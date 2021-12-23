ContributorsPublishersAdvertisers
Multiple Vulnerabilities Found In Microsoft Teams – Only One Fixed So Far

Cover picture for the articleResearchers have discovered at least four different vulnerabilities in the Microsoft Teams link preview feature. However, Microsoft has patched only one of these bugs so far, delaying or denying the patches for the rest. Microsoft Teams Vulnerabilities Found. Sharing the details in a recent blog post, Positive Security has...

winbuzzer.com

Microsoft Teams End-to-End Encryption for One-to-One Calls Arrives with Compromises

End-to-end encryption (E2EE) is a security feature that users covet on communication services, especially those focused on enterprise and business. Microsoft Teams so far has not used E2EE for one-to-one calls, but that is now changing. According to Microsoft, it has finished testing end-to-end encryption for one-on-one calls and it is now rolling out to Teams.
notebookcheck.net

Microsoft patches spoofing vulnerability that was exploited to spread malware

Microsoft patched a zero-day vulnerability that affected the AppX installer in Windows. The vulnerability allowed hackers to create packages to infect systems with malware. The patch was included in the December Patch Tuesday update. Microsoft released a major patch that fixes a spoofing vulnerability in AppX installer (CVE-2021-43890), which was...
ANDROID COMMUNITY.COM

Microsoft Teams bug preventing 911 calls on Android fixed via update

Few days ago, a very strange bug was discovered by a Reddit user that prevented the user from making emergency 911 calls. This was identified to be an anomaly between the Microsoft Team app and the Android 10 (or later) operating system which risked blocking the 911 calls. Former XDA Developers Editor-in-Chief, Mishaal Rahman examined and summed up the problem in detail in his Medium post. He said, Google investigated and found that when the app is installed but not signed-in, it can sometimes trigger this bug.
latesthackingnews.com

Microsoft Launch Vulnerable And Malicious Driver Reporting Center

Given the rise in malicious and buggy drivers risking system security, Microsoft has developed an inclusive platform to help secure the kernel. Dubbed as “Vulnerable and Malicious Driver Reporting Center,” this single online form facilitates reporting of troublesome drivers to Microsoft for analysis. Microsoft Vulnerable And Malicious Driver...
securityboulevard.com

Acunetix releases multiple updates to detect Log4j vulnerabilities

Over the past week, we have been busy updating Acunetix to detect Log4j vulnerabilities that have been making the headlines. Acunetix is detecting the CVE-2021-44228 vulnerability (Log4Shell) as an out-of-band vulnerability using the AcuMonitor service. In addition, the AcuMonitor service and Acunetix have been updated to detect blind (delayed) Log4j RCE, where the payload might be executed after some time by a different system than the one being scanned.
latesthackingnews.com

Researcher Discovered Site Isolation Bypass In Google Chrome – Bug Fixed

A researcher from Google Project Zero Team discovered a site isolation bypass vulnerability affecting the Chrome browser. Google subsequently patched the bug with Chrome 96 stable release. Google Chrome Site Isolation Bypass. Reportedly, Sergei Glazunov from Project Zero found a site isolation bypass affecting Google Chrome and the underlying Chromium...
latesthackingnews.com

New Log4j Attack Vector Exploits WebSocket To Trigger RCE – Update to Log4j 2.17.0

Shedding light on alternative exploit strategies for the chaotic Log4j vulnerability, researchers have devised a new attack vector exploiting WebSocket. Users must update their systems to the latest Log4j version 2.17.0 to avoid potential threats. Log4j Attack Vector Exploits WebSocket. Security researchers from Blumira have elaborated how WebSocket connections exploits...
latesthackingnews.com

US CISA, CrowdStrike Release Free Log4j Scanners

As Log4j vulnerability continues to haunt the internet world, more bug scanners have surfaced online to help prevent real-time exploits. Recently, the US CISA and CrowdStrike have also separately released Log4j vulnerability scanners for free. US CISA, CrowdStrike Log4j Scanners. The US Cybersecurity and Infrastructure Security Agency (CISA) has recently...
latesthackingnews.com

New AvosLocker Ransomware Exploits AnyDesk, Reboots System In Safe Mode

A new addition to the ransomware gang has surfaced online targeting systems with a distinct technique Identified as ‘AvosLocker’, the ransomware exploits AnyDesk software to infect devices. Whereas it reboots target systems in Safe Mode to evade detection. AvosLocker Ransomware Exploits AnyDesk. In a recent report, Sophos has...
knowtechie.com

Delete these Android apps if they are installed on your phone

Whatever Google says about the security of the Google Play Store, it’s a fact that they don’t catch every malicious Android app that gets uploaded. Researchers at ThreatFabric say they’ve found a dirty dozen of apps downloaded from the Google Play Store that are actually banking or crypto trojans, which resulted in over 300,000 infections by the dropper apps.
