Security News

Earlier this year, Microsoft Edge was updated with a new feature that hides pesky browser notification dialog boxes that are commonly used by news publishers, social media platforms, and websites to continuously nag users with links to their content, spam, or even malware. To address this problem, Microsoft Edge update is now introducing a new feature that uses a new set of APIs to enable support for background web notifications.

Microsoft has announced that they will not be releasing cumulative updates previews in December 2020 due to limited staff and operations during the upcoming holidays. When Microsoft releases new update Windows and Windows server updates, it uses a fixed schedule, or cadence, that allows businesses and consumers to prepare and test new releases as they come out.

Microsoft said it has detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers. Microsoft said most of the targets - located in Canada, France, India, South Korea and the United States - were "Directly involved in researching vaccines and treatments for COVID-19." It did not name the targets but said most had vaccine candidates in various stages of clinical trials.

Last year, Weinert noted that using any form of MFA is better than relying just on a password for security, as it "Significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population." The SMS and voice formats aren't adaptable to user experience expectations, technical advances, and attacker behavior in real-time.

Multi-factor authentication, for those who haven't been paying attention, involves adding one or more additional access requirements to password-based authentication. At the same time, he argues people should avoid relying on SMS messages or voice calls to handle one-time passcodes because phone-based protocols are fundamentally insecure.

Microsoft has announced today that Windows 10 customers with devices running the latest Insider build can launch and interact with multiple Android apps directly on their computers' desktops. Support for streaming and using Android apps on Windows 10 from supported Samsung devices was announced by Microsoft in August.

During an upcoming presentation at HITB CyberWeek 2020, Ashar Javed, a security engineer at Hyundai AutoEver Europe, will share stories from his journey towards discovering 365 valid bugs in Microsoft Office 365. I found literally hundreds of bugs in Office 365 but my favourite are All your Power Apps Portals belong to us and Cross-tenant privacy leak in Office 365.

Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google's security team last week. Outside of the zero-day, the update fixes a number of remote code execution vulnerabilities impacting Exchange Server, Network File System, and Microsoft Teams, as well as a security bypass flaw in Windows Hyper-V virtualization software.

One of the fixed flaws is being actively exploited, the Windows Kernel Cryptography Driver vulnerability disclosed by Google's Project Zero at the end of last month. The CVE-2020-17087 driver bug was also exploited with CVE-2020-15999, a remote-code exec vulnerability in Chrome's font-parsing code, to also hijack targeted people's PCs. All three bugs are now patched; installing the latest software updates fixes them.

Microsoft's November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution bugs. Twelve of Microsoft's 17 critical patches were tied to RCE bugs.