Microsoft President: We Need to Create a Digital Geneva Convention

By Brian Donohue SAN FRANCISCO—In a keynote address at the 2017 RSA Conference, Microsoft President Brad Smith called for the creation of “a trusted and neutral digital Switzerland” in an effort to combat the influx of state-sponsored actors and attacks. Alternatively calling his plan a “Digital Geneva Convention,” Smith leaned heavily on the familiar war […]

Microsoft, Google, and User Safety

There was a time in the not-so-distant past when nasty public fights between Microsoft and various researchers over when and how to disclose vulnerabilities were just about a weekly occurrence. That time thankfully has passed, but, as the current disagreement between Google and Microsoft over Google’s disclosure of a Windows zero day makes clear, everyone […]

Microsoft Says Russian Group Exploiting Windows Zero Day

Microsoft’s security team says the zero-day vulnerability in Windows discovered by Google researchers recently is being exploited by an attack group that has been linked to the hacks of the Democratic National Committee and other political targets in the United States. The group, which Microsoft calls Strontium, has been linked to Russia and Microsoft officials said […]

Google Identifies Unpatched Windows Bug Being Used in Attacks

Ten days after informing Microsoft of a serious privilege of escalation vulnerability in Windows, Google researchers have disclosed some limited information about the bug because it is under active attack. The Google researchers discovered the vulnerability earlier this month and sent the details to Microsoft on Oct. 21. The team at Google knew that attackers […]

Angler Exploit Kit EMET Bypass Leads to TeslaCrypt Ransomware

Microsoft has built a number of technical defenses against browser-based exploits in the last decade or so, including a specialized toolkit called EMET that’s designed to defeat advanced exploits. Attackers have now created a version of the notorious Angler exploit kit that can bypass EMET entirely and then install the nasty TeslaCrypt ransomware. This advance […]

Office 365 Bug Could’ve Allowed Attackers to Login to Virtually Any Account

Security researchers in January discovered a critical vulnerability in the SAML implementation in Microsoft’s Office 365 service that could allow an attacker to log in to a victim’s account and gain full access to email, contacts, and other sensitive data. The vulnerability was present in Office 365 for an unknown amount of time, and there […]