Security News > 2022 > April

Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today. With the expansion of this bug bounty program, security researchers who find and report vulnerabilities affecting on-premises servers are eligible for awards ranging from $500 up to $26,000.

Trezor recently published a warning against a new phishing campaign targeting its users. Figure A. Once in possession of a list of email addresses belonging only to real Trezor customers, the attackers moved to the next step.

"In a future release of Windows 11 you're going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software," said David Weston, VP for Enterprise & OS Security. One of the new security features Microsoft is adding in Windows 11 is enhanced phishing protection against targeted phishing attacks with the help of Microsoft Defender SmartScreen, a cloud-based anti-phishing and anti-malware service.

Microsoft has unveiled new Windows 11 features at today's 'Windows Powers the Future of Hybrid Work' event, including a redesigned File Explorer, new accessibility features, Focus for Windows 11, and more. To help Windows users increase productivity, Microsoft has revealed new features and enhancements to Windows 11, including a revamped File Explorer, App Folder in the Start Menu, new Focus features, and the new Live Captions accessibility features.

It allows businesses to stream Windows 10 or Windows 11 Cloud PCs to end-users under Windows 365 Business or Windows 365 Enterprise subscriptions. Users will be able to quickly switch between their own desktop and the Cloud PC using the Windows Task Switcher once the cloud-based service gets upgraded with a new feature dubbed Windows 365 Switch.

The researchers have tried to find middle ground in a highly polarized environment, calling for "a more nuanced conversation about possible solutions to the criminal use of E2EE services. It is vital that a range of views are considered in order to identify the key issues and inform a more productive debate." Britain's proposed Online Safety Bill and its No Place to Hide campaign look to ban or limit E2EE, a move that has been criticized by the likes of the Internet Society and BCS, The Chartered Institute for IT, which have argued that restricting E2EE would do more harm than good.

Microsoft has resolved a newly acknowledged issue causing Windows apps that use WebView2 to render Internet content incorrectly outside their windows after installing the March optional preview cumulative updates. The WebView2 control allows developers to embed and render web content in native apps using the Microsoft Edge web browser, including JavaScript, HTML, and CSS. According to a new entry added to the Window Health dashboard, "Some apps might render content incorrectly or outside of the app's window" on systems where the March non-security preview releases have been installed.

Attackers are using a newly released remote access trojan to spread ransomware and distributed denial of service - in addition to the traditional RAT function of backdooring victims' systems. Researchers at Cyble Research Labs discovered the RAT, which they dubbed Borat RAT because it uses a photo of Sacha Baron Cohen, the comedian who created and portrayed the fictional character Borat in a popular series of mockumentary films.

The Computer Emergency Response Team of Ukraine has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon. Armageddon is a Russian state-sponsored threat actor who has been targeting Ukraine since at least 2014 and is considered part of the FSB. According to a detailed technical report published by the Ukrainian secret service in November 2021, Armageddon has launched at least 5,000 cyber-attacks against 1,500 critical entities in the country.

Microsoft has removed a compatibility hold blocking Windows 11 upgrades for Windows 10 customers after fixing a known issue leading to problems importing Internet Explorer 11 data into Microsoft Edge. The only customers impacted by the now-fixed known issue were those who didn't import their IE11 information into Microsoft Edge before starting the Windows 11 upgrade process.