June 13, 2024 at 10:14PM Microsoft delays AI-powered Windows Recall feature initially set for a public preview on Copilot+ PCs to seek further testing and security. Amid concerns over privacy and security, it will now first be available for preview with Windows Insiders. This follows criticism and efforts to enhance security, including making the feature … Read more
June 13, 2024 at 08:47PM During a US House committee hearing, Microsoft president Brad Smith faced scrutiny over security breaches involving China-backed spies. Smith admitted to the company’s errors and defended its operations in China, prompting further questioning from lawmakers about compliance with Beijing’s national security laws. Other topics included the role of Microsoft in … Read more
June 12, 2024 at 12:45PM Microsoft addressed a critical remote code execution vulnerability in its June 2024 Patch Tuesday updates. Tracked as CVE-2024-30103, it allows attackers to create malicious DLL files and initiate execution when an affected email is opened in Outlook. This zero-click vulnerability can be exploited for initial access and requires immediate client … Read more
June 12, 2024 at 08:06AM GitHub’s bug bounty program, established 10 years ago, has paid out over $4 million. In 2023, the program reached this milestone and saw its largest single reward of $75,000 for a vulnerability. The total payout exceeded $850,000 in 2023, with GitHub aiming to enhance payout processes and public disclosures in … Read more
June 12, 2024 at 07:39AM Symantec reports that threat actors using Black Basta ransomware exploited a privilege escalation flaw in Microsoft’s Windows Error Reporting Service as a zero-day, patched in March 2024. Symantec’s observation points to attempts to exploit the vulnerability in an unsuccessful ransomware attack. It also highlights the emergence of a new ransomware … Read more
June 11, 2024 at 08:33PM Microsoft’s June Patch Tuesday addressed 49 CVE-tagged security flaws, including a critical bug in wireless networking and a publicly disclosed DNS vulnerability (CVE-2023-50868). It also included an RCE issue in Microsoft Message Queuing (CVE-2024-30080) and a Wi-Fi driver remote code execution hole (CVE-2024-30078). Adobe, SAP, PHP, Arm, Apple, Google, SolarWinds, … Read more
June 11, 2024 at 07:13PM The critical CVE-2024-30080 is the highlight of Microsoft’s June 2024 Patch Tuesday update, but several other issues also need immediate attention. Based on the meeting notes, the key takeaway would be that CVE-2024-30080 is the critical issue in Microsoft’s June 2024 Patch Tuesday update, but there are also many other … Read more
June 11, 2024 at 05:36PM Microsoft has issued urgent patches for critical vulnerabilities in its Windows operating system. The most severe flaw, CVE-2024-30080, allows for remote code execution in the Microsoft Message Queuing component. Additionally, there are numerous code execution issues in Microsoft Office, Windows services, and a remote code execution vulnerability in Windows WiFi … Read more
June 11, 2024 at 01:52PM Microsoft released the KB5039211 cumulative update for Windows 10 21H2 and 22H2, with 12 changes including a new Snipping Tool feature for editing Android photos in Windows. The update is mandatory, containing security patches for June 2024. After installation, Windows will be updated to new builds. However, four known issues … Read more
June 10, 2024 at 06:13PM Microsoft introduced the “Recall” AI feature for Copilot+ PCs, prompting concerns about potential data theft. In response, Microsoft added new security measures: Recall will now be turned off by default, users need Windows Hello enrollment, and Recall data will be encrypted. However, experts doubt these changes will fully safeguard sensitive … Read more