The one and only password tip you need

OK, its time for me to keep a promise. Back in October 2022, I wrote an article called Why almost everything we told you about passwords was wrong. The article summarizes how a lot of what youve been told about passwords over the years was either wrong change your passwords as often as your...

Introducing kernel sanitizers on Microsoft platforms

As part of Microsoft’s commitment to continuously raise security baselines, we have been introducing innovations to the foundation of the chip-to-cloud security outlined in the Windows 11 Security Book. Strong foundational security enables us to build defenses from the ground up and develop...

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things IoT devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow...

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest...

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest...

MacOS Bug Could Let Creeps Snoop On You

Microsoft on Monday released details about a bug in macOS that Apple fixed last month – named “powerdir” – that could let attackers hijack apps, install their own nasty apps, use the microphone to eavesdrop or grab screenshots of whatever’s displayed on your screen. The vulnerability allows...

Password usage analysis of brute force attacks on honeypot servers

As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe...

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy

Hackers sent Joe Biden’s presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services such as Dropbox to avoid detection. The emails were an attempt to steal staffers’ credentials and infect them with malware. The...

Microsoft Research JavaScript Cryptography Library Security Bypass Vulnerability

Microsoft Research JavaScript Cryptography Library is a JavaScript cryptography library for cloud services from Microsoft USA that supports RSA encryption/decryption, AES-CBC encryption/decryption and GCM encryption/decryption. A security bypass vulnerability exists in the Microsoft Research...

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

Security feature bypass

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

CVE-2018-8319

CVE-2018-8319 concerns MSR JavaScript Cryptography Library (msrcrypto). Affects the library’s Elliptic Curve Cryptography (ECC) implementation, where multiple bugs in ECC could allow an attacker to glean information about a server’s private ECC key (key leakage) or craft invalid ECDSA signatures ...

Locky Ransomware Learns New Evasive Tricks

For several weeks security experts have had success slowing Locky ransomware infection rates. That’s been due to aggressive efforts to combat the Trojan downloader Nemucod, used in recent campaigns to distribute Locky. But now researchers say hackers behind Locky are changing tactics, giving the...

When, Not Whether, Is the Question for Mobile Authentication, Research Finds

The findings from a recent study carried out by Microsoft Research and the University of South Carolina suggest that we should be asking ourselves when to require authentication rather than whether to require authentication. The research puts forth the idea of tailoring authentication requirement...

New Morto Strain Emerges With File Infection Capability

A new strain of the Morto worm has added a file infection capability in addition to its existing ability to compromise remote desktop connections, according to new research from Microsoft. Now Morto is infecting files in the default RDP file share, ‘tsclient,’ after it determines which drives it...

Money Mules, Not Customers, The Real Victims of Bank Fraud

Money mules – the accomplices who help move stolen funds – may be the real victims of online banking scams, not the bank customers who are the ostensible targets of fraudsters, according to new research from Microsoft. In a paper that turns conventional thinking about online banking crime on its...

Microsoft Research: Spammers Act Just Like HIV Virus In Avoiding Filters

Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. Thus, our use of the terms “virus,” and “worm.” Now it turns out that the links may not be so arbitrary, after Microsoft researchers discovered that tools they developed to dete...

Microsoft Research Proposes E-Voting Attack Mitigation

Microsoft Research has proposed a mitigation for a known potential attack against verifiable electronic voting machines that could help prevent insiders from being able to alter votes after the fact. The countermeasure to the “trash attack” involves adding a cryptographic hash to the receipts tha...