Details have been disclosed on a remote code execution flaw in Azure Cosmos DB, which was previously fixed by Microsoft in October.
Microsoft is adding number matching and geographic and app context to Authenticator to defend against MFA fatigue attacks.
Meanwhile, two exploited Exchange flaws that publicly emerged two weeks ago were not addressed in Microsoft’s update.
Attackers are exploiting two new Microsoft Exchange zero days ( CVE-2022-41040 and CVE-2022-41082) in the wild. Microsoft is working on a patch.
Zinc, a Lazarus group offshoot, is using trojanized versions of open source apps such as KiTTY and PuTTY in a new phishing campaign.