Security News

Microsoft is finally rolling out support for layers and image transparency to the Paint image editor application 38 years after its launch. "You can now add, remove, and manage layers on the canvas to create richer and more complex digital art. With layers, you can stack shapes, text, and other image elements on top of each other," Grochocki said.

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data while contributing open-source AI learning models to a public GitHub repository. Microsoft linked the data exposure to using an excessively permissive Shared Access Signature token.

Google Chrome is set to enhance its user experience on the desktop by adding a "Read aloud" function, currently available for testing in the Canary version. A notable feature of Read Aloud is the adjustable playback speed, allowing users to control the rate at which articles are read aloud.

Microsoft's Edge browser, known for its innovative features, is now shedding one of its most applauded functions, Web Select. Accessed either via the menu or the Control+Shift+X shortcut, Web Select provided an edge over simple screenshot tools.

Get technical details about how this new attack campaign is delivered via Microsoft Teams and how to protect your company from this loader malware. A new report from global cybersecurity company Truesec reveals a new attack campaign leveraging Microsoft Teams to infect companies' users.

A set of memory corruption flaws have been discovered in the ncurses programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious actions," Microsoft Threat Intelligence researchers Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse said in a technical report published today.

Microsoft is investigating an ongoing outage preventing customers from sending or receiving messages using the company's Microsoft Teams communication platform. Microsoft confirmed the outage in a tweet published via its official Microsoft 365 status account, saying that more details can be found under TM675041 in the admin center.

Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. "Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats," the company said, adding the development marks a shift from using email-based initial infection vectors for initial access.

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. Storm-0324 is a temporary name assigned by Microsoft to this particular threat actor and shows that the company has yet to reach high confidence about the origin or identity of the actor behind the operation.

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity.