In addition to the DDoS campaign and claimed theft of Microsoft accounts, Anonymous Sudan has busied itself with a campaign of attacks against European banks as of late. Microsoft says there is no evidence of a data breach.
Failure to strictly follow children's privacy laws on the Xbox Live gaming service is about to cost Microsoft a substantial amount of money, as the company has settled a FTC case with a $20 million fine for inappropriate collection and storage of personal data.
Microsoft faces a hefty fine over Bing cookie consent issues, and has additionally been given three months to get the system into compliance or it could face additional fines of €60,000 per day.
Security firm disclosed a Microsoft data breach that exposed customer data affecting over 65,000 organizations in 111 countries. Microsoft expressed disappointment at the security firm for exaggerated numbers and releasing a search tool.
Cybercriminals design and test email phishing attacks to bypass Microsoft email defenses with nearly a fifth (18.8%) of phishing messages reaching their targets.
Microsoft discovered a coordinated phishing campaign targeting Office 365 users and leveraging an Adversary-in-the-Middle (AiTM) MFA bypass to execute business email compromise (BEC) attacks and commit fraud.
Tenable CEO cites reports from several cybersecurity firms that indicate Microsoft is not being timely enough with its vulnerability disclosures and sometimes has a "dismissive" attitude.
A zero-day remote code execution vulnerability in Microsoft Office has come to light, and is considered very serious due to potential for code execution if a victim opens a malicious document in Word.
While the tech companies seem to be in full support of passwordless authentication, the tech community remains divided on whether it is really "ready for primetime."
Microsoft researchers say that Russian cyber attacks in March against a television broadcaster and a nuclear plant directly preceded military action directed at those targets.