Microsoft

now browsing by tag

 
 

#parent | #kids | Microsoft and industry partners seize key domain used in SolarWinds hack | #parenting | #parenting | #kids

Source: National Cyber Security – Produced By Gregory Evans

Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar […]

The post #parent | #kids | Microsoft and industry partners seize key domain used in SolarWinds hack | #parenting | #parenting | #kids appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft in advanced talks to buy TikTok’s US business – WSVN 7News | Miami News, Weather, Sports | #facebookdating | #tinder | #pof | romancescams | #scams

NEW YORK (AP) — Microsoft is in advanced talks to buy the U.S. operations of TikTok, the popular Chinese-owned video app that has been a source of national security and […] View full post on National Cyber Security

#cybersecurity | #hackerspace | Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.

In 2018 when Microsoft acquired Github, many in the developer community had a cautious, even emotional response. Given today’s announcement that GitHub is acquiring npm — the same concerns are likely to surface again since JavaScript is one of the world’s most popular programming languages and since the commons of the global JavaScript community reside within the fabric of npm.

On one hand, such concern is understandable. After all, open source projects are created by the community and they exist to serve the community. I can imagine the argument going like this, “npm as the central repository of JavaScript can only provide value if the community at large trusts those who are responsible for running it.” But, what is “trust”? And how do public repositories like npm, Maven Central, or even Microsoft’s NuGet gallery go about earning the trust of a global developer community?

At Sonatype we’ve been the stewards of the Central Repository (Central), the world’s largest component repository of Java and other JVM related components since 2007. Based on this experience, I’ve learned first hand how challenging it can be to serve as the steward for a public repository. I know how hard it is to gain and keep the trust of millions of open source software developers. In my humble opinion, earning trust starts with “picking up a shovel” and solving a problem on behalf of a community to help it grow and flourish. Community trust is further amplified when you can muster enough resources to solve the same problem in a reliable and scalable manner over a period of many years.

But, here’s the thing; operating a public repository in support of millions (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Microsoft Patch Tuesday finds 115 vulnerabilities patched, 26 critical

Source: National Cyber Security – Produced By Gregory Evans

Micosoft’s
March 2020 Patch Tuesday released saw the company rollout patches for 115
vulnerabilities with 26 rated critical, however, in a rare event Adobe is
taking this month off publicizing no updates.

This is the second
month in a row that Microsoft has busy Patch
Tuesday
. In February the company patched 99 vulnerabilities, including one
zero day. One analyst piggy-backed on to today’s roll out to note that a
vulnerability included in February’s release, CVE-2020-0688, is being actively
exploited in the wild and even though a large number of new updates have been
issued, admins should prioritize taking care of his older CVE if they have not
done so already.

The critical
issues fixed by Microsoft this month include 58 elevation of privilege flaws
with Satnam Narang, principal research engineer at Tenable listing CVE-2020-0788,
CVE-2020-0877 and CVE-2020-0887 as the most severe. Microsoft agrees listing
them as most likely to be exploited.

“These are
elevation of privilege flaws in Win32k due to improper handling of objects in
memory. Elevation of Privilege vulnerabilities are leveraged by attackers
post-compromise, once they’ve managed to gain access to a system in order to
execute code on their target systems with elevated privileges,” he said.

Jay Goodman,
Automox’s strategic product marketing manager, cherry picked CVE-2020-0833,
CVE-2020-0824 and CVE-2020-0847 for added attention. The first two are remote
code execution vulnerabilities that could corrupt system memory giving an
attacker access in the role of the user.

“CVE-2020-0847
is also a remote code execution vulnerability, this time in VBScript. VBscript
is a scripting language used by Microsoft. It allows system admins to run
powerful scripts and tools for managing endpoints and will give the user
complete control over many aspects of the device,” he said.

CVE-2020-0847
is also a corrupt memory system issue with threat actors generally using
phishing or browser attacks to first gain entry.

In addition
to last month’s issue, Recorded Future’s Liska highlighted CVE-2020-8050,
CVE-2020-8051, CVE-2020-8052 and CVE-2020-8055. All are remote code execution
vulnerabilities in Microsoft Word that take advantage of how the software
handles objects in memory. A malicious actor would have to send and then
convince a victim to click on a malicious document to initiate an attack. However,
CVE-2020-8052 is even more dangerous and can be launched through an Outlook preview
page without the need to click on the document.

“As Recorded
Future has previously noted, Microsoft Office is among the most popular attack
vectors for cybercriminals. We expect one or more of these vulnerabilities will
be weaponized sooner rather than later,” he said.

Animesh Jain, from Qualys’ expert vulnerability management research team, pointed out that even some issues that Microsoft considers less likely to be exploited should still garner admin attention and concern. CVE-2020-0905 is a remote code execution vulnerability effecting effects the Dynamics Business Central client that falls into this category, but Jain said the fact that this is likely to reside on a critical server makes it important to patch.

Original Source link

The post #cybersecurity | hacker | Microsoft Patch Tuesday finds 115 vulnerabilities patched, 26 critical appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Announces General Availability of Threat …

Source: National Cyber Security – Produced By Gregory Evans

Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.

Microsoft today announced the general availability of its Threat Protection and Insider Risk Management platforms, as well as the decision to bring Microsoft Defender Advanced Threat Protection to iOS and Android. The announcements come amid a wave of security product news ahead of RSA Conference.

When Microsoft Threat Protection (MTP) arrived in public preview last December, it was described as an “integrated solution” built on the Microsoft 365 security suite: Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email and collaboration, Azure ATP for identity alerts, and Microsoft Cloud App Security (MCAS) for software-as-a-service applications.

MTP is designed to bring the capabilities of all of these Microsoft systems together into a single tool and, in doing so, to coordinate threat detection and response. It looks across domains to understand a chain of events, pinpoint affected assets, and protect resources. MTP prioritizes incidents for investigation and response, terminates malicious processes on endpoints, and removes mail-forwarding rules an attacker may have put in place. It’s meant to give admins greater visibility, stop attacks from spreading, and automatically fix assets affected in an attack.

Insider Risk Management, built into Microsoft 365 and launched in preview at last year’s Ignite, aims to help security teams address a threat that has become a primary concern among CISOs. It started with an internal demand at Microsoft to use machine learning to detect threats based on user behavior, explains Ann Johnson, corporate vice president of cybersecurity at Microsoft.

“It’s one of those solutions that when we brought it to market, the demand was instant,” she says. Insider Risk Management uses the same technology that classifies and protects 50 billion documents for Microsoft users; it’s meant to bring signals, sensitivity labels, and content into a single view so admins can get a picture of what’s happening and take appropriate action.

Many insider threat cases are not inherently malicious, Johnson explains. In one preview case, an employee had forwarded a work email to their personal email because there was data they wanted to access, and they didn’t realize the email contained confidential proprietary data. In another, the tool picked up on users authenticating into applications from different locations.

The preview process taught Microsoft about how companies approach insider threats, which the company believed would be more of a compliance issue, Johnson says. “What we’ve learned is a lot of customers consider insider risk management solely a SOC problem,” she explains. Going forward, a goal is to add new capabilities to educate customers on how they can integrate insider threat management into their broader risk management platforms.

In addition to making MTP and Insider Risk Management generally available, Microsoft is bringing Defender ATP to Linux in public preview and plans to bring the security platform to Android and iOS later this year. Mobile apps for both platforms will be demonstrated at next week’s RSA Conference. Defender ATP is already available on Windows and Mac platforms.

Among Microsoft’s announcements are changes and capabilities to Azure Sentinel, first debuted in February 2019 and made generally available in September. The cloud-native SIEM narrows down high volumes of signals into the significant incidents security teams should prioritize. In December, Microsoft used Sentinel to evaluate nearly 50 billion suspicious signals and generated 25 high-confidence alerts for the security operations team to investigate.

Microsoft is bringing in new data connectors and workbooks from Forcepoint, Zimperium, Quest, CyberArk, Squadra, and other partners to enable easier data collection. A new connector for Azure Security Center for IoT lets admins onboard data workloads from the Internet of Things into Azure Sentinel from deployments managed in the IoT Hub. It’s also releasing new developer documents, guides, samples, validation criteria, and updated GitHub Wiki.

To show how Azure Sentinel can pull security insights from across the enterprise, Microsoft is letting new and current Azure Sentinel users import Amazon Web Services CloudTrail logs at no additional cost from Feb. 24 through June 30, 2020.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

More Insights

Source link

The post Microsoft Announces General Availability of Threat … appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Patch Tuesday, February 2020 Edition — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.

A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.

Last month, Microsoft released an advisory warning that attackers were exploiting a previously unknown flaw in IE. That vulnerability, assigned as CVE-2020-0674, has been patched with this month’s release. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.

Microsoft once again fixed a critical flaw in the way Windows handles shortcut (.lnk) files (CVE-2020-0729) that affects Windows 8 and 10 systems, as well as Windows Server 2008-2012. Allan Liska, intelligence analyst at Recorded Future, says Microsoft considers exploitation of the vulnerability unlikely, but that a similar vulnerability discovered last year, CVE-2019-1280, was being actively exploited by the Astaroth trojan as recently as September.

Another flaw fixed this month in Microsoft Exchange 2010 through 2019 may merit special attention. The bug could allow attackers to exploit the Exchange Server and execute arbitrary code just by sending a specially crafted email. This vulnerability (CVE-2020-0688) is rated “important” rather than “critical,” but Liska says it seems potentially dangerous, as Microsoft identifies this as a vulnerability that is likely to be exploited.

In addition, Redmond addressed a critical issue (CVE-2020-0618) in the way Microsoft SQL Server versions 2012-2016 handle page requests.

After a several-month respite from patches for its Flash Player browser plug-in, Adobe has once again blessed us with a security update for this program (fixes one critical flaw). Thankfully, Chrome and Firefox both now disable Flash by default, and Chrome and IE/Edge auto-update the program when new security updates are available. Adobe is slated to retire Flash Player later this year.

Other Adobe products for which the company shipped updates today include Experience Manager, Digital Editions, Framemaker and Acrobat/Reader (17 flaws). Security experts at Qualys note that on January 28th, Adobe also issued an out-of-band patch for Magento, labeled as Priority 2.

“While none of the vulnerabilities disclosed in Adobe’s release are known to be Actively Attacked today, all patches should be prioritized on systems with these products installed,” said Qualys’s Jimmy Graham.

Windows 7 users should be aware by now that while a fair number of flaws addressed this month by Microsoft affect Windows 7 systems, this operating system is no longer being supported with security updates (unless you’re an enterprise taking advantage of Microsoft’s paid extended security updates program, which is available to Windows 7 Professional and Windows 7 enterprise users).

If you rely on Windows 7 for day-to-day use, it’s probably time to think about upgrading to something newer. That might be a computer with Windows 10. Or maybe you have always wanted that shiny MacOS computer.

If cost is a primary motivator and the user you have in mind doesn’t do much with the system other than browsing the Web, perhaps a Chromebook or an older machine with a recent version of Linux is the answer (Ubuntu may be easiest for non-Linux natives). Whichever system you choose, it’s important to pick one that fits the owner’s needs and provides security updates on an ongoing basis.

Keep in mind that while staying up-to-date on Windows patches is a must, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re not losing your mind when the odd buggy patch causes problems booting the system.

So do yourself a favor and backup your files before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, keep an eye on the AskWoody blog from Woody Leonhard, who keeps a close eye on buggy Microsoft updates each month.



Tags: Alan Liska, CVE-2019-1280, CVE-2020-0618, CVE-2020-0674, CVE-2020-0688, Jimmy Graham, Microsoft Patch Tuesday February 2020, Qualys, Recorded Future

The source of this story comes from click here!

The post Microsoft Patch Tuesday, February 2020 Edition — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Microsoft Detects 77,000 Web Shells Each Month

Source: National Cyber Security – Produced By Gregory Evans

Microsoft has warned that inadequate security on web applications and internet-facing servers is allowing hackers to use web shells in their tens of thousands each month to launch attacks.

Web shells are pieces of malicious code typically implanted onto web servers to execute commands, steal data and help hackers launch additional raids on the victim organization, such as watering hole attacks.

Microsoft claimed in a new blog this week that thanks to poor IT security hygiene, the use of these tools is rocketing: the tech giant detects around 77,000 each month on an average of 46,000 machines.

“Aside from exploiting vulnerabilities in web applications or web servers, attackers take advantage of other weaknesses in internet-facing servers. These include the lack of the latest security updates, anti-virus tools, network protection, proper security configuration and informed security monitoring,” it continued.

“Interestingly, we observed that attacks usually occur on weekends or during off-hours, when attacks are likely not immediately spotted and responded to.”

Multi-layered protection is needed to mitigate the threat of web shells, beginning with gaining visibility into internet-facing servers by monitoring web application directories for web script file writes, the firm advised.

Regular audits of web server logs, prompt patching, intrusion prevention to stop C&C communications, limiting privileged accounts and closing non-standard ports can also help, said Microsoft.

Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, explained that web shells have existed for over a decade and are often automated by hackers, but finding them should not be difficult.

“Usually, once a web shell is uploaded, it is fairly simple to root the server by exploiting unpatched vulnerabilities or its insecure configuration,” he added.

“Detection of web shells is a fairly routine operation, moreover, such attacks are usually attributable to junior hackers unskilled or careless enough to upload a web shell without obfuscation and proper removal after backdooring the server.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Microsoft Detects 77,000 Web Shells Each Month appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | United Nations Data Breach Started with Microsoft …

Source: National Cyber Security – Produced By Gregory Evans A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights. A cyberattack targeting United Nations offices in July 2019 reportedly stemmed from Microsoft SharePoint vulnerability CVE-2019-0604, which was patched […] View full post on AmIHackerProof.com

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Source: National Cyber Security – Produced By Gregory Evans

microsoft azure hacking

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes.

According to a report researchers shared with The Hacker News, the first security vulnerability (CVE-2019-1234) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn’t matter if they’re running on a shared, dedicated or isolated virtual machines.

According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.

By leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown.

microsoft azure screenshots

Whereas, the second issue (CVE-2019-1372) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises’ business code.

What’s more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.

Check Point published a detailed technical post on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants’ apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks.

Since Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege.

“So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),” the researchers said.

“This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.”

Check Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos.

After patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program.

The Original Source Of This Story: Source link

The post Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers appeared first on National Cyber Security.

View full post on National Cyber Security

Configuration Error Reveals 250 Million Microsoft …

Source: National Cyber Security – Produced By Gregory Evans Some the records, found on five identically configured servers, might have contained data in clear text. Researchers have found five servers revealing almost 250 million Customer Service and Support (CSS) records. Each server contains what appears to be the same set of data stored, with no […] View full post on AmIHackerProof.com