Windows 11 updates
Microsoft has removed two more compatibility holds preventing customers from installing Windows 11 24H2 via Windows Update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-lifts-more-safeguard-holds-blocking-windows-11-updates/
-
Microsoft fixes highest-severity ASP.NET Core flaw ever
Earlier this week, Microsoft patched a vulnerability that was flagged with the “highest ever” severity rating received by an ASP.NET Core security flaw. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-highest-severity-aspnet-core-flaw-ever/
-
Microsoft fixes highest-severity ASP.NET Core flaw ever
Earlier this week, Microsoft patched a vulnerability that was flagged with the “highest ever” severity rating received by an ASP.NET Core security flaw. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-highest-severity-aspnet-core-flaw-ever/
-
Microsoft fixes Windows bug breaking localhost HTTP connections
Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-bug-breaking-localhost-http-connections/
-
Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score
The CVSS confusion: Despite Dorrans’ cautious assessment of the actual risk, the 9.9 CVSS rating has caused considerable confusion among developers, with many questioning whether the vulnerability truly warrants such an extreme severity score.Dorrans addressed this directly in the GitHub discussion, explaining that Microsoft’s scoring methodology accounts for worst-case scenarios.”On its own for ASP.NET Core,”…
-
Technologie- und Social-Media-Plattformen dominieren nach wie vor die Phishing-Angriffe durch Markennachahmung
Check Point Software Technologies hat seinen Brand-Phishing-Report für das 3. Quartal 2025 veröffentlicht. Die Ergebnisse zeigen einen deutlichen Anstieg der Angriffe. Microsoft ist erneut die am häufigsten missbrauchte Marke und taucht in 40 Prozent aller Phishing-Versuche weltweit auf eine deutliche Zunahme, welche die Konzentration der Hacker auf weit verbreitete Produktivitätsplattformen unterstreicht. Die Dominanz […] First…
-
Technologie- und Social-Media-Plattformen dominieren nach wie vor die Phishing-Angriffe durch Markennachahmung
Check Point Software Technologies hat seinen Brand-Phishing-Report für das 3. Quartal 2025 veröffentlicht. Die Ergebnisse zeigen einen deutlichen Anstieg der Angriffe. Microsoft ist erneut die am häufigsten missbrauchte Marke und taucht in 40 Prozent aller Phishing-Versuche weltweit auf eine deutliche Zunahme, welche die Konzentration der Hacker auf weit verbreitete Produktivitätsplattformen unterstreicht. Die Dominanz […] First…
-
Technologie- und Social-Media-Plattformen dominieren nach wie vor die Phishing-Angriffe durch Markennachahmung
Check Point Software Technologies hat seinen Brand-Phishing-Report für das 3. Quartal 2025 veröffentlicht. Die Ergebnisse zeigen einen deutlichen Anstieg der Angriffe. Microsoft ist erneut die am häufigsten missbrauchte Marke und taucht in 40 Prozent aller Phishing-Versuche weltweit auf eine deutliche Zunahme, welche die Konzentration der Hacker auf weit verbreitete Produktivitätsplattformen unterstreicht. Die Dominanz […] First…
-
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active…
-
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active…
-
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/vanilla-tempest-fake-microsoft-teams/
-
Microsoft’s Patch Tuesday: 172 Flaws Fixed
The tech titan is addressing 172 security flaws, including six zero-day vulnerabilities. Among these, eight are rated “Critical,” consisting of five remote code execution bugs and three elevation of privilege issues. The post Microsoft’s Patch Tuesday: 172 Flaws Fixed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-october-2025/
-
Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks
A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The company addressed the bug in the May 28, 2025 KB5058499 preview update (OS Build 26100.4202),…
-
Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation
Tags: ai, automation, cyber, cyberattack, cybercrime, data, defense, incident, intelligence, malware, microsoft, phishing, vulnerabilityCybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025. In 80% of the cyber incidents Microsoft investigated last year, attackers sought to steal data primarily for profit rather than intelligence gathering.…
-
Microsoft erneut meistgefälschte Marke in Phishing-Angriffen
Auch im dritten Quartal 2025 war die Technologiebranche am stärksten betroffen, gefolgt von sozialen Netzwerken und dem Einzelhandel. Mit dem Beginn der großen Einkaufssaison rechnen die Forscher mit einem weiteren Anstieg First seen on infopoint-security.de Jump to article: www.infopoint-security.de/microsoft-erneut-meistgefaelschte-marke-in-phishing-angriffen/a42398/
-
Neues, getarntes Phishing-Kit zielt auf Microsoft 365 ab
Ein neuartiges, getarntes und hartnäckiges PhaaS-Kit stiehlt Anmeldedaten und Authentifizierungs-Token von Microsoft 365-Nutzern, wie eine aktuelle Analyse von Barracuda zeigt [1]. Die Bedrohungsanalysten beobachten dieses neue und sich rasant weiterentwickelnde PhaaS-Kit seit Juli 2025 und haben es »Whisper 2FA« getauft. Im vergangenen Monat hat Barracuda fast eine Million Whisper 2FA-Angriffe auf Konten im Rahmen von……
-
Neues, getarntes Phishing-Kit zielt auf Microsoft 365 ab
Ein neuartiges, getarntes und hartnäckiges PhaaS-Kit stiehlt Anmeldedaten und Authentifizierungs-Token von Microsoft 365-Nutzern, wie eine aktuelle Analyse von Barracuda zeigt [1]. Die Bedrohungsanalysten beobachten dieses neue und sich rasant weiterentwickelnde PhaaS-Kit seit Juli 2025 und haben es »Whisper 2FA« getauft. Im vergangenen Monat hat Barracuda fast eine Million Whisper 2FA-Angriffe auf Konten im Rahmen von……
-
Deutschland größtes Hacker-Ziel in der EU
Tags: authentication, china, cyberattack, defense, extortion, germany, hacker, iran, login, mail, mfa, microsoft, north-korea, password, phishing, ransomware, software, ukraineLaut einer Studie von Microsoft richteten sich 3,3 Prozent aller Cyberangriffe weltweit im ersten Halbjahr 2025 gegen Ziele in Deutschland.Kein Land in der Europäischen Union steht so sehr im Fokus von kriminellen Hackern wie Deutschland. Das geht aus dem Microsoft Digital Defense Report 2025 hervor, den der Software-Konzern in Redmond veröffentlicht hat. Danach richteten sich…
-
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a…
-
Office 2016 and Office 2019 have reached end of support
Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-office-2019-have-reach-end-of-support/
-
Microsoft Office 2016/2019 End of Life; Weiter absichern oder Abschied von dem Zeug?
Zum 14. Oktober 2025 sind die beiden Microsoft Office-Versionen Office 2016 und Office 2019 ausgelaufen und bei Microsoft aus dem Support gefallen. Gelegenheit für einige Gedanken bzw. ein Refresh. Man könnte diese Versionen weitere fünf Jahre abgesichert betreiben. Man könnte … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/17/microsoft-office-2016-2019-end-of-life-weiter-absichern-oder-abschied-von-dem-zeug/
-
Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections
Microsoft’s October Windows 11 updates have broken the “localhost” functionality, making applications that connect back to 127.0.0.1 over HTTP/2 no longer function properly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-updates-break-localhost-127001-http-2-connections/
-
Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk
Researchers discovered more than 550 unique secrets exposed in Visual Studio Code marketplaces, prompting Microsoft to bolster security measures. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/leaks-microsoft-vs-code-marketplaces-supply-chain-risks
-
Windows 11 update breaks localhost, prompting mass uninstall workaround
Microsoft’s quality control department caught napping again First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/windows_11_update_localhost/
-
Schleswig-Holstein waves auf Wiedersehen to Microsoft stack
Germany’s northernmost state bins Outlook and tens of thousands of Redmond licenses First seen on theregister.com Jump to article: www.theregister.com/2025/10/15/schleswig_holstein_open_source/
-
Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack
Plus: Adobe, SAP, Ivanti offer treats, not tricks First seen on theregister.com Jump to article: www.theregister.com/2025/10/14/microsoft_october_2025_patch_tuesday/
-
Microsoft disrupts ransomware attacks targeting Teams users
Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-disrupts-ransomware-attacks-targeting-teams-users/
-
Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords
Hackers are also increasingly turning to other methods to obtain credentials. Microsoft tracked surges in the use of infostealer malware by criminals and an increase of IT scams where cybercriminals call a company’s help desk and simply ask for password resets. First seen on therecord.media Jump to article: therecord.media/microsoft-warns-of-surge-identity-hacks-passwords