Security News

Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note. The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions.

The Microsoft Store is pre-installed on all Windows 10 device and it's a great way to install fresh apps on your device. Microsoft Store isn't as good as Google and Apple marketplace, but there are plenty of good and secure apps that you can try to improve your Windows experience.

Microsoft Linux is the next evolution of the Microsoft desktop operating system, argues Jack Wallen. It makes sense, especially given how hard Microsoft is working on Windows Subsystem for Linux, but from everything I've witnessed over the last few years, I think there's a conclusion to be drawn that makes even more sense for Microsoft.

Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group. According to Microsoft, the Zerologon attacks it has observed involve fake software updates that connect to command and control infrastructure known to be associated with TA505, which the company tracks as CHIMBORAZO. The fake updates are designed to bypass the user account control security feature in Windows and they abuse the Windows Script Host tool to execute malicious scripts.

Microsoft warned users on Thursday that it has spotted a sophisticated piece of Android ransomware that abuses notification services to display a ransom note. Roid ransomware typically allows cybercriminals to make a profit not by encrypting files - such as in the case of ransomware targeting desktop systems - but by displaying a full-screen ransom note that is difficult for the user to remove.

Microsoft is rolling out a new feature in Microsoft Edge that integrates Skype's Meet now video conferencing feature on the new tab page, also known as NTP. With this new feature, Microsoft aims to help consumers relying on video conferencing to get in touch with coworkers, friends, and relatives without creating a Skype or Microsoft account. Last month, Microsoft added the Skype Meet feature to Windows 10 preview builds and the same feature is now rolling out to Microsoft Edge.

Researchers have disclosed two flaws in Microsoft's Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations.

Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery attacks or execute arbitrary code and take over the administration server. Azure App Service is a cloud computing-based platform that's used as a hosting web service for building web apps and mobile backends.

Microsoft will soon offer different installation experiences when setting up Windows 10 based on how you plan on using the computer. As people use Windows 10 in different ways, Microsoft is testing a new setup screen that asks you to indicate how you plan to use the computer to customize the options and tools offered during setup.

Microsoft announced that consent phishing protections including OAuth app publisher verification and app consent policies are now generally available in Office 365. These protections are designed to defend Office 365 users from an application-based phishing attack variant known as consent phishing.