Tag Archives: Microsoft

Electron Bot Malware on Microsoft’s Official Store

Electron Bot Malware on Microsoft’s Official Store

Check Point Research (CPR) reports over a new kind of malware distributed via Microsoft’s official store. The new threat is capable of taking control over social media accounts on SoundCloud, Google and Facebook. The researchers report that malware has already infected over 5000 active devices worldwide. It shows the ability to register new accounts, log in, make comments and even …

Read More »

Microsoft blocks Internet macros by default in Office

Microsoft blockes Internet macros by default in Office

Microsoft announces it introduces new changes to it’s automation capabilities called active content in Office (The most common kinds are macros). If earlier users could enable them by clicking the corresponding button now they will see the Learn more button where they could learn the possible danger the received files might present and what possible solutions might be done to …

Read More »

Ukrainian organizations under malware attacks

Microsoft reports about malware detection in Ukrainian organizations

In their blog Microsoft reports about malware attacks that have recently defaced several Ukrainian government and other organizations’ sites. The team first detected the malware on January 13th 2022. They already notified all relevant government agencies in the United States and elsewhere, as well as the victims of the attack. The team shared all available so far information with other …

Read More »

Fontdrvhost.exe file – is it safe and legit?

Fontdrvhost.exe file - is it safe and legit?

Several days ago a user on Reddit nicknamed u/14022I posted about Fontdrvhost.exe. It seems they suspected some problems with this particular file on their computer. The question was why it uses so much CPU and Memory? The user thought it could be malicious. They might be right or they might be wrong. We`ll explain. Can someone tell me why "Usermode …

Read More »

Fix for Microsoft Exchange 2022 year bug

Fix for Microsoft Exchange 2022 year bug

Microsoft released a fix for the Exchange bug that disturbed email delivery on on-premise Microsoft Exchange servers. Exactly at the New Year Exchange admins worldwide found out that the servers couldn`t deliver emails somehow. Instead they were pushed in line and Windows event log showed errors. For the time being Microsoft released a temporary fix. It will require users to …

Read More »

Windows 10 RCE: via insecure default URI handler

Windows 10 RCE: via insecure default URI handler

Two researchers found an issue in Windows 10 that allows for a drive-by code execution vulnerability on Windows 10 via IE11/Edge Legacy and MS Teams, activated by an argument injection in the Windows 10/11 default handler for ms-officecmd: URIs. In their report published on researchers` blog they provide a full cover of their findings and additionally added original MSRC report. …

Read More »

New PowerShortShell Stealer

New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability

On November 24, 2021 SafeBreach Labs published research on a new Iranian threat actor using a Microsoft MSHTML Remote Code Execution (RCE) exploit for targeting victims with a new PowerShell stealer or PowerShortShell. ShadowChasing first reported the case on their Twitter page. However specialists could not get the PowerShell Stealer hash/code as it was not available on public malware repositories …

Read More »

Microsoft wants to stop the users from using Chrome

M

In recent days, a lot of people have reported about Microsoft’s attempts to keep the users on Microsoft Edge. The banner which appears in Microsoft Bing – the default search engine in Edge – tries to convince the users to stay on the default Microsoft browser. Why you should stop using Chrome? Microsoft Edge is an integrated web browser that …

Read More »

Another Windows zero day allows for admin privileges

Another Windows zero day allows for admin privileges

Researcher Abdelhamid Naceri who often reports on Windows bugs this time dropped a working proof-of-concept exploit for admin privileges zero-day on GitHub. According to Naceri it will work on all supported versions of Windows. This particular zero day can allow a potential bad actor to open a command prompt with SYSTEM privileges from an account with only low-level ‘Standard’ privileges. …

Read More »

Tiktok Phishing Campaign

Tiktok Phishing Campaign

Recently, on October 2, 2021, and November 1, 2021 one media outlet reported the news. Some bad actors conducted a rather large phishing campaign. According to a report it seemed like they primarily decided to target accounts with rather large audiences coverage. Scammers pretended to be from the Tiktok team. And attackers wrote in those emails that either they needed …

Read More »

Free Unofficial Patch for Zero-Day Bug in Windows

Free Unofficial Patch for Zero-Day Bug in Windows

During the late August Patch Tuesday Microsoft uncompletely patched a zero-day bug that goes by the identification CVE-2021-34484. The company only fixed the impact of the proof-of-concept (PoC). Earlier security researcher Abdelhamid Naceri made a report on the issue. This uncompletely patched bug affects all Windows versions, including Windows 10, Windows 11, and Windows Server 2022. In the Windows User …

Read More »

Microsoft reports TodayZoo – a “Franken-Phish” phishing toolkit

Microsoft reports"Franken-Phish"

In their blog Microsoft reported a very curious phishing kit – TodayZoo. It was primarily active this year, in spring and summer. The peculiarity of this kit lies in its built. This weird toolkit consists of particles of code from different works. Franken-Phish used to disguise itself under Zoom, Microsoft and Xerox products. Microsoft reported it to the AWS (Amazon …

Read More »