Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole attack.
Microsoft is warning customers of an “important” update to its Azure AD Connect service that could allow for an elevation of privilege attack against affected systems.
Google Project Zero’s Tavis Ormandy found another remote code execution vulnerability in the Microsoft Malware Protection Engine, the third since early May.
Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab’s latest report, WannaCry hitting Honda, GhostHook, and Fireball.
Researchers at CyberArk have developed a bypass for Windows PatchGuard that leverages Intel’s Processor Trace (Intel PT) technology to execute code at the kernel.
Check Point has toned down its initial estimates on the number of Fireball malware infections from 250 million machines and 20 percent of corporate networks to 40 million computers.
It’s bad enough to be caught by an SMS phishing scam – but when the bad guys expose your stolen account details to the world, that really rubs salt into the wound
An anonymous reader quotes a report from the BBC: Microsoft has admitted that it does temporarily disable anti-virus software on Windows PCs, following an competition complaint to the European Commission by a security company. In early June, Kaspersky Lab filed the complaint against Microsoft. The security company claims the software giant is abusing its market dominance by steering users to its own anti-virus software. Microsoft says it implemented defenses to keep Windows 10 users secure. In an extensive blog post that does not directly address Kaspersky or its claims, Microsoft says it bundles the Windows Defender Antivirus with Windows 10 to ensure that every single device is protected from viruses and malware. To combat the 300,000 new malware samples being created and spread every day, Microsoft says that it works together with external anti-virus partners. The technology giant estimates that about 95% of Windows 10 PCs were using anti-virus software that was already compatible with the latest Windows 10 Creators Update. For the applications that were not compatible, Microsoft built a feature that lets users update their PCs and then reinstall a new version of the anti-virus software. “To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating,” writes Rob Lefferts, a partner director of the Windows and Devices group in enterprise and security at Microsoft.
Read more of this story at Slashdot.
Microsoft said Wednesday it would extend its Edge bug bounty program indefinitely.
Your daily round-up of some of the other stories in the news