Security News

Microsoft tightens Edge security for less visited websites
2022-08-08 17:15

Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings. "With enhanced security mode, Microsoft Edge helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse."

Snapchat, Amex sites abused in Microsoft 365 phishing attacks
2022-08-07 14:12

Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks.

DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt
2022-08-06 19:41

In May, DDG admitted its supposedly pro-privacy mobile browser wasn't blocking certain Microsoft trackers, while actively blocking other types of third-party trackers by Microsoft and other organizations, confirming findings by data-usage researcher Zach Edwards. Back in January, Twitter fixed a privacy flaw that made it easy to unmask users.

Microsoft Edge gets better security defaults on less popular sites
2022-08-06 15:12

Microsoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser's security defaults when visiting less popular websites. Starting with version 104.0.1293.47, Edge will toggle on the "Basic" level of security when the "Enhance your security on the web" optional browsing mode is enabled in settings.

DuckDuckGo browser now blocks all Microsoft trackers, most of the time
2022-08-05 12:00

DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past. This change comes after the company faced massive blowback in May for not blocking some third-party Microsoft trackers in the DuckDuckGo browser due to a syndicated search content agreement between the two companies.

DuckDuckGo browser now blocks all third-party Microsoft trackers
2022-08-05 12:00

DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past. This change comes after the company faced massive blowback in May for not blocking some third-party Microsoft trackers in the DuckDuckGo browser due to a syndicated search content agreement between the two companies.

Microsoft widens enterprise access to its threat intelligence pool
2022-08-03 21:31

Microsoft says it will give enterprise security operation centers broader access to the massive amount of threat intelligence it collects every day.Both services - Defender Threat Intelligence and Defender External Attack Surface Management - use technologies that Microsoft inherited when it bought cybersecurity company RiskIQ for $500 million in 2021.

Microsoft accounts targeted with new MFA-bypassing phishing kit
2022-08-03 18:02

A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia.

Microsoft rolling out fix for Windows 10 language bar issues
2022-08-03 16:00

Microsoft has addressed a known issue triggered by recent Windows 10 updates that caused the Input Indicator and Language Bar not to appear in the notification area. This known issue affects devices running Windows 10 version 20H2, 21H1, and 21H2, with more than one language installed.

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
2022-08-03 13:01

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication protection to hijack enterprise Microsoft accounts.