The vulnerability, designated CVE-2019-0708 and dubbed BlueKeep, can be exploited by miscreants to execute malicious code and install malware on vulnerable machines without the need for any user authentication: a hacker simply has to be able to reach the box across the internet or network in order to commandeer it.
Eight out of the ten most exploited vulnerabilities tracked by threat intelligence in 2018 targeted Microsoft products.
Windows has too many potential attack points, most of which are not directly overseen by the very company who develops the operating system. The vast majority of the code cannot be audited by the community. There are fewer checks and balances in place to ensure that these attacks are prevented. After seeing how Ubuntu and various other Linux distributions ensure the security of their users, the Microsoft Windows approach starts to seem a lot less sane.
The “original gangster of big tech” has managed to dodge the bad headlines and congressional grilling that have ensnared its rivals by working with regulators and advocating its own solutions.
The macro remains the email attachment of choice for delivering malicious payloads.
According to a newly released survey conducted at Black Hat 2018, 50% of hackers said that Windows 8 and Windows 10 have been the easiest attack vectors to exploit.
Almost all recent zero-day attacks have been delivered via Microsoft Word.
Researching the security of medical devices in 50 US hospitals, ZingBox discovered that medical imaging devices contributed half of the high-risk security issues. The underlying cause? Almost all of these systems were being controlled through Windows workstations, often flaw-ridden versions going back to XP and even 98, which reflects the age of the scanning hardware.
The majority of vulnerabilities used by cyber-criminals last year in phishing attacks and exploit kits were found in Microsoft products, with some dating back several years.
The “simple spoofing attacks” described in the post are all variations on using a “modified printed photo of an authorised user” (a frontal photo, naturally) so an attacker can log into a locked Windows 10 system.
LinkedIn is that kind of place – “a wasteland of endless management consultants congratulating each other”, to quote one correspondent. There’s an excess focus on simulating optimism and excitement, rather than clear-headed discussion on issues. It’s like a giant, living, breathing resume, complete with bad formatting, plasticised optimism and synthetic relationships.
LinkedIn's mobile app threw up a pop-up requesting permission to share data with nearby Bluetooth devices even when users weren't using the business networking app.
Windows 10 has started nagging people to buy a subscription to OneDrive.
The EU’s top privacy body has been probing Windows 10, but isn’t satisfied, even after Microsoft agreed to tweak the consent settings. Google and Facebook have pursued personal data collection just as aggressively, also touting machine learning “breakthroughs” as the justification.
Called “Query formulation via task continuum,” Microsoft's patent basically describes a technology that always monitors what users do on their computers.
When you consider what a combined Microsoft and LinkedIn will know about people, the possibilities are pretty scary.
Some people are happy with the bargain of handing over their data for free stuff – but many more are not. Unless we begin to price our data, we're just there to be fleeced, time after time.
Enterprises are routinely storing corporate password files in the cloud through Microsoft’s OneDrive backup technology. OneDrive is the most common Office 365 application, with 79.1 per cent of organisations using it. The average corporate OneDrive service contains 204 unencrypted files labelled “passwords”.
Over and over, Microsoft is trying to herd businesses into using its cloud services. It wants subscriptions for everything, and they don't seem shy about turning the knobs on pricing and/or feature-busting once enough customers have migrated. In its brave new world, everything you do is streamed to it for analysis and changes can't be delayed much (if at all), leaving users at the mercy of whatever Microsoft's UI designers feel like doing.
Microsoft recently created a new Windows 10 nagware reminder that presented a dialog asking you to install the OS. But if users clicked the red “X” to close the dialog - standard behaviour for dispelling a dialog without agreeing to do anything - Microsoft took that as permission for the upgrade.