Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole attack.
Microsoft Issues ‘Important’ Security Fix for Azure AD Connect
Microsoft is warning customers of an “important” update to its Azure AD Connect service that could allow for an elevation of privilege attack against affected systems.
Another RCE Vulnerability Patched in Microsoft Malware Protection Engine
Google Project Zero’s Tavis Ormandy found another remote code execution vulnerability in the Microsoft Malware Protection Engine, the third since early May.
Threatpost News Wrap, June 23, 2017
Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab’s latest report, WannaCry hitting Honda, GhostHook, and Fireball.
GhostHook Attack Bypasses Windows 10 PatchGuard
Researchers at CyberArk have developed a bypass for Windows PatchGuard that leverages Intel’s Processor Trace (Intel PT) technology to execute code at the kernel.
Microsoft Says Fireball Threat ‘Overblown’
Check Point has toned down its initial estimates on the number of Fireball malware infections from 250 million machines and 20 percent of corporate networks to 40 million computers.
Phishing campaign spoofs online auto brand, exposes stolen passwords
It’s bad enough to be caught by an SMS phishing scam – but when the bad guys expose your stolen account details to the world, that really rubs salt into the wound
Microsoft Admits Disabling Anti-Virus Software For Windows 10 Users
An anonymous reader quotes a report from the BBC: Microsoft has admitted that it does temporarily disable anti-virus software on Windows PCs, following an competition complaint to the European Commission by a security company. In early June, Kaspersky Lab filed the complaint against Microsoft. The security company claims the software giant is abusing its market dominance by steering users to its own anti-virus software. Microsoft says it implemented defenses to keep Windows 10 users secure. In an extensive blog post that does not directly address Kaspersky or its claims, Microsoft says it bundles the Windows Defender Antivirus with Windows 10 to ensure that every single device is protected from viruses and malware. To combat the 300,000 new malware samples being created and spread every day, Microsoft says that it works together with external anti-virus partners. The technology giant estimates that about 95% of Windows 10 PCs were using anti-virus software that was already compatible with the latest Windows 10 Creators Update. For the applications that were not compatible, Microsoft built a feature that lets users update their PCs and then reinstall a new version of the anti-virus software. “To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating,” writes Rob Lefferts, a partner director of the Windows and Devices group in enterprise and security at Microsoft.
Read more of this story at Slashdot.
Microsoft Extends Edge Bug Bounty Program Indefinitely
Microsoft said Wednesday it would extend its Edge bug bounty program indefinitely.
News in brief: WannaCry knocks out Honda plant; Skype hit by global outage; NSA shares tools on GitHub
Your daily round-up of some of the other stories in the news