On Tuesday, Microsoft announced that it had successfully defended against a cyber espionage campaign by a Chinese nation-state actor, identified as Storm-0558, targeting approximately 25 organizations, including Western European government agencies. The breach, which began on May 15, 2023, involved access to email accounts through Outlook Web Access in Exchange Online (OWA) and Outlook.com by forging authentication tokens. Microsoft responded by blocking the usage of tokens signed with the acquired MSA key in OWA and notifying affected organizations.
Cybersecurity researchers at Trend Micro have discovered a rootkit signed by Microsoft being exploited by a Chinese actor, primarily targeting the gaming sector in China. The rootkit, attributed to the same actor behind the FiveSys rootkit, has multiple variants and communicates with a remote server to retrieve additional payloads, bypassing security measures and disabling Microsoft Defender Antivirus. In response, Microsoft has implemented blocking protections and suspended involved partner accounts to protect users from future threats.
Microsoft has released an unprecedented 132 fixes this month, including six zero-day bugs, one of which is being exploited in attacks against NATO members. The zero-day in question, CVE-2023-36884, affects Office and Windows HTML, and while no patch is available yet, Microsoft has offered mitigations and a forthcoming fix. Another notable zero-day, CVE-2023-35311, allows the bypassing of Microsoft Outlook security features, potentially enabling comprehensive attacks when combined with other exploits.
A new Python-based fileless malware, dubbed PyLoose, is targeting cloud workloads to run cryptomining operations. Detected by the Wiz Runtime Sensor, the malware exploits publicly accessible Jupyter Notebook services, loading an XMRig miner directly into memory without writing payloads to disk. To prevent such attacks, organizations are advised to secure their services, use robust authentication methods, and restrict the execution of system commands.
Google CEO Sundar Pichai has voiced concerns over the potential misuse of AI in creating deepfake videos, which he warns could be indistinguishable from reality and cause societal harm. In a conversation with CBS’ “60 Minutes,” Pichai stated that Google is taking steps to limit the capabilities of its Bard AI to prevent such misuse. Despite current AI-generated videos and audio being relatively unpolished, the rapid advancements in this field highlight the need for robust safety measures and public feedback, to ensure a responsible development and deployment of increasingly capable models.
In response to an increased cyber threat landscape, Microsoft has expanded its Entra identity and access management (IAM) line into the secure service edge (SSE) with the introduction of Entra Internet Access and Entra Private Access. The former is an identity-centric zero-trust network access (ZTNA) service that protects internet traffic, and the latter controls access to business resources based on network conditions and user context. Additionally, AI and machine learning are incorporated into these services to learn typical user behavior and flag anomalies, making these enhancements a significant step for Microsoft in the cybersecurity landscape.
Cryptocurrency transactions linked to known criminal entities decreased by 65% in H1 2023 compared to the same period last year, yet ransomware attacks are expected to surge, according to blockchain data platform Chainalysis. The decrease in criminal activity is largely attributed to a significant decline in crypto-based scams, but ransomware attackers are on track for their second-biggest year, having already extorted $176 million more than in the same period in 2022. The report suggests that this rise in ransomware profits can be traced back to a resurgence in big-game hunting and an increase in the number of successful smaller attacks.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.