Threat actors are disseminating malware through the ms-appinstaller URI scheme, which Microsoft has now disabled by default. This method was chosen because it can evade security precautions like Microsoft Defender SmartScreen. Microsoft’s Threat Intelligence team has identified it as an entry point for ransomware, used by threat actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674. The actors spoof legitimate apps, trick users into installing malicious packages, and avoid early detection. Microsoft is advising users to implement phishing-resistant authentication to safeguard against these attacks.
![](https://healsecurity.com/wp-content/uploads/2024/07/amber-alert-as-nhs-in-plymouth-makes-urgent-plea-for.jpg)
‘Amber alert’ as NHS in Plymouth makes urgent plea for people with certain blood type
The NHS has issued an urgent call for O type blood donors, following increased demand after the recent cyber attack. The attack led to reduced