Despite being a mostly run-of-the-mill ransomware strain, Babuk Locker's encryption mechanisms and abuse of Windows Restart Manager sets it apart.
https://threatpost.com/ransomware-babuk-locker-large-corporations/162836/
A look back at what was hot with readers -- offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.
https://threatpost.com/tech-giants-lend-whatsapp-support-in-spyware-case-against-nso-group/162552/
Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.
https://threatpost.com/rdp-server-access-payment-card-data-in-high-cybercrime-demand/162476/
The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.
https://threatpost.com/microsoft-solarwinds-spy-attack-federal-agencies/162414/
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.
https://threatpost.com/3m-users-malicious-facebook-insta-browser-add-ons/162350/
Meanwhile, FireEye has found a kill switch, and Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack.
https://threatpost.com/solarwinds-default-password-access-sales/162327/
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.
https://threatpost.com/agent-tesla-targeting-data-tactics/162268/
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.
https://threatpost.com/microsoft-office-365-credentials-attack-fax/162232/
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
https://threatpost.com/adrozek-malware-fake-ads-30k-devices/162217/
Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020.
https://threatpost.com/microsoft-patch-tuesday-holidays/162041/
It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure.
https://threatpost.com/spearphishing-attack-spoofs-microsoft-office-365/162001/
A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices.
https://threatpost.com/trickbot-returns-bootkit-functions/161873/
The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.
https://threatpost.com/microsoft-m365-privacy-backlash/161760/
Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks.
https://threatpost.com/apt-exploits-zerologon-targets-japanese-companies/161383/
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.
https://threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/
An attack on the Microsoft Exchange server of an organization in Kuwait revealed two never-before-seen Powershell backdoors.
https://threatpost.com/microsoft-exchange-attack-xhunt-backdoors/161041/
More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.
https://threatpost.com/google-forms-abused-to-phish-att-credentials/160957/
Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry -- including bugs that just won't die.
https://threatpost.com/halloween-election-hospital-death-cyberattacks/160781/
Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers.
https://threatpost.com/microsoft-warns-zerologon-bug/160769/
While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable.
https://threatpost.com/microsofts-smbghost-flaw-108k-windows-systems/160682/
The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.
https://threatpost.com/microsoft-iranian-apt-t20-summit-munich-security-conference/160654/
Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.
https://threatpost.com/microsoft-teams-phishing-office-365/160458/
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.
https://threatpost.com/office-365-oauth-attack-coinbase/160337/
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.
https://threatpost.com/microsoft-exchange-outlook-apts/160273/
The shift to remote working spurred Microsoft and Amazon to the top of the heap for cybercriminals to use as lures in the third quarter.
https://threatpost.com/microsoft-most-imitated-phishing/160255/
The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
https://threatpost.com/microsoft-rce-flaws-windows-update/160244/
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
https://threatpost.com/barnes-noble-hack-ddos-extortion-threats/160193/
There were 11 critical bugs and six that were unpatched but publicly known in this month's regularly scheduled Microsoft updates.
https://threatpost.com/october-patch-tuesday-wormable-bug/160044/
Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.
https://threatpost.com/election-systems-attack-microsoft-zerologon/160021/
Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.
https://threatpost.com/trickbot-takedown-crimeware-apparatus/160018/
Bad actors are leveraging legitimate services and tools within Microsoft's productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.
https://threatpost.com/office-365-persistent-cyberattacks/160010/
The malware also has a unique machine-learning module.
https://threatpost.com/android-ransomware-home-button/160001/
Two flaws in Microsoft's cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.
https://threatpost.com/microsoft-azure-flaws-servers-takeover/159965/
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/
Hundreds of U.S. organizations on Thursday received emails purporting to come from the Democratic National Committee, in a new politically charged Emotet spear-phishing attack.
Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page.
https://threatpost.com/microsoft-office-365-captchas/159747/
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more.
https://threatpost.com/oauth-phishing-microsoft-o365-attacks/159713/
Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable.
https://threatpost.com/microsoft-exchange-exploited-flaw/159669/