-
Zloader Banking a new Malware attack can be bypass Microsoft Signature Verification.
A ZLoader malware campaign is exploiting a nine-year-old flaw in Microsoft’s digital signature verification to steal credentials and sensitive information using remote monitoring tools. According to Check Point Research, which has been tracking the sophisticated infection chain since November 2021, it has been attributed to a cybercriminal group dubbed MalSmoke, citing similarities with previous attacks.…
-
Azure App Service Exposed Hundreds of Source Code Repositories after four years.
A security flaw has been discovered in Microsoft’s Azure App Service that exposed source code for customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. According to Wiz researchers, the vulnerability, codenamed “Not Legit,” was first reported to the tech giant on October 7, 2021, and…
-
Bugs in Active Directory could allow hackers to take over Windows domain controllers.
Following the availability of a proof-of-concept (POC) tool on December 12, Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November. The two vulnerabilities are identified as CVE-2021-42278 and CVE-2021-42287. They both affect Active Directory Domain Services (AD DS) and have a severity rating of 7.5.…
-
Microsoft Is Adding New Cryptography Algorithms
Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The…