Security News

Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information and in some cases, passwords, to Google and Microsoft respectively. In cases where Chrome Enhanced Spellcheck or Edge's Microsoft Editor were enabled, "Basically anything" entered in form fields of these browsers was transmitted to Google and Microsoft.

Remote work trends are here to stay while fewer employees than ever before are working full-time in traditional offices. IT needs to foster employee engagement and collaboration, while enabling dispersed teams, decentralized workplaces, and off-premises IT infrastructure.

An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams. App subdomains to host their scam pages within a single day.

Microsoft has reminded customers that all editions of Windows 10, version 21H1 will reach the end of service in three months, on December 13, 2022. The company said in a support document published on Wednesday that Windows 10 21H1 that systems running these Windows editions will no longer receive security updates.

Microsoft says customers will see fewer Microsoft 365 update notifications because Office apps will update automatically while their computers are locked or idle. "Microsoft has developed an optimization that applies a pending Microsoft 365 Apps update while a machine is in idle or locked mode, even if apps are running," said Julia Lieberman, a product manager at Microsoft.

Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials. Besides Microsoft account details, the attackers also attempt to steal their victims' multi-factor authentication codes to take over their accounts.

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication turned on. The newly discovered security issue impacts versions of the application for Windows, Linux, and Mac and refers to Microsoft Teams storing user authentication tokens in clear text without protecting access to them.

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks.The patches are in addition to 16 vulnerabilities that Microsoft addressed in its Chromium-based Edge browser earlier this month.

September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed. "Seeing as this vulnerability was reported to Microsoft by four different cybersecurity companies, it is highly likely that it is being leveraged extensively in the wild - specifically by APT groups and malware authors - to gain elevated privileges," Bharat Jogi, director of vulnerability and threat research at Qualys, told The Register.

September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day exploited by attackers. CVE-2022-37969 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, and an attacker must already have access and the ability to run code on the target system before trying to trigger it.