Security News

As the digital wolves dress in sheep's tax forms, Microsoft has thrown a spotlight on a crafty 2024 phishing expedition, unraveled in January, that preys on the unsuspecting herd of early tax filers. The malicious email campaign, purporting to be employees' tax returns, contained an attachment that, when clicked, directs the user to a phony website that looks like a blurred spreadsheet, with a download documents button marked "Confidentials to users[dot]name[at] contoso[dot]com."

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the...

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. 1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor.

Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. The unsolicited ads are believed to be shown when users have Google Chrome open and configured to use Google as the default search engine.

Microsoft announced that Office LTSC 2024, the next Office LTSC release, will enter a commercial preview phase starting next month and will be generally available later this year. The company will also release Office 2024 later this year, a new version of on-premises Office for consumers, which comes with five years of support and the traditional "One-time purchase" model.

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users...

Microsoft Security Copilot, also referred to as Copilot for Security, will be in general availability starting April 1, the company announced today.At a press briefing on March 7 at the Microsoft Experience Center in New York, we saw how Microsoft positions Security Copilot as a way for security personnel to get real-time assistance with their work and pull data from across Microsoft's suite of security services.

Microsoft Copilot for Security, a subscription AI security service, will be generally available on April 1, 2024, the company announced on Wednesday. Based on GPT-4 and a Microsoft security-specific model, Copilot for Security takes input from people or scripts, passes the text through an orchestrator layer, a context layer, and possibly application plugins, then returns a response from the underlying AI model.

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to...

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited. One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.