Security News

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...]

Microsoft is testing a new feature in the Edge browser called the "extension performance detector," which warns you when browser extensions cause performance issues on web pages you visit. [...]

Unpatched MS Office flaw may leak NTLM hashes to attackersA new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Key metrics for monitoring and improving ZTNA implementationsIn this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access implementation, focusing on balancing security with operational efficiency.

Microsoft is improving Copilot integration in the Edge browser with AI-powered smart keywords. This will allow the AI to generate important keywords from the PDF and then help you analyze each topic. [...]

A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands," the Reason Labs research team says.

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software....

In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals with groundbreaking skills, knowledge and insights.

Several recent reports indicate that mass exploitation may have overtaken botnets as the primary vector for ransomware incidents. There has been a rapid tempo of security incidents caused by the mass exploitation of vulnerable software such as MOVEit, CitrixBleed, Cisco XE, Fortiguard's FortiOS, Ivanti ConnectSecure, Palo Alto's PAN-OS, Juniper's Junos, and ConnectWise ScreenConnect.

Microsoft says the new Copilot app, mistakenly added to the list of installed Windows apps by recent Edge updates, doesn't collect or relay data to its servers. For this reason, they were surprised to see a new 8KB Microsoft Copilot app added to the list of installed programs on live production builds of Windows Server 2022.

Microsoft says the new Copilot app, added by recent Edge updates to the list of installed Windows apps, doesn't collect or relay data to its servers. "Updates to Edge browser version 123.0.2420.65, released on March 28, 2024 and later, might incorrectly install a new package called 'Microsoft chat provider for Copilot in Windows' on Windows devices. Resulting from this, the Microsoft Copilot app might appear in the Installed apps in Settings menu," Redmond said.