Diver Signing requirements in Windows is a feature that is intended to help prevent the Windows Operating system from being compromised through malicious software posing as legitimate drivers. The policy was implemented way back in early versions of the 64-bit flavor of Windows XP and became a defacto security policy very quickly after that. Since its implementation and enforcement threat groups have found multiple ways around this policy including the use of compromised certificate issuing groups, purchasing actually legitimate certificates, and certificate theft.

It seems the Judge in the case involving the FTC, Microsoft and Activision Blizzard thinks that the FTC failed to reach a sufficient threshold to prove harm in a request for a preliminary injunction. To some this is cause for celebration although most people who have followed Microsoft’s history of anti-competitive behavior, in any market they play in, will know this is not a good thing. What makes this decision even more suspect is the fact that the judge precising over the case, U.S. District Judge Jacqueline Scott Corley, has a direct family member working at Microsoft.

Social engineering efforts via voice calls (Vishing) is nothing new. The use of phone calls for malicious activity is pretty old and include such popular scams as extended car warranties, IRS collection attempts, and the ever popular “there is a complaint against you”. These are just a few of the consumer scams that have been in play and are still in play. On the corporate side there are even more which target general employees and support personnel to either gain entry or enable some form of financial fraud. Sadly, this pivot is also seriously under managed by most organizations, with few providing any preventative training and most not testing this attack vector to determine exposure.

Last week Progress Software, the company behind MOVEit file transfer software, announced another SQL injection flaw had been identified and patched. This flaw is just the latest in a series of vulnerabilities that have been identified in the application after the Cl0p ransomware group was found to have exploited a different SQL injection flaw to steal data from multiple MOVEit users. The attacks started in late 2022, but the Cl0p group might have been testing different entry points as far back as June 2022.

Yesterday (July 5, 2023) Social Networking Giant, Meta launched their competitor to Twitter. This new app is a companion app to Instagram called threads. Ironically, Twitter had a lot of buzz about the new app including from people that routinely talk about how terrible Twitter is under Elon Musk. These Twitter detractors have been posting count down timers, information on how to ensure you can be on threads as soon as it launches and more. It is interesting, if not a bit funny, to see the dialog there. However, there is a very dark cloud (heavy black and pendulous) over the green pastures of Meta’s Threads. This is the very serious concern about Privacy and Security.

It has been a few days since we talked about NPM and node.js. The popular repository has been taking a bit of a beating in recent months as attackers, hacktivists, and others seek to compromise their packages as part of a general supply chain attack. Supply chain attacks are in vouge right now and are part of the reason you might be seeing the acronym SBOM (Software Build of Materials) so much. Sure, SBOM is not a new term, but the push for it and the rise of an entire vertical in the cybersecurity industry is new and should be a bit of an indicator that there is a problem.

There is nothing like an unresolved security flaw in a major product. Especially when the flaw is one that the developer knows about but does not consider important enough to fix in a timely manner. If the flaw is in a commonly used product, it is even better. In this case we are talking about a flaw we covered back on the 23rd of June. This is a bug that can allow an attacker to mimic an internal sender to get around file handling from external senders. In our opinion, it is significant, but Microsoft has no plans to remediate it any time soon. I guess they have other things on their plate like Privacy Investigations in the EU (Over Teams and Office) and the pending Activision/Blizzard deal in court in the US.

EDR, XDR, and MDR are acronyms that are well known to most organizations. The operative letters here are DR which stands for Detection and Response. The E, X, and M stand for Endpoint, E(x)tended, and Managed respectively. Each one of these is designed to monitor a device for threats and respond according to the profile/configuration/policy enabled for the device. This is different than the traditional “anti-virus/anti-malware” application in many ways. The most common is that an EDR is intended to do more than check files against a signature list and quarantine them if identified. The modern EDR does look for malware, but it also monitors script execution, process starts/stops, file and registry reads and writes and, in many cases, network activity that can indicate potential compromise.

So, it seems that under direct questioning Microsoft has been forced to admit that cloud gaming is not as big of a deal as they have been saying it is. We have long held that their generous 10-year cloud licensing deal for cloud gaming was not an honest attempt at competition. After all cloud gaming represents a little less than 1% of the total gaming market. Now Sarah Bond has admitted that it is not a popular option and that it is most commonly used as a feature for Microsoft consoles.

You have to love Microsoft Teams. Teams is the Frankenstein Monster of Microsoft’s Lync, which then became Skype for Business, and then morphed into the problematic service we now know as Teams. The journey from Lync to Teams has been a mishmash of features added in and removed while trying to maintain the semblance of feature parity with the products that came before it. One of the big pushes for teams was the integration of SharePoint for file storage and collection. SharePoint integration has been and continues to be a HUGE push from Microsoft in all of their MS365 products and it is not always for the better.