#microsoft

### Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "[email protected]". This Microsoft or Google account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is "example.org". In Google, this attack is partially mitigated because Google requires users to verify ownership of their Google account. However, a valid user is able to create multiple distinct Hail Batch accounts by creating multiple distinct Google accounts using email addresses of the form "[email protected]". In Microsoft, this attack requires Azure AD Administrator access to an Azure AD Tenant. The Azure AD Administrator is permitted to change the email address of an account to any other email address without verification. An ...

Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav. During these search connections the protocol server… Continue reading → Initial Access – search-ms URI Handler

Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav. During these search connections the protocol server… Continue reading → Initial Access – search-ms URI Handler

Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL

By Deeba Ahmed According to the Microsoft Threat Intelligence Team, threat actors labeled as 'financially motivated' utilize the ms-appinstaller URI scheme for malware distribution. This is a post from HackRead.com Read the original post: Microsoft Disables App Installer After Feature is Abused for Malware

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

By Deeba Ahmed Triangulation of Terror: Inside the Most Sophisticated iPhone Spyware Campaign Ever Seen. This is a post from HackRead.com Read the original post: iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.