Microsoft has announced quite categorically that it will finally stop supporting its Internet Explorer browser next year. Currently, many users have already abandoned Internet Explorer, which has lived more than quarter of a century, but the company plans to drive final nail in the coffin of the browser on June 15, 2022, as Microsoft will… Continue reading Microsoft will end support for Internet Explorer in 2022
Tag: Microsoft
Microsoft will permanently remove Adobe Flash Player from Windows in summer 2021
According to manufacturers’ elaborate plan, since beginning of 2021 support for Adobe Flash Player was finally discontinued. This means that Adobe has officially stopped distributing Flash Player and its updates, and browser developers have stopped supporting Flash plugins. In addition, an emergency “switch” was introduced into the Flash Player code in advance, which prevents the… Continue reading Microsoft will permanently remove Adobe Flash Player from Windows in summer 2021
GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
The GitHub developers review the exploit posting policy and want to discuss with the information security community a series of changes to the site rules. These rules determine how employees deal with malware and exploits uploaded to the platform. The proposed changes imply that GitHub will establish clearer rules about what counts as code that… Continue reading GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
Microsoft Introduces One-Click ProxyLogon Fix Tool
Microsoft developers have released a tool called EOMT (Exchange On-premises Mitigation Tool) designed to install updates on Microsoft Exchange servers and one-click ProxyLogon vulnerabilities fix. The utility is already available for download on the company’s GitHub. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail server, which the… Continue reading Microsoft Introduces One-Click ProxyLogon Fix Tool
Expert intercepted windows.com traffic using bitsquatting
An independent expert known as Remy discovered that Microsoft domains were not protected against bitsquatting and intercepted windows.com traffic. The expert conducted his experiments on the example of the windows.com domain, which can turn, for example, into windnws.com or windo7s.com in case of a bit flip. The term Bitsquatting refers to a type of cybersquatting… Continue reading Expert intercepted windows.com traffic using bitsquatting
Microsoft has released emergency patches for Exchange
Microsoft has released emergency patches for four 0-day vulnerabilities found in the code of the Exchange mail server (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). The company warned that Chinese hackers from the Hafnium group are already exploiting these problems. For starting the attack, hackers only need to gain access to the local Microsoft Exchange server on… Continue reading Microsoft has released emergency patches for Exchange
Microsoft: SolarWinds Hackers Stole Source Codes of Azure, Exchange and Intune Components
Microsoft experts announced that they have completed an official investigation of the attack, and told what exactly SolarWinds hackers were able to steal. The company reiterated that it was found no evidence that outsiders could somehow abuse Microsoft systems or use its products to attack customers. Let me remind you that Microsoft acknowledged the fact… Continue reading Microsoft: SolarWinds Hackers Stole Source Codes of Azure, Exchange and Intune Components
Microsoft Says Over 1,000 Developers Worked on SolarWinds Attack
In an interview with CBSNews, Microsoft President Brad Smith said the recent attack on SolarWinds was “the largest and most sophisticated he has ever seen.” According to him, the analysis of the hack carried out by the company’s specialists suggests that more than 1,000 developers worked on this attack. At the same time, Smith says… Continue reading Microsoft Says Over 1,000 Developers Worked on SolarWinds Attack
Microsoft warns of growing number of cyberattacks using web shells
Microsoft has warned of an increase of cyberattacks using web shells. Cybercriminals often use web shells to secure their presence on compromised networks. Compared to last year, the average monthly number of malicious web shells detected on compromised servers has doubled. Microsoft’s Defender Advanced Threat Protection (ATP) report last year, based on data collected from… Continue reading Microsoft warns of growing number of cyberattacks using web shells
Researcher compromised 35 companies through new “dependency confusion” attack
Information security expert Alex Birsan spoke about a new attack called “dependency confusion”. The problem is a variation of the supply chain attack. Besides the name “dependency confusion”, the attacks is also called a “substitution attack”. For detecting this method of attacks, the researcher has already received more than $130,000 from various companies through bug… Continue reading Researcher compromised 35 companies through new “dependency confusion” attack