Security News

Microsoft adds support for WSL2 distros on Windows Server 2022
2022-05-25 20:54

Microsoft has announced that Windows Subsystem for Linux distros are now supported on Windows Server 2022 after installing this week's cumulative update previews. To install the Windows Server 2022 KB5014021 update, you must go to Settings > Windows Update and manually 'Check for updates.

Microsoft adds Office subscriptions to Windows 11 account settings
2022-05-25 18:31

Microsoft has improved the account settings in the latest Windows 11 preview build, a settings page that now lists Office subscriptions linked to the user's Microsoft 365 account. The Windows Insider team started rolling out a new 'Your Microsoft account' settings page within Windows 11's Settings in October 2021.

In record year for vulnerabilities, Microsoft actually had fewer
2022-05-25 16:11

Figures from the National Vulnerability Database of the US National Institute of Standards and Technology show last year broke all records for security vulnerabilities. Just 1,212 vulnerabilities were reported in Microsoft products last year, said BeyondTrust, a 5 percent drop on the previous year.

Elevation of Privilege is the #1 Microsoft vulnerability category
2022-05-25 04:00

BeyondTrust announced the release of a report which includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend analysis, providing a holistic understanding of the evolving threat landscape. Microsoft groups vulnerabilities that apply to one or more of their products into the following main categories: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing.

DuckDuckGo browser allows Microsoft trackers due to search agreement
2022-05-24 22:07

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. "Tracker Radar automatically blocks hidden third-party trackers we can find lurking on websites you visit in DuckDuckGo, which stops the companies behind those trackers from collecting and selling your data," explains the Apple App Store page for the DuckDuckGo Privacy Browser.

Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code
2022-05-24 20:04

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. Last year, Malwarebytes disclosed a campaign wherein malicious actors were observed delivering PHP-based web shells embedded within website favicons to load the skimmer code.

Microsoft: Credit card stealers are getting much stealthier
2022-05-24 18:44

Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. Skimming gangs obfuscate their code snippets, inject them into image files, and masquerade them as popular web applications to evade detection.

Microsoft sounds the alarm on — wait for it — a Linux botnet
2022-05-23 06:57

Microsoft has sounded the alarm on DDoS malware called XorDdos that targets Linux endpoints and servers. Over the last six months, Microsoft threat researchers say they've witnessed a 254 percent spike in the malware's activity.

PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
2022-05-22 16:15

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. In a new report by HP Wolf Security, researchers illustrate how PDFs are being used as a transport for documents with malicious macros that download and install information-stealing malware on victim's machines.

Microsoft tests new Windows 11 Desktop search that only works with Edge
2022-05-22 15:07

Microsoft is testing a new feature in the latest Windows 11 preview build that displays an Internet search box directly on the desktop. The problem is that it does not honor your default browser and only uses Bing and Microsoft Edge instead. This new feature is currently being tested with a small subset of Windows Insiders running the Windows 11 build 25120 on the 'Dev' channel.