Security News

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of...

Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities - including three that have already been found and abused in the wild. The third vulnerability that was exploited before Microsoft could push a patch out, CVE-2023-36025, allows miscreants to bypass security features in Windows Defender SmartScreen - Redmond's anti-phishing and anti-malware feature.

Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. The total count of 58 flaws does not include 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month.

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. "Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions."

Upgrade to Microsoft Windows 11 Home for Just $30 Through 10/15 You can now upgrade up to five computers to Microsoft Windows 11 Home for one low price and get a new sleek interface, advanced tools and enhanced security. For business, personal use, gaming, creative projects and more, you will truly appreciate the advanced tools in Windows 11 that can help you work smarter and faster.

You can soon right-click on any YouTube video in Microsoft Edge or Google Chrome and save the frame in the original resolution and PNG format. Following the introduction of an option to "Copy video frame" on YouTube, Google has now implemented an additional feature allowing you to "Save" video frames directly.

Microsoft Edge's latest Canary update has an innovative feature: video translation. This upcoming feature in Edge is expected to support translation in four languages.

Microsoft has resolved a known issue causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop. The bug is known to impact Outlook users trying to save an attachment to a network share, according to a support document published by Redmond when the bug was first acknowledged in July.

A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "Shift in the persistent actor's tactics."

Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. After picking their targets following initial contact on LinkedIn, the BlueNoroff hackers backdoor their systems by deploying malware hidden in malicious documents pushed via private messages on various social networks.