Security News
Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. To make sure the attackers did not modify their code, Microsoft created CodeQL queries that were used to scan their codebase for malicious implants matching the SolarWinds IOCs.
For the first time in a public release, Microsoft has released a Windows 10 cumulative update that is combined with a servicing stack update for ease of installation. Microsoft sometimes releases a special update called a servicing stack update that fixes bugs or issues that may prevent a cumulative update from installing correctly.
According to a Tuesday report by Cofense, which analyzed millions of emails related to various attacks, 57 percent were phishing emails aiming to steal victim usernames and passwords. The remainder of malicious emails were utilized in business email compromise attacks or for malware delivery.
ZEDEDA announced an integration with Microsoft Azure IoT services that provides customers with full lifecycle management capabilities, single-click bulk provisioning, risk-free updates and a built-in app marketplace. "With scale and security, they can instantly deploy all Azure IoT Edge services on large fleets of nodes with a single click and manage the full lifecycle of both the software and hardware."
The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith. While only Smith was willing to say categorically that it was Russia, FireEye's CEO Kevin Mandia noted that following an intensive investigation by his team, which included looking for clues in reams of decompiled code, they had concluded that the hack was "Not consistent with China, North Korea or Iran, and was most consistent with Russia."
The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith. While only Smith was willing to say categorically that it was Russia, FireEye's CEO Kevin Mandia noted that following an intensive investigation by his team, which included looking for clues in reams of decompiled code, they had concluded that the hack was "Not consistent with China, North Korea or Iran, and was most consistent with Russia."
Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers - including FedEx and DHL Express. Both scams have targeted Microsoft email users and aim to swipe their work email account credentials.
Starting next month, Microsoft Word for Windows will include a new predictive typing feature that automatically suggests new words to use as you are typing. The new feature is called 'Text Prediction,' and Microsoft states that it will go live for all Word for Windows users starting March 2021.
Microsoft is adding support for sending emails via alias email addresses from the Outlook for Windows email client. "Send email from a proxy email address or account alias rather than your primary email address," Microsoft says on the planned feature's Microsoft 365 roadmap entry.
Microsoft is now using crowdsourcing to determine whether to show a site's website subscription dialog prompt in the Microsoft Edge web browser. After Microsoft rolled out their quiet notification requests feature in Edge 84, they noticed a significant drop in undesired notifications dialog prompts, but at the same time, legitimate sites' notifications were affected as well.