Microsoft has taken over 99 domains used by the Phosphorus attack group, which has ties to the Iranian government.
From an attacker’s perspective, the wider the net cast, the more number of potential victims caught. So it’s no surprise that Recorded Future research indicates attackers continue to rely heavily on exploits targeting Microsoft applications.
There is bipartisan consensus in Congress that a federal data privacy law is necessary. Public policy experts from Google, Microsoft, and Twitter discussed the issues lawmakers will need to address to craft meaningful privacy regulation at a panel at RSA Conference.
A privilege escalation attack that is the combination of known issues and weaknesses with Microsoft Exchange will let users become Domain Administrators. No compromised credentials required.
Even with a regular software update cadence, some vulnerabilities are serious enough to warrant an emergency fix. Microsoft has released an out-of-band update addressing a remote code execution flaw in Internet Explorer.