Security News

Pwn2Own Vancouver typically takes place during the CanSecWest conference in Vancouver, Canada, but due to the coronavirus pandemic, this year's event will be hybrid - participants can submit their exploits remotely and ZDI staff in Toronto and Austin will run the exploits. The car is being offered to those who participate in the automotive category.

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. Following disclosure to Microsoft, the Windows maker is said to have "Determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host."

Microsoft has released a new set of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix bugs impacting multiple Intel CPU families. Microcode updates are released by Intel after discovering bugs in their CPUs to allow OS vendors to patch the CPU behavior to address or at least partially mitigate the issues.

Microsoft has shared a workaround for a known issue impacting Windows 10 devices with Conexant ISST audio drivers and causing update errors and issues. Windows 10 computers affected by this known issue come with Conexant ISST Audio or Conexant HDAudio drivers under 'Sound, video and game controllers' in Device Manager.

President Brad Smith said that national security is threatened by the industry's inability to learn lessons from the past.

Two major browsers -Microsoft Edge and Google Chrome - are rolling out default features, which they say will better help notify users if their password has been compromised as part of a breach or database exposure. Microsoft on Thursday said that its next version of Edge will generate alerts if a user password is found in an online leak.

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials. With Microsoft Edge 88.0.705.50 now rolling out, users get a built-in strong password generator that allows them to easily set up new passwords when signing up for new accounts or when changing the old passwords.

Microsoft has detailed how the Password Monitor feature in Edge works after it pushed version 88 of the browser into the Stable channel. The Password Monitor technology had already been made available to Insiders during 2020 and notifies users in the event their saved passwords are found in a third-party breach.

The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web. Microsoft Edge 88 is rolling out to users in the Stable channel alongside some new privacy-focused features, including a long-awaited credentials monitor and a built-in password generator.

Just because an admin needs access to one system setting, database or network doesn't mean they need access to all of them; applying role-based security permissions to your IT team makes as much sense as not giving receptionists access to the build tree for your internal applications. While having privileged admin access is convenient, if there's a data leak, a database admin would much rather be able to say that the contents of the database are encrypted so they can't have seen anything than to try and prove they didn't copy data they didn't need to have access to in the first place.