Security Bulletin

By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.

The report noted that synthetic identity fraud could be combated by public sector organizations through the implementation of omnichannel verification, or the corroboration of identities through multiple approaches.

One-quarter of attacks during the first three months of 2024 involved BEC, most of which were in the finance sector, a report from Arctic Wolf revealed.

Fifty-two percent of 172 widely deployed critical open-source projects had memory-unsafe code or were not written in programming languages that curb memory-related errors.

Russian Amin Timovich Stigal has been indicted by the U.S. Justice Department for his alleged involvement in the WhisperGate wiper malware attack against Ukrainian critical infrastructure systems.

Intrusions involved alterations of the WordPress plugin WooCommerce's checkout PHP file to enable staging of an HTML style sheet-emulating PHP script, which then allows retrieval of the credit card skimmer.

Intrusions with Snowblind involved the injection of a seccomp filter to intercept system calls, as well as a SIGSYS signal handler to direct anti-tampering code to unchanged APK versions allowing the deactivation of several app security features.

U.S.-based nonprofit organization Better Business Bureau and skin care provider U.S. Dermatology Partners were admitted to be compromised by the BianLian ransomware operation.

Attacks aimed at up to 30 organizations in Europe and the Americas, particularly the U.S. manufacturing industry, have been linked to Chinese hacking group APT41 and North Korean state-backed advanced persistent threat operation Andariel

Only U.S banking-as-a-service provider Evolve Bank & Trust was noted by cyber threat monitoring firm HackManac to have been impacted by an attack claimed by the LockBit ransomware operation to have resulted in the compromise of 33 TB of files from...

Here are four shortcomings of MFA in preventing account takeovers – and what to do about it.

Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our...