Threats

Microsoft shares workaround for ongoing Outlook login issues

Microsoft shares workaround for ongoing Outlook login issues (What New)

By Sergiu Gatlan October 28, 2022 02:57 PM

Microsoft is working on a fix for ongoing sign-in issues affecting some Outlook for Microsoft 365 customers and preventing them from accessing their accounts.

The login problems impact users trying to sign in to Outlook using their Outlook.com accounts or those who have already added the accounts to their Outlook profiles.

Instead of logging in, the users will see the following error messages asking them to use a work or school account: “You can’t sign in here with a personal account. Use your work or school account instead.”

While Microsoft says that the Outlook Team is working on a solution for this known issue, an official workaround is available for those who want to access their accounts until a fix rolls out.

“To work around the issue, you can turn off Support Diagnostics, which turns off the option to submit an In App ticket using Help and then selecting Contact Support. The bug is related to how Outlook is authenticating for the diagnostics in some situations,” Microsoft said.
To disable support diagnostics in Outlook and prevent it from communicating client information on failure to support services, you have to enable the DisableSupportDiagnostics policy setting.

“This policy setting determines if Outlook can communicate client information on failure to support services with the intent of diagnosing the issue or making the information available to support to help with the diagnosis/resolution of the issue and/or provide contextual error messaging to the user,” according to the Group Policy Administrative Templates Catalog.

Last week, Redmond said it was working to resolve another bug that might prevent users from configuring Exchange Online mailboxes in Outlook for Windows.

In early October, the company began rolling out a fix for another issue known since August that’s causing Outlook for Microsoft 365 to freeze and crash after launch.

Microsoft has also recently addressed a bug that triggered Outlook email client crashes when reading emails containing tables like Uber receipt emails.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-ongoing-outlook-login-issues/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Google fixes seventh Chrome zero-day exploited in attacks this year

By Bill Toulas October 28, 2022 07:34 AM

I have warned more folks get off this browser (Use Firefox with duckduckgo.com)

Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks.

The high-severity flaw (CVE-2022-3723) is a type confusion bug in the Chrome V8 Javascript engine discovered and reported to Google by analysts at Avast.

“Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild,” highlights the notice.

The company doesn’t provide many details about the vulnerability for security reasons, allowing Chrome’s user base enough time to update the web browser to version 107.0.5304.87/88, which addresses the problem.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google says.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

In general, type confusion vulnerabilities occur when the program allocates a resource, object, or variable using a type and then accesses it using a different, incompatible type, resulting in out-of-bounds memory access.

By accessing memory regions that shouldn’t be reachable from the context of the application, an attacker could read sensitive information of other apps, cause crashes, or execute arbitrary code.

Google does not clarify the level of activity involving the exploit that exists in the wild, so whether attacks using CVE-2022-3723 are widespread or limited is not known at this time.

Chrome users can update their browser by opening Settings → About Chrome → Wait for the download to finish → Restart the program.

Article (https://www.bleepingcomputer.com/news/security/google-fixes-seventh-chrome-zero-day-exploited-in-attacks-this-year/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Apple Releases Security Updates for Multiple Products

10/26/2022 12:42 PM EDT

Original release date: October 26, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:

• Safari 16.1
• iOS 16.1 and iPadOS 16
• macOS Big Sur 11.7.1
• macOS Monterey 12.6.1
• macOS Ventura 13
• tvOS 16.1
• watchOS 9.1

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Venus Ransomware targets publicly exposed Remote Desktop services Affect Microsoft Office products

By Lawrence Abrams October 16, 2022 11:12 AM
Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices.

Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide. However, there was another ransomware using the same encrypted file extension since 2021, but it is unclear if they are related.

BleepingComputer first learned of the ransomware from MalwareHunterTeam, who was contacted by security analyst linuxct looking for information on it.

Linuxct told BleepingComputer that the threat actors gained access to a victim’s corporate network through the Windows Remote Desktop protocol.

Another victim in the BleepingComputer forums also reported RDP being used for initial access to their network, even when using a non-standard port number for the service.
How Venus encrypts Windows devices

When executed, the Venus ransomware will attempt to terminate thirty-nine processes associated with database servers and Microsoft Office applications.

taskkill, msftesql.exe, sqlagent.exe, sqlbrowser.exe, sqlservr.exe, sqlwriter.exe, oracle.exe, ocssd.exe, dbsnmp.exe, synctime.exe, mydesktopqos.exe, agntsvc.exe, isqlplussvc.exe, xfssvccon.exe, mydesktopservice.exe, ocautoupds.exe, agntsvc.exe, agntsvc.exe, agntsvc.exe, encsvc.exe, firefoxconfig.exe, tbirdconfig.exe, ocomm.exe, mysqld.exe, mysqld-nt.exe, mysqld-opt.exe, dbeng50.exe, sqbcoreservice.exe, excel.exe, infopath.exe, msaccess.exe, mspub.exe, onenote.exe, outlook.exe, powerpnt.exe, sqlservr.exe, thebat64.exe, thunderbird.exe, winword.exe, wordpad.exe

The ransomware will also delete event logs, Shadow Copy Volumes, and disable Data Execution Prevention using the following command:
wbadmin delete catalog -quiet && vssadmin.exe delete shadows /all /quiet && bcdedit.exe /set {current} nx AlwaysOff && wmic SHADOWCOPY DELETE

When encrypting files, the ransomware will append the .venus extension, as shown below. For example, a file called test.jpg would be encrypted and renamed test.jpg. Venus.

Article ( https://www.bleepingcomputer.com/news/security/venus-ransomware-targets-publicly-exposed-remote-desktop-services/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

New PHP information-stealing malware targets Facebook accounts

By Bill Toulas October 16, 2022 10:07 AM

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets.

Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers.

Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading as a PDF document supposedly containing details about a marketing project.

The malware targeted information stored in browsers, focusing on Facebook Business account data, and exfiltrated it to a private Telegram channel that acted as a C2 server. These stolen credentials are then used for financial fraud or to conduct malicious advertising.

Zscaler now reports spotting signs of new activity involving a refreshed Ducktail campaign that uses a PHP script to act as a Windows information-stealing malware.
A PHP information-stealing malware

Ducktail has now replaced the older NET Core information-stealing malware used in previous campaigns with one written in PHP.

Most of the fake lures for this campaign are related to games, subtitle files, adult videos, and cracked MS Office applications. These are hosted in ZIP format on legitimate file hosting services.

When executed, the installation takes place in the background while the victim sees fake ‘Checking Application Compatibility’ pop-ups in the frontend, waiting for a fake application sent by the scammers to install.

The malware will ultimately be extracted to the %LocalAppData%\Packages\PXT folder, which includes the PHP.exe local interpreter, various scripts used to steal information, and supporting tools, as shown below.

My comments last week about droppng Corportae Facebook seem to be coming true

Article (https://www.bleepingcomputer.com/news/security/new-php-information-stealing-malware-targets-facebook-accounts/)

Bitdefender will do a content filter to Block Access to Facebook

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Cybersecurity and Infrastructure Security Agency (CISA) – Defend Today, Secure Tomorrow

Microsoft Releases October 2022 Security Updates
10/11/2022 02:15 PM EDT

Original release date: October 11, 2022
Link (https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct)

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s October 2022 Security Update Summary and Deployment Information and apply the necessary updates.

Meta warns 1 million Facebook users their login info may have been compromised

Naomi Nix- Washington Post
Fri, October 7, 2022 at 3:09 PM

Suggestion folks in the IT industry keep Facebook out the company network , if they need it for marketing get them another computer/laptop and keep off the network. It bad enough we have issue’s with Microsoft and Google for security issues. Facebook is a non essential, my personal opinion.

Facebook parent Meta is warning 1 million users that their login information may have been compromised through malicious apps.

Meta’s researchers found more than 400 malicious Android and Apple iOS apps this year that were designed to steal the personal Facebook login information of its users, the company said Friday in a blog post. Meta spokesperson Gabby Curtis confirmed that Meta is warning 1 million users who may have been affected by the apps.

Meta said the apps they identified were listed in Apple’s app store and Google Play Store as games, photo editors, health and lifestyle services and other types of apps to trick people into downloading them. Often the malicious app would ask users to “login with Facebook” and later steal their username and password, according to the company.
“This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” wrote Meta’s Threat Disruption Director David Agranovich, and Malware Discovery and Detection Engineer Ryan Victory.

Meta said it reported the apps to Apple and Google and the apps had since been taken down. Google spokesperson Edward Fernandez said in a statement that the “apps identified in the report are no longer available on Google Play.” A representative for Apple responded but didn’t comment.

Meta has faced scrutiny over its privacy practices for years. In 2019, the Federal Trade Commission approved a roughly $5 billion settlement with Facebook after reports found the political consultancy Cambridge Analytica improperly accessed personal data of millions Facebook users.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Hackers Have It Out for Microsoft Email Defenses

Tara Seals Managing Editor, News, Dark Reading
October 06, 2022

If you insist in Using O365 at least have a filter in front to protect yourselves , I recommend Barracuda Advance Spam/Phishing  filtering they clean it and then deliver to your mailbox

“Many hackers think of email and Microsoft 365 as their initial points of compromise, [so they] will test and verify that they are able to bypass Microsoft’s default security,” according to a new report from Avanan that flags an uptick in its customer telemetry of malicious emails landing in Microsoft-protected email boxes.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Microsoft to retire Exchange Online client access rules in a year BEWARE

By Sergiu Gatlan September 27, 2022 03:11 PM
Microsoft announced today that it will retire Client Access Rules (CARs) in Exchange Online within a year, by September 2023.

Microsoft also recently warned customers that it would start disabling basic authentication in random tenants to improve Exchange Online security beginning October 1, 2022.

CARs are sets of conditions, exceptions, actions, and priority values that allow Microsoft 365 admins to filter client access to Exchange Online based on many factors.

Connections can be allowed or blocked based on the client’s IP addresses and authentication type, as well as the protocol, application, or service they’re using to connect.

In short, once configured, they help control who can access what resources in an Exchange Online organization.

“Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023,” the Exchange Team said.

“We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules.”

The company will begin the deprecation process by first disabling client access rules in tenants where they’re unused starting October 2022.

Until September 2023, Microsoft plans to help migrate all remaining tenants from CARs to use new access control features like continuous access evaluation (CAE).
Client access rules deprecation timeline
Client access rules deprecation timeline (Microsoft)

​”If you do not currently use CARs, cmdlets will be disabled for your tenant after October 2022,” the Exchange Team added.

“If you currently have CARs configured in your tenant you will be able to keep using them until September 2023, which provides you with time to migrate other, more resilient options.”

As Redmond explains, the switch to CAE access control to Exchange Online resources is designed to add extra resiliency by proactively terminating active user sessions and ensuring tenant policy change enforcement in almost real-time.

“Now with new features, like Continuous Access Evaluation (CAE) that allows Azure Active Directory applications to subscribe to critical events, that can then be evaluated and enforced in near real time; you can have better control while also adding resiliency to your organization,” the Exchange Team said.

Microsoft also recently warned customers that it would start disabling basic authentication in random tenants to improve Exchange Online security beginning October 1, 2022.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-to-retire-exchange-online-client-access-rules-in-a-year/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Microsoft shares workarounds for Windows Group Policy issues (PLUS OTHER ISSUES)

By Sergiu Gatlan September 23, 2022 07:28 AM

Microsoft has acknowledged a known issue where copying files/shortcuts using Group Policy Preferences on Windows client devices might not work as expected after installing recent Windows cumulative updates released during this month’s Patch Tuesday.

On affected systems, files or shortcuts will not copy to the target drives or end up as zero-byte files when using Group Policy file operations.

“File copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes,” Microsoft explained.

“Known affected Group Policy Objects are related to files and shortcuts in User Configuration -> Preferences -> Windows Settings in Group Policy Editor.”

The list of affected platforms includes client (from Windows 8.1 up to Windows 11 22H2) and server releases (from Windows Server 2008 SP2 and up to Windows Server 2022).

Microsoft acknowledged the issue following a stream of Windows admin reports across multiple social networks and on Microsoft’s online community regarding issues with Group Policy settings after deploying September 2022 Patch Tuesday updates.

At the time, some of the affected admins suggested a radical fix requiring manually uninstalling and hiding the offending cumulative updates. Unfortunately, this would also remove all fixes for recently patched security vulnerabilities.

However, multiple admins have also reported that un-checking the “Run in user security context” option on the affected GPOs will help address the file copying and shortcut creation problems.
Official workarounds are also available

Microsoft confirmed the last workaround shared by impacted customers before the issue was acknowledged, together with a couple of additional ways to mitigate the issue (any one of them is enough for mitigation) :

Uncheck the “Run in logged-on user’s security context (user policy option).” Note: This might not mitigate the issue for items using a wildcard (*).
Within the affected Group Policy, change “Action” from “Replace” to “Update.”
If a wildcard (*) is used in the location or destination, deleting the trailing “\” (backslash, without quotes) from the destination might allow the copy to be successful.

Redmond also added that its developers are working on a resolution for this known issue and will provide a fix with an upcoming update.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workarounds-for-windows-group-policy-issues/)

Microsoft: Windows KB5017383 preview update added to WSUS by mistake
(https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-kb5017383-preview-update-added-to-wsus-by-mistake/)
Microsoft rolls out emergency fix for blocked Windows logins (https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-emergency-fix-for-blocked-windows-logins/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”