Security News

Microsoft has released an open-source cyberattack simulator that allows security researchers and data scientists to create simulated network environments and see how they fare against AI-controlled cyber agents. The Microsoft 365 Defender Research team created CyberBattleSim to model how a threat actor spreads laterally through a network after its initial compromise.

A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely. The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information.

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.

On the first day of the Pwn2Own 2021 hacking competition, participants earned more than half a million dollars, including $440,000 for demonstrating exploits against Microsoft products. The competition's organizer, Trend Micro's Zero Day Initiative, said there were seven attempts on the first day and five of them were successful.

With Azure AD verifiable credentials now available in public preview, Microsoft is collaborating with leading identity verification providers to improve verifiability and secure information exchange. Once verified, these credentials can be used to prove an identity across different organizations to accelerate onboarding of users, secure access to apps or enable a more trustworthy credential recovery experience.

Socure announced the company will provide identity verification services for remote onboarding for individuals accessing decentralized IDs as part of the new Microsoft Azure Active Directory verifiable credentials feature in public preview. Once verified, these credentials can be used to prove an identity across different organizations to accelerate onboarding of users and enable a more trustworthy credential recovery experience.

Onfido announced it has been selected by Microsoft to enable fast and secure identity verification and onboarding for its Azure Active Directory verifiable credentials. Once a person's real identity is bound to their digital identity using Onfido's document plus selfie verification, end-users are onboarded to Azure AD and have complete control over their identity from their smartphone, being able to provision its reuse to access additional services.

It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said. The web giant's Threat Analysis Group said it had detected in March a bogus security company SecuriElite reaching out to legit professionals via social media, such as LinkedIn and Twitter.

The new Chromium-based Microsoft Edge browser has grown by over 1,300% in the past 12 months, while the Firefox browser is slowly losing its market share. In January 2020, Microsoft released the first stable version of the new Chromium-based Microsoft Edge browser and announced that they would slowly release it to Windows 10 users.

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Defender antivirus, now comes with support for Windows 10 on Arm devices. Windows 10 on Arm, a full-featured version of Windows 10 designed explicitly for Arm devices, has run most apps since the first such devices were launched in late 2017.