Security News

Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings. "With enhanced security mode, Microsoft Edge helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse."

Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks.

In May, DDG admitted its supposedly pro-privacy mobile browser wasn't blocking certain Microsoft trackers, while actively blocking other types of third-party trackers by Microsoft and other organizations, confirming findings by data-usage researcher Zach Edwards. Back in January, Twitter fixed a privacy flaw that made it easy to unmask users.

Microsoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser's security defaults when visiting less popular websites. Starting with version 104.0.1293.47, Edge will toggle on the "Basic" level of security when the "Enhance your security on the web" optional browsing mode is enabled in settings.

DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past. This change comes after the company faced massive blowback in May for not blocking some third-party Microsoft trackers in the DuckDuckGo browser due to a syndicated search content agreement between the two companies.

DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past. This change comes after the company faced massive blowback in May for not blocking some third-party Microsoft trackers in the DuckDuckGo browser due to a syndicated search content agreement between the two companies.

Microsoft says it will give enterprise security operation centers broader access to the massive amount of threat intelligence it collects every day.Both services - Defender Threat Intelligence and Defender External Attack Surface Management - use technologies that Microsoft inherited when it bought cybersecurity company RiskIQ for $500 million in 2021.

A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia.

Microsoft has addressed a known issue triggered by recent Windows 10 updates that caused the Input Indicator and Language Bar not to appear in the notification area. This known issue affects devices running Windows 10 version 20H2, 21H1, and 21H2, with more than one language installed.

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication protection to hijack enterprise Microsoft accounts.