Microsoft

Microsoft is Introducing New Security Features for Developers, Clients

Microsoft announced new Identity and Azure apps at this week’s Create virtual event designed to improve security for both application developers and business customers. New Identity capabilities to help foster a secure and trustworthy app ecosystem for developers, admins, and end-users alike include Publisher Verification, App Consent Policy, and Microsoft Authentication Libraries (MSAL) general availability…

Zero Day Initiative Researchers Publish Five Windows Zero Days

Security researchers working with the Zero Day Initiative (ZDI) of Trend Micro have released information on five unpatched vulnerabilities in Microsoft Windows, including four that were considered high risk. The first three of these zero-day vulnerabilities could enable an attacker to escalate privileges on the affected device, tracked as CVE-2020-0916, CVE-2020-0986 and CVE-2020-0915, and featuring…

Samsung Makes Autofocus Quicker in New Image Sensor

The Isocell GN1 image sensor with 50 megapixels comes with autofocus for phase detection and absorbs light better, Samsung said. Samsung has released a new, the company said, 50-megapixel image sensor with auto-focus phase detection (PDAF). The Isocell GN1 comes with 1.2 micrometer-sized pixels, each pixel having two photodiodes that receive light for phase detection…

Several Tips to Safeguard Your Windows 7 Devices

Microsoft has discontinued supporting Windows 7 systems with effect from January 2020. For many users, this decision was disheartening, as Windows 7 was one of the most common operating systems, and used by millions. Despite Microsoft releasing Windows 8 and Windows 10 after its release, Windows 7 ‘s popularity never diminished. After the Windows Vista…

NortonLifeLock Releases Free Tool for Twitter Bots Detection

This week, NortonLifeLock released the beta version of a free browser extension which enables Twitter users to easily recognize bots on the social media platform. The tool, called BotSight, is currently available to users in the US, UK, Australia and New Zealand for Chrome, Chromium-based Brave, and Firefox. In addition, its developers plan to build…

Hacker Group Advertises Numerous Violations of Data

A community of hackers have started advertising on the dark web data allegedly stolen as a result of several recent infringements, including those affecting Tokopedia, Styleshare, Minted, ChatBooks, and others. Known as “Shiny Hunters,” the group recently claimed responsibility for hacking Tokopedia, the largest online store in Indonesia, and claimed to have breached Microsoft’s GitHub…

Microsoft Zero-Day patches used in Korea-linked assaults

Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 flaws, including a Windows zero-day exploited in Chrome zero-day attacks. The Windows zero-Day patch is CVE-2019-1458, a privilege escalation flaw in the handling of objects in the storage of the Win32k component. Microsoft said an attacker can use the security hole to execute arbitrary…

Office 365 To Get Microsoft Recommended Security Profiles

The development team of Microsoft is currently working on adding the recommended Exchange Online Protection (EOP) and Office 365 Advanced Threat Protection (ATP) security profiles later this month. “There are two levels of security, Exchange Online Protection and Office 365 Advanced Threat Protection that we are recommending to enable security administrators to customize their security…

Dexphot Malware uses Evade Detection Randomisation, Encryption and Polymorphism

Microsoft has been tracking malware for more than a year using numerous evasion techniques, including random file names, fileless install and polymorphism. Microsoft which calls Dexphot malware has found that it has tried deploying files that have modified 2 or 3 times an hour. The polymorphic malware was targeted at thousands of devices and executed…

Ransomware Spreads DopplePaymer via Committed Credentials: Microsoft

The DopplePaymer ransomware spreads over current Domain Admin accounts, not exploiting the vulnerabilities targeting BlueKeep, Microsoft notes. The malware that security researchers believe is involved in the recent attack against the state-owned Mexican petroleum company PetrĂ³leos Mexicanos (Pemex), has been running since June 2019, with some earlier samples dating to April 2019. DopplePaymer was originally…