Microsoft

Microsoft recently announced the Surface Laptop 4. The newest member of the Surface family has plenty of options, including allowing people to choose an AMD or Intel CPU as well as either a 13.5-inch or 15-inch body. To protect the Surface Laptop 4 and any information people store on it, Microsoft built in several security measures. Microsoft breaks down the security features in a recent post. Specifically, the post breaks down the security elements of the AMD-powered Surface Laptop 4.

L33tdawg: Same dates as HITBSecConf2021 - Amsterdam VIRTUAL :)

Microsoft's annual Build conference will be virtual again this year, running from May 25 to May 27. According to Microsoft, Build is "where developers, architects, start-ups, and students learn, connect, and code together, sharing knowledge and expanding their skill set, while exploring new ways of innovating for tomorrow."

Microsoft released patches Tuesday for four critical vulnerabilities Chinese hackers are using in targeted attacks on Exchange Server, SC Media has learned.

On a series of three blog posts to be released Tuesday, Microsoft said targeted hacking from a group operating out of China that the company calls Hafnium, linked together chains of vulnerabilities to garner access.

Microsoft has patched 56 flaws in its latest Patch Tuesday round of fixes including a critical vulnerability in the win32k component of Windows 10 that could allow hackers to escalate privileges on a targeted device.

The critical zero-day flaw, tracked as CVE-2021-1732, is under active exploitation and is rated 7.8 on the CVSS threat severity scale. It’s been exploited to allow hackers to run malicious code on a targeted system with elevated privileges, according to researchers with DBAPPSecurity, who first discovered the flaw.

The variety of techniques used by the SolarWinds hackers was sophisticated yet in many ways also ordinary and preventable, according to Microsoft.

To prevent future attacks of similar levels of sophistication, Microsoft is recommending organizations adopt a "zero trust mentality", which disavows the assumption that everything inside an IT network is safe. That is, organizations should assume breach and explicitly verify the security of user accounts, endpoint devices, the network and other resources.

Microsoft has released its current findings into the SolarWinds attack that continues to shake the global cybersecurity industry.

Modern gaming consoles have exploded with indie games and apps, but one category has always proven an exception: emulators. This week, however, Ars has learned of an apparent loophole in Microsoft's Xbox Store system being used to distribute high-performing emulators on the platform.

Unbeknownst to Windows 10 users until now, a security vulnerability existed in Windows Setup, the process with runs when installing Feature Updates for the operating system.

The vulnerability (CVE-2020-16908) made it possible for a locally authenticated attacker to run arbitrary code with elevated system privileges. This flaw could be exploited to install software, create new user accounts, or interfere with data.

Microsoft has been working hard on improving the Chromium-based Edge web browser and the company's upcoming feature will allow users to disable the password reveal button on different websites.

Since 2003, the month of October has been recognized as National Cybersecurity Awareness month and after a three-month research challenge which dovetailed into the beginning of October, Microsoft finally awarded $374,300 to the global IoT security research community for finding vulnerabilities in Azure Sphere.