Security News

Windows 10 KB5039211 update released with new feature, 12 fixes
2024-06-11 17:45

Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows. The Windows 10 KB5039211 update is mandatory as it contains containing Microsoft's June 2024 Patch Tuesday security updates.

New Warmcookie Windows backdoor pushed via fake job offers
2024-06-11 15:17

A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. According to Elastic Security Labs, which discovered the new threat, Warmcookie is capable of extensive machine fingerprinting, screenshot capturing, and the deployment of additional payloads.

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
2024-06-08 07:35

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as...

Windows Recall will be opt-in and the data more secure, Microsoft says
2024-06-07 19:01

The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature leaves much to be desired, and has announced important changes. A few weeks ago, Microsoft presented Copilot+ PCs, a new line of computers powered by Windows 11 and delivering some specific new features.

Microsoft makes Windows Recall opt-in, secures data with Windows Hello
2024-06-07 16:37

Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. To further improve the feature's privacy and security, the company will also require users to prove that they're in front of the computer via Windows Hello to enable and use Recall.

PHP fixes critical RCE flaw impacting all versions for Windows
2024-06-07 14:32

A new PHP for Windows remote code execution vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. The new RCE flaw tracked as CVE-2024-4577, was discovered by Devcore Principal Security Researcher Orange Tsai on May 7, 2024, who reported it to the PHP developers.

Microsoft Research chief scientist has no issue with Windows Recall
2024-06-06 07:26

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

TotalRecall shows how easily data collected by Windows Recall can be stolen
2024-06-05 10:12

Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows' newly announced Recall feature to steal sensitive information. Copilot+ Recall takes snapshots of the computer's screen ever few seconds, encrypts and stores the snapshots locally, uses optical character recognition to extract relevant information that users may search for later, and and stores this data locally in an SQLite database, in plain text.

Microsoft announces first Windows 10 Beta build since 2021
2024-06-04 19:26

Microsoft has reopened the Windows 10 beta channel and is asking Insiders to join or switch to receive a new beta build in the coming weeks. The announcement comes three years after the last Windows 10 build was released for Insiders in the Beta and Release Preview channels.

Microsoft deprecates Windows NTLM authentication protocol
2024-06-04 15:38

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. New Technology LAN Manager, better known as NTLM, is an authentication protocol first released in 1993 as part of Windows NT 3.1 and as the successor to the LAN Manager protocol.