Security News

Microsoft has announced today that Microsoft Edge Legacy will be permanently removed and replaced with the new Microsoft Edge after installing April's Windows 10 Patch Tuesday security update. "To replace this out of support application, we are announcing that the new Microsoft Edge will be available as part of the Windows 10 cumulative monthly security update-otherwise referred to as the Update Tuesday release-on April 13, 2021," the Microsoft Edge Team said.

Microsoft has warned of an increasing number of consent phishing attacks targeting remote workers during recent months, BleepingComputer has learned. Consent phishing is an application-based attack variant where the attackers attempt to trick targets into providing malicious Office 365 OAuth apps with access to their Office 365 accounts.

In response to speculation that its services may have been leveraged as an initial entry point by the hackers who breached IT management firm SolarWinds, Microsoft said on Thursday there was no evidence to back those claims. Reports, including from several mainstream media publications, have speculated about the role of Microsoft services in the SolarWinds attack and other operations conducted by the same threat group.

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Clicking the thumbnail or "View File" link leads to the final phishing page, asking victims to log in with their Microsoft credentials, and asks them to provide alternate email addresses or phone numbers - an effort to collect data that could be used to get around two-factor authentication or account recovery mechanisms.

Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products. Three of the Office February 2021 non-security updates apply to the entire Microsoft Office 2016, Microsoft Office 2013, and Microsoft Office 2010 software suites, while four others address issues affecting the PowerPoint and Outlook apps.

Microsoft has addressed a known issue impacting multiple Windows 10 apps and causing them to forget users' passwords after upgrading devices to certain Windows 10, version 2004 builds. The issue was resolved in the KB4598291 release preview cumulative update for all editions of Windows 10 and Windows Server versions 2004 and 20H2. This update also comes with fixes for device deactivation issues and freezing problems while playing games full-screen.

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.

In a series of posts on Twitter, Microsoft on Tuesday warned of an uptick in gift card-themed business email compromise attacks targeting K-12 school teachers by impersonating their colleagues. "We detected a recent spike in business email compromise attacks soliciting gift cards primarily targeting K-12 school teachers. Attackers impersonate colleagues or school officials to ask recipients to purchase various gift cards," Microsoft Security Intelligence warned.

Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network. "This capability expansion enables organizations to discover, prioritize, and remediate both software and operating system vulnerabilities on devices running macOS," Microsoft Senior Product Manager Tomer Reisner said.

Researchers have identified new versions of the Agent Tesla remote access trojan that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware.