Nation-state actors are targeting critical infrastructure, the IT supply chain and unpatched flaws in an effort to advance evolving strategic political objectives and to reach a wider set of targets.
Details have been disclosed on a remote code execution flaw in Azure Cosmos DB, which was previously fixed by Microsoft in October.
Microsoft is adding number matching and geographic and app context to Authenticator to defend against MFA fatigue attacks.
Meanwhile, two exploited Exchange flaws that publicly emerged two weeks ago were not addressed in Microsoft’s update.
Attackers are exploiting two new Microsoft Exchange zero days ( CVE-2022-41040 and CVE-2022-41082) in the wild. Microsoft is working on a patch.