Security News

Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned. As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed.

Microsoft has confirmed that today's release of mandatory Patch Tuesday updates will automatically remove Edge Legacy and replace it with the new Chromium-based Edge. In older versions of Windows 10, users who wished to use it could download it from the Microsoft Edge site or wait for the mandatory Windows Update.

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. While Agarwal states that the vulnerability is fixed in the latest version of the V8 JavaScript engine, it is not clear when Google will roll out the Google Chrome.

Microsoft has reminded users that Windows 10, version 1909, will reach the end of service next month, in May 2021. Windows 10 releases reaching end of support in May. The company says that this end of support deadline applies to all Windows 10 1903 editions in a support document published earlier this week.

Windows 10 will soon let you different usage categories, such as Gaming and Business, that tell the operating system how you plan on using the device. In recent Windows 10 builds, Windows sleuth Albacore discovered a hidden Settings screen under the 'Personalization' section called 'Device Usage' that contains six different categories for how you "Plan to use your device."

Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how "Autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts." Reinforcement learning, Microsoft explains, is a type of machine learning that teaches autonomous agents to make decisions based on the interaction with the environment: agents improve strategies through repeated experience, similarly to playing a video game over and over to become better at it.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments. Dubbed Aviary, the new tool is a dashboard that makes it easy to visualize and analyze output from Sparrow, the compromise detection tool that was released in December 2020.

Microsoft has open-sourced software that pits machine-learning-powered network intruders against automated defenders inside virtual networks. The tech, dubbed CyberBattleSim by its creators at the Microsoft 365 Defender research team, is a Python-based OpenAI Gym affair, and sets up pretend networks loaded with vulnerabilities and other weaknesses.

Microsoft has open-sourced software that pits machine-learning-powered network intruders against automated defenders inside virtual networks. The tech, dubbed CyberBattleSim by its creators at the Microsoft 365 Defender research team, is a Python-based OpenAI Gym affair, and sets up pretend networks loaded with vulnerabilities and other weaknesses.

Image: CISA. The Cybersecurity and Infrastructure Security Agency has released a companion Splunk-based dashboard that helps review post-compromise activity in Microsoft Azure Active Directory, Office 365, and Microsoft 365 environments. CISA's new tool, dubbed Aviary, helps security teams visualize and analyze data outputs generated using Sparrow, an open-source PowerShell-based tool for detecting potentially compromised applications and accounts in Azure and Microsoft 365.