Security News

Learn to secure multiple documents by encrypting compressed files on various OSes using a password. When considering how to share data efficiently, cloud storage has a leg up on hardware by making it easy to share files and folders with users across the globe with a few clicks.

Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10. We've explained encrypted DNS before, but briefly, it encrypts DNS queries between your computer and the DNS resolver so those in between can't see which websites or other URLs you're asking for.

Windows 10 users who upgrade to v2004 will finally be able to switch on a longstanding Windows Defender feature that protects users against potentially unwanted applications. PUAs are applications that often cannot be outright classified as malware, but still violate users' security and privacy interests.

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. What the researchers discovered, very greatly simplified, is that with some simple PowerShell commands, any user can setup a new printer device on Windows, provided that there's already a low-level driver program installed to support the destination printer.

Microsoft has announced the first testable version of DNS-Over-HTTPS support, available for its Windows 10 operating system. Support for the DoH protocol, which Microsoft first announced in November, is available in the Windows 10 Insider Preview Build 19628.

Among the vulnerabilities patched by Microsoft on May 2020 Patch Tuesday is CVE-2020-1048, a "Lowly" privilege escalation vulnerability in the Windows Print Spooler service. CVE-2020-1048, which affects Windows 7, 8.1, and 10 and Windows Server 2008, 2012, 2016, and 2019, arises from the Windows Print Spooler service improperly allowing arbitrary writing to the file system.

After a flurry of zero-day vulnerabilities in recent editions, May's Patch Tuesday finally gives Windows users a month off having to fix 'big' exploited or public flaws. The catch is it's still one of the biggest patch rounds Microsoft has ever released, featuring 111 CVE-level bug fixes, nearly half of which are in Windows itself.

Sensitive data is building up on enterprise devices. There has been a 46 percent increase in the number of items of sensitive data - such as Personally Identifiable Information and Protected Health Information - identified on enterprise endpoints, compared to pre-COVID-19.

A study of vulnerabilities - bugs that can be a gateway for malware or allow privilege escalation by an intruder - shows that Windows platforms have the most by far, but that they also tend to be fixed quickly, compared to Linux systems or appliances like routers, printers and scanners. The assets analysed mostly exclude mobile devices, leaving the top five most common platforms as Windows 10, Linux, Cisco, Windows 7 and Windows 2012.

Flaws target Zoom clients for the Windows and the MacOS operating system, according to a published report by Vice Motherboard. The Windows code could be a significant threat to Zoom users, according to experts quoted by Motherboard.