Microsoft Defender identifies Google and Zoom as malicious
The Windows native security app had "gone rogue" and was misidentifying legitimate URLs as malicious.
This week Microsoft confirmed that its Defender security platform, which is delivered as a part of its Windows operating system, was mistakenly tagging legitimate websites.
On Wednesday, Micr... Read more
Cisco discloses high-severity IP phone vulnerability
The vulnerability impacts Cisco's IP Phone 8800 Series and IP Phone 7800 Series devices.
The bug, tracked as CVE-2020-3452, allows attackers to gain root access to vulnerable systems. According to Cisco's security advisory, exploitation requires local access.
The vulnerability is caused by an... Read more
Atlassian patches critical flaws in Bitbucket and Crowd Server
Atlassian launched critical-severity patches for identity management solution Crowd Server and Data Center and repository management platform Bitbucket Server and Data Center.
Both security flaws have a severity rating of 9 and affect numerous versions of the products. The Crowd Server and Data ... Read more
OpenSSL 3.0.7 patches two high-risk vulnerabilities
OpenSSL version 3.0.7 is now available and should be applied as soon as possible, the developers say.
OpenSSL version 3.0.7 was announced last week as an important security fix. The vulnerabilities patched with this release are CVE-2022-3786 (X.509 Email Address Variable Length Buffer Over... Read more
Microsoft 365 update reverted due to crashing Office apps
Microsoft rolled back the Enterprise Channel version 2206 update for Microsoft 365. The update caused Office applications to crash in several environments. Microsoft advises customers to revert to Enterprise Channel version 2205.
The crashes occur when users view a contact card or hover over a u... Read more
SGX, Intel’s seemingly secure data fortress, has been breached
The ÆPIC leak CPU bug spills users' sensitive and confidential data in seconds from Intel SGX enclaves.
Intel's latest CPUs contain a major vulnerability that enables attackers to achieve encryption keys as well as other private data protected by its SGX. This cutting-edge feature works as a va... Read more
Slack resets user passwords after bug
Slack reset the passwords of about half a percent of its userbase. The company attempts to mitigate a bug that provided hashed passwords to fellow workspace participants.
According to Slack, the bug was discovered by a researcher late last week and had a major impact on passwords. The vulnerabi... Read more
A simple string of ‘And’ seems to crash Google Docs
Google Docs appears to crash at the sight of "And. And. And. And. And."
A bug is causing Google Docs to crash if a string of words is typed into a document, opened with the online word processor. After crashing, the document won't be easily re-accessed. Doing so would trigger the crash again.
... Read more
An almost decade-old bug in Microsoft’s 64-bit VBA causes complaints
A compiler bug in 64-bit Visual Basic for Applications on Windows has been present for years, according to a complaint by a user, and is responsible for preventing migration to 64-bit Office. The problem was reported by a StackOverflow user and is found in code that runs correctly in 32-bit VBA but... Read more
Microsoft’s Windows 365 Cloud PC vulnerability could expose Azure credentials
Microsoft announced that the new Windows 365 Cloud PC was going to be generally available earlier this month. Now, a security researcher has come forward claiming that there is a bug in the offering which can be exploited by attackers to extract Azure users’ credentials in unencrypted plain text.... Read more