Security News

Microsoft: Windows 11 printing issues fixed in the KB5006746 update
2021-10-22 11:56

Microsoft has fixed multiple known issues impacting printing on Windows 11 with the release of the optional KB5006746 cumulative update preview on Thursday. Windows 11 users can also manually download and deploy the cumulative update preview from the Microsoft Update Catalog.

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild
2021-10-22 05:41

A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. "Digital signatures are a way of establishing trust," Bitdefender researchers said in a white paper, adding "a valid digital signature helps the attacker navigate around the operating system's restrictions on loading third-party modules into the kernel. Once loaded, the rootkit allows its creators to gain virtually unlimited privileges."

Microsoft is releasing Windows 10 21H2 in November
2021-10-21 17:52

Microsoft is preparing Windows 10 21H2, the next Windows 10 version, for a November 2021 release and is now rolling it out to all Windows Insiders in the Release Preview Channel. The Windows 10 21H2 feature update is offered as an optional update through the "Seeker" experience in Windows Update to Insiders who go to Settings > Update & Security > Windows Update.

Microsoft now defends nonprofits against nation-state attacks
2021-10-21 17:23

Microsoft announced today a new security program for nonprofits to provide them with protection against nation-state attacks that have been increasingly targeting them in recent years. The company launched the program in response to the booming cybercrime industry impacting all industry sectors worldwide and nonprofits in particular because of their vulnerability stemming from the lack of adequate resources to build a suitable defense.

Microsoft bought CloudKnox because hybrid multicloud identity is complicated
2021-10-21 12:50

"We're using more and more cloud services and SaaS applications, we're more interconnected and we're spending more time online, we have more multicloud environments and at the same time the cyberattacks and crimes are ever increasing," CVP of Microsoft's Identity division Joy Chik told TechRepublic. With many different identities, resources, applications and data sets to secure, organizations are looking for a unified way to manage access control as a first line of defense, using identity as the control plane.

Hands on with Microsoft's Android app support in Windows 11
2021-10-20 21:46

Microsoft has released its first preview build of the Windows Subsystem for Android, allowing you to run Android apps directly on your desktop. Like the Windows Subsystem for Linux, the Windows Subsystem for Android allows you to run native Android apps in a virtualized environment with sound, graphics, and network connectivity.

Microsoft: Old Windows updates now expire to improve speed, security
2021-10-20 17:13

Installing updates is slower and their size gets incrementally bigger due to the long backlog caused by the two or more updates for each Windows platform released every month. Microsoft increases Windows Update's overall performance by marking earlier updates for expiration as part of a regular evaluation process.

Microsoft 365 will get enhanced insider risk management tools
2021-10-20 13:30

Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility. Insider Risk Management enables Microsoft 365 cloud services platform customers to detect, investigate, and remediate insider security threats within their organizations across Office, Windows, Azure, and third-party apps like HR systems.

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs
2021-10-20 13:28

An APT described as a "Lone wolf" is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets mobile devices with out-of-the-box RATs such as dcRAT and QuasarRAT for Windows and AndroidRAT. They're delivering the RATs in malicious documents by exploiting CVE-2017-11882, according to a report published Tuesday by Cisco Talos.

Microsoft launches Privacy Management for Microsoft 365
2021-10-20 10:39

Microsoft has made available Privacy Management for Microsoft 365, a new AI-based solution to help enterprises manage data privacy risks and build a privacy resilient workplace, as well as automate the response to subject rights requests at scale.Privacy Management is built-into the Microsoft 365 compliance center and is currently available as an add-on to organizations with Office 365 A1/E1/A3/E3/A5/E5 and Microsoft 365 A3/E3/A5/E5 subscriptions.