Security News

Microsoft on Thursday disclosed an "Extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages that enable a threat actor to set up phishing emails and pages, using them as lures to harvest and transmit credentials to an attacker-controlled server.

Microsoft has finally kicked off the rollout of end-to-end-encryption in its Teams collaboration platform with a public preview of E2EE for one-to-one calls. The company made the promise of E2EE for some one-to-one Teams calls at its virtual Ignite shindig in March this year and as 2021 nears its end appears to have delivered, in preview form at least.

Microsoft says it found new variants of macOS malware known as WizardUpdate, updated to use new evasion and persistence tactics. The trojan will deploy second-stage malware payloads, including a malware variant tracked as Adload, active since late 2017 and known for being able to slip through Apple's YARA signature-based XProtect built-in antivirus to infect Macs.

Microsoft has announced the public preview roll-out of end-to-end encryption support for one-to-one Microsoft Teams calls.Starting today, Microsoft Teams is getting end-to-end encryption for 1:1 calls which encrypts the real-time media flow so that private one-to-one discussions remain entirely private, with no way for intermediate nodes or parties to decrypt them.

Microsoft has fixed multiple known issues impacting printing on Windows 11 with the release of the optional KB5006746 cumulative update preview on Thursday. Windows 11 users can also manually download and deploy the cumulative update preview from the Microsoft Update Catalog.

A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. "Digital signatures are a way of establishing trust," Bitdefender researchers said in a white paper, adding "a valid digital signature helps the attacker navigate around the operating system's restrictions on loading third-party modules into the kernel. Once loaded, the rootkit allows its creators to gain virtually unlimited privileges."

Microsoft is preparing Windows 10 21H2, the next Windows 10 version, for a November 2021 release and is now rolling it out to all Windows Insiders in the Release Preview Channel. The Windows 10 21H2 feature update is offered as an optional update through the "Seeker" experience in Windows Update to Insiders who go to Settings > Update & Security > Windows Update.

Microsoft announced today a new security program for nonprofits to provide them with protection against nation-state attacks that have been increasingly targeting them in recent years. The company launched the program in response to the booming cybercrime industry impacting all industry sectors worldwide and nonprofits in particular because of their vulnerability stemming from the lack of adequate resources to build a suitable defense.

"We're using more and more cloud services and SaaS applications, we're more interconnected and we're spending more time online, we have more multicloud environments and at the same time the cyberattacks and crimes are ever increasing," CVP of Microsoft's Identity division Joy Chik told TechRepublic. With many different identities, resources, applications and data sets to secure, organizations are looking for a unified way to manage access control as a first line of defense, using identity as the control plane.

Microsoft has released its first preview build of the Windows Subsystem for Android, allowing you to run Android apps directly on your desktop. Like the Windows Subsystem for Linux, the Windows Subsystem for Android allows you to run native Android apps in a virtualized environment with sound, graphics, and network connectivity.