The backend database supporting Microsoft's careers page contained authentication flaws and poor security settings which allowed attackers to modify the database's job listing pages. Security failures in a MongoDB database which exposed Microsoft's mobile careers page to attack have been rapidly patched.
In a blog post on MacKeeper, the security team said the MongoDB database was vulnerable to compromise and may have been serving arbitrary HTML through the mobile version of Microsoft's careers page. The third-party provider which the Redmond giant uses to handle the database behind the careers page is Punchkick Interactive.Read more
Myth: By disabling all privacy compromising and telemetry features on Windows 10 will stop Microsoft to track your activities. Fact: Even after all telemetry features disabled, Windows 10 is phoning home more than you could ever think of.
Ever since the launch of Microsoft's newest operating system, Windows 10 is believed to be spying on its users. I wrote a number of articles to raise concern about Windows 10 privacy issues. The only solution believed to cope up with these issues is to disable all the telemetry features or use an automated tool to disable all privacy-infringing features in just one click.Read more
Microsoft accidentally leaked a website security certificate that, if used by an attacker, could open up Xbox users to impersonation attacks. The software giant warned in an advisory that the private keys to the xboxlive.com domain had been "inadvertently disclosed," but did not elaborate on exactly how it happened.
The certificate can be used by an attacker to impersonate the xboxlive.com domain and carry out a so-called "man-in-the-middle" attacks, which allows the attacker to intercept the website's secure connection. This could trick Xbox users into handing over their username and password, potentially leading to further attacks on the user.Read more
Windows 10 is possibly making unwanted changes to your gaming rig. Microsoft’s first big update for its operating-system-as-a-service is deleting some user-installed apps without asking Windows owners for permission.
The affected programs include hardware monitoring tools CPU-Z and Speccy as well as the AMD Catalyst Control Center for tweaking your Radeon graphics cards. In all of these instances, it seems that the programs no longer functioned properly with the newest version of Windows 10, and the apps were often causing crashes and the blue screen of death.Read more
Remember when Microsoft developed a tool that tried to guess our age? Of course you do – social media feeds were saturated for weeks with outraged 30-year-olds being told they were 50, and 14-year-olds given a glimmer of hope before attempting to buy alcohol.
Now Microsoft’s going further by trying to guess our emotions. Which isn’t at all creepy. Not at all. Try and guess my emotion, Microsoft. All a person has to do is upload a photograph to Microsoft’s Project Oxford website, where its beta tools are hosted. Using facial recognition software and artificial intelligence, the emotion recognition engine will create a string of numbers in relation to emotions.Read more
Hackers have created Android malware that hides itself as a Microsoft Word document in order to trick users into opening it and steal data. The malware was discovered by IT security firm Zscaler. When triggered, the malware scans all of the smartphone's data and sends it to the hacker via email.
The researchers said the attack was reminiscent of early Windows malware attacks with files named with eye-catching titles and common icons to entice victims to open the file. The malware is often downloaded from an unofficial source and portrays itself as a data file with an icon similar to that used by Microsoft Word documents. It runs with Administrative access and hence cannot be easily uninstalled.Read more
It has been nearly two months since the launch of Windows 10, and Microsoft is finally responding to the growing privacy concerns around the new operating system. In a detailed blog post from Windows chief Terry Myerson, Microsoft details all of the ways Windows 10 collects and uses data.
There have been a number of concerns over the content of application crash data, but Myerson reveals Microsoft doesn't collect content or files, and that the company takes "several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID."Read more
Tech support scammers have mocked up a web page with an even more dire version of Microsoft’s infamous Blue Screen of Death error page.
Microsoft Corp asked a federal appeals court to block the US government from forcing the company to hand over a customer's emails stored on an Irish server, warning that the precedent would create a global free-for-all that eviscerates personal privacy.
The case, the first in which a US company has challenged a warrant seeking data held abroad, has captured the attention of the technology industry, privacy advocates and news organizations. The appeal is centered on a search warrant seeking the emails of an individual in Dublin, as part of a drug investigation. The person has not been identified.Read more
In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over text messages between suspects using iPhones.
Government officials had warned for months that this type of standoff was inevitable as technology companies like Apple and Google embraced tougher encryption. The case, coming after several others in which similar requests were rebuffed, prompted some senior Justice Department and FBI officials to advocate taking Apple to court, several current and former law enforcement officials said.Read more