Microsoft beefs up Edge's security against zero-day attacks

Credit to Author: Lucas Mearian| Date: Thu, 20 Jan 2022 13:16:00 -0800

In the latest release of its Edge beta, Microsoft introduced a new way for IT admins to better secure the Chromium-based browser against web-based attacks.

The release notes for Microsoft Edge Beta Channel describe the new security features as employing several techniques to guard against so-called zero-day exploits; Zero-day exploits are software or network vulnerabilities developers are unaware of, and so they’ve not been patched.

Imagine if the keylock mechanism on your home’s backdoor was faulty and jiggling the doorknob released the latch. Burglars could walk door to door looking for that particular vulnerability and jiggle doorknobs until one opened. Zero days are the same concept, but in cyberspace.

To read this article in full, please click here

Read more

20 years after Gates’ call for trustworthy computing, we’re still not there

Credit to Author: Susan Bradley| Date: Mon, 17 Jan 2022 03:42:00 -0800

Do you feel more secure? Is your computing experience more trustworthy these days?

Seriously — you’re reading this article on a computer or phone, connecting to this site on an internet shared with your Grandma as well as Russian hackers, North Korean attackers, and lots of teenagers  looking at TikTok videos. It’s been 20 years since then-Microsoft CEO Bill Gates wrote his Trustworthy Computing memo where he emphasized security in the company’s products.

So are we actually more secure now?

I’m going to keep in mind the side effects from last week’s Patch Tuesday security updates and consider them in my answer. First, the good news: I don’t see major side effects occurring on PCs not connected to active directory domains (and I haven’t seen any showstoppers in testing my hardware at home). I can still print to my local HP and Brother printers. I can surf and access files. So, while I’m not ready yet to give an all-clear to install the January updates, when I do, I doubt you’ll see side effects.

To read this article in full, please click here

Read more

A week in security (January 10 – 16)

Credit to Author: Malwarebytes Labs| Date: Mon, 17 Jan 2022 11:39:43 +0000

The most important and interesting security stories from the last seven days.

Categories: A week in security

Tags:

(Read more…)

The post A week in security (January 10 – 16) appeared first on Malwarebytes Labs.

Read more

Patch Tuesday gets off to a busy start for January

Credit to Author: Greg Lambert| Date: Fri, 14 Jan 2022 12:10:00 -0800

For this week’s Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of them rated critical. Though six vulnerabilities have been publicly reported, I do not classify them as zero-days. Microsoft has fixed a lot of security related issues and is aware of several known issues that may have inadvertently caused significant server issues including:

  • Hyper-V, which no longer starts with the message, “Virtual machine xxx could not be started because the hypervisor is not running.”
  • ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic).
  • And Windows domain controller boot loops.

There are a variety of known issues this month, and I’m not sure whether we’ll see more issues reported with the January server patches. You can find more information on the risk of deploying these latest updates with our helpful infographic.

To read this article in full, please click here

Read more

Microsoft touts first PCs to ship natively with secure Pluton chip

Credit to Author: Lucas Mearian| Date: Wed, 12 Jan 2022 03:00:00 -0800

As organizations continue to wrestle with how to manage a hybrid workforce, security outside the corporate firewall continues to play a huge role in day-to-day IT operations.

Following the October release of Windows 11, which boasted features aimed at enabling hybrid work, Microsoft last week announced the first PCs with its Pluton chip-to-cloud security technology. The technology is aimed at securing the computers of remote workers and others.

At CES, Microsoft announced that Lenovo and chipmaker AMD have launched the first laptops — the ThinkPad Z13 and ThankPad Z16 — that come natively with the Pluton security chips. Pricing for the ThinkPad Z13 starts at $1,549, pricing for the ThinkPad Z16 starts at $2,099. Both laptops will be available in May and Lenovo said there is no additional cost associated with the Pluton chip inside.

To read this article in full, please click here

Read more

Windows security in ’22 — you need more than just antivirus software

Credit to Author: Susan Bradley| Date: Mon, 10 Jan 2022 06:10:00 -0800

Do you need antivirus in 2022 — especially when some options now come with a cryptominers built in?

Several antivirus vendors — some options free, others, paid — have begun bundling their antivirus products with software that generates virtual currency. Of all of the requirements for antivirus, using excess cycles on your computer to generate crypto-coins is not on my list of must-haves.

Recently, Krebs on Security noted that both Norton Antivirus and Avira have told users that versions of their respective software now include a cryptominer. While it’s not enabled by default, it still gives me pause; antivirus is supposed to protect us from such potentially unwanted software, and these two vendors are now including it in their wares.

To read this article in full, please click here

Read more

Microsoft Defender for Endpoint brings remote deployment to iOS

Credit to Author: Jonny Evans| Date: Thu, 06 Jan 2022 07:45:00 -0800

With the latest Microsoft Defender for Endpoint (MDE) preview for iOS, Microsoft has taken another step that should make life easier for IT administrators who need to secure remote iOS devices at the endpoint.

Endpoint protection without the user friction

The MDE preview includes a new capability to install Defender for Endpoint remotely and automatically on any devices enrolled in the service. The company first announced its intention to deliver the feature last month.

In practice, this seems relatively friction-free.

To read this article in full, please click here

Read more