Microsoft has reportedly signed a deal with FireEye that will see it share telemetry data from Windows 10 with the third-party security outfit. Microsoft and FireEye's partnership will also see FireEye "gain access to telemetry from every device running Windows 10."
Microsoft uses telemetry data from Windows 10 to help identify security issues, to fix problems and to help improve the quality of its operating system, which sounds like a good thing. However, with the company previously admitting that it's latest OS is harvesting more data than any version before it, Microsoft's mega data-slurp also raised some privacy concerns.Read more
One of the most recent support call scams involves Microsoft’s Security Essentials, the free antivirus solution that the company is offering to users of Windows 7 or older Windows versions.
The company published a warning to explain that this fake Microsoft Security Essentials antivirus is actually a scam and whose only goal is to convince you that there’s something wrong with your PC, only to pay for fake repairs. After installing, the fake package generates a Blue Screen of Death, which once again contains elements proving it’s all just a malicious attempt to steal your money. The BSOD displays contact information.Read more
Browsing through Microsoft patent library we often come across ideas which we wish they implemented, but which never made it to a product. Today we came across the opposite – an idea whose time we hope never comes.
The patent notes that efficient searching is enhanced if more information is available regarding the user intent, giving the example of someone doing a school report on dancing, and noting that despite the user having done some work already, when they hit the browser to search the search engine would not have any idea what the user is working on except for what they have typed into the search bar. People use multiple desktop applications in order to complete a single task.Read more
Microsoft has downplayed the seriousness of an alleged Exchange auto-discovery vulnerability, saying that it sees no need to patch the reported security weakness. Redmond contends that its existing security advice covers the issue, a point disputed by flaw-finder Marco van Beek.
Van Beek explains: “I recently discovered that most, if not all, Microsoft Exchange clients are more than happy to provide a user's password in plain text to any web server of the same domain as used in an email address, and it only takes only four lines of code and a local config file to make that happen. Microsoft’s response to his report has left van Beek dissatisfied.Read more
The actor behind the Kovter Trojan has come up with a new persistence mechanism over the past weeks and also started masquerading the malware as a Chrome update, Microsoft security researchers warn.
It’s a well-known fact that cybercriminals are constantly updating their malicious applications to ensure increased efficiency, and the people behind Kovter have been very active in this regard over the past several months: in April, they added ransomware capabilities to this file-less Trojan, while starting to masquerade it as a Firefox update several weeks ago. Now, Microsoft Malware Protection Center researchers reveal that the actor has updated Kovter’s persistence method.Read more
The French data protection authority ordered Microsoft Corp to stop collecting excessive data on users of its Windows 10 operating system and serving them personalized ads without their consent.
The CNIL said the U.S. company had three months to stop tracking browsing by users so that Windows apps and third-party apps can offer them targeted advertising without their consent, failing which it could initiate a sanctions procedure. A number of EU data protection authorities created a contact group to investigate Microsoft's Windows 10 operating system following its launch in July 2015, the French privacy watchdog said.Read more
For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices.
The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it.Read more
Microsoft is today closing off a vulnerability that one Chinese researcher claims has “probably the widest impact in the history of Windows.” Every version of the Microsoft operating system going back to Windows 95 is affected, leaving anyone still running unsupported operating systems, such as XP, in danger of being surreptitiously surveilled.
The bug can be exploited silently with a “near-perfect success rate”, as the problems lie in the design of Windows. The ultimate impact? An attacker can hijack all a target’s web use, granting the hacker ”Big Brother power”, as soon as the victim opens a link or plugs in a USB stick.Read more
Angler, currently considered the most sophisticated and most successful exploit kit, has been observed delivering Flash and Silverlight exploits capable of evading Microsoft’s Enhanced Mitigation Experience Toolkit.
Microsoft EMET is a tool designed to make it more difficult, expensive and time consuming for attackers to exploit vulnerabilities on Windows systems. However, researchers have disclosed methods that can be used to bypass EMET protections on numerous occasions and malicious actors have now also found ways to evade the security tool. In the attacks analyzed by FireEye, cybercriminals used these mitigation bypasses to deliver TeslaCrypt ransomware.Read more
Security researchers have discovered a new kink in the tactics of malware operators, who are now combining spam campaigns, malicious Word documents, and PowerShell code to deliver fileless malware to their targets.
None of these techniques is new, but they have never been used together until now, showing that malware operators are also paying closer attention to security research and the work of some of their peers, borrowing techniques from each other in their ever-present struggle to evade detection. Security researchers have discovered this campaign, and they're saying that it's relatively small at the moment.Read more