SEARCH
Archive
Microsoft Discloses Fixed Azure Cosmos DB RCE Flaw
Details have been disclosed on a remote code execution flaw in Azure Cosmos DB, which was previously fixed by Microsoft in October.
Microsoft Adds New Features to Authenticator to Prevent MFA Fatigue Attacks
Microsoft is adding number matching and geographic and app context to Authenticator to defend against MFA fatigue attacks.
Microsoft Fixes Actively Exploited Windows Privilege-Escalation Bug
Meanwhile, two exploited Exchange flaws that publicly emerged two weeks ago were not addressed in Microsoft’s update.
Attackers Exploiting Two Microsoft Exchange Zero Days
Attackers are exploiting two new Microsoft Exchange zero days ( CVE-2022-41040 and CVE-2022-41082) in the wild. Microsoft is working on a patch.
Lazarus Group Affiliate Uses Trojanized Open Source Apps in New Campaigns
Zinc, a Lazarus group offshoot, is using trojanized versions of open source apps such as KiTTY and PuTTY in a new phishing campaign.