September 30, 2024 at 04:52PM Microsoft Defender now alerts users with a Microsoft 365 Personal/Family subscription about unsecured Wi-Fi networks. The privacy protection feature, Defender VPN, safeguards data and identity on public Wi-Fi or untrusted networks by encrypting and routing internet traffic through Microsoft’s servers. It can also detect and alert users of potential attacks … Read more
July 31, 2024 at 09:03AM Microsoft admitted that its defensive implementation exacerbated an Azure instability due to a DDoS attack, with an error in defense amplifying the impact. Despite their global defense strategy, the response to the attack did not go well, impacting various services. Microsoft’s responses and reviews are expected in the coming weeks. … Read more
July 24, 2024 at 03:11PM A critical Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) patched in February is still exploited in infostealing attacks globally. Exploiting SmartScreen’s security bypass allows attackers to disguise malicious code in images and trigger downloads, compromising data from various applications. Organizations with delayed Microsoft patch cycles are particularly vulnerable, emphasizing the need for … Read more
July 18, 2024 at 10:42AM Microsoft has resolved a bug preventing the Microsoft Photos app from launching on some Windows 11 22H2 and 23H2 systems. This issue affected devices with certain configuration settings enabled. The problem has been fixed with the release of Photos app version 2024.11070.15005.0 and newer. Affected users can obtain the update … Read more
July 15, 2024 at 12:03PM Microsoft has provided a temporary fix for a bug preventing the Microsoft Photos app from launching on certain Windows 11 systems. The issue affects devices with specific CSP policies enabled and can be resolved by installing the latest Windows App SDK. Microsoft is working on a permanent fix and will … Read more
April 22, 2024 at 12:33AM SafeBreach researchers at Black Hat Asia revealed flaws in Microsoft and Kaspersky security products, allowing remote file deletion even after patching. By implanting malware signatures into legitimate files, attackers could trigger the deletion. Though patches were issued, researchers bypassed them and reported further vulnerabilities, emphasizing the complexity of fixing remote … Read more
April 9, 2024 at 02:54PM Microsoft released a significant security patch addressing at least 150 vulnerabilities, including a critical flaw in Azure Kubernetes Service (CVE-2024-29990) enabling unauthenticated attackers to assume full control. This release also encompasses fixes for remote code execution issues in various Microsoft products. The move follows criticism of Microsoft’s security practices and … Read more
April 9, 2024 at 01:39PM Summary: Numerous security vulnerabilities affecting various Microsoft products, Azure services, Intel, and Lenovo have been identified, ranging from remote code execution and elevation of privilege to information disclosure and denial of service. Severity levels vary from critical to low, highlighting the widespread impact on the affected systems. After reviewing the … Read more
February 14, 2024 at 02:39AM A zero-day exploit in Microsoft Defender SmartScreen, leveraged by the threat actor Water Hydra (aka DarkCasino), targets financial market traders. Exploiting CVE-2024-21412, the attacker convinces victims to click on a booby-trapped URL, bypassing security checks. The end goal is to deliver the DarkMe trojan, capable of executing additional instructions and … Read more
January 15, 2024 at 01:34PM Phemedrone malware exploits Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass security prompts in Windows. It steals data from web browsers, cryptocurrency wallets, and apps like Discord and Steam. The flaw was fixed in November 2023, but unpatched systems remain at risk. Trend Micro researchers have identified the specific apps and … Read more