Security Alerts & News
by Tymoteusz A. Góral

History
#2154 Strengthening the Microsoft Edge sandbox
In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal data. In particular, we showed how Microsoft Edge is leveraging technologies like Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to break some of the techniques that hackers rely on when exploiting vulnerabilities to obtain Remote Code Execution (RCE). This is where the attacker seeks to escape from web code (JS and HTML) in the browser to run native CPU code of the attacker’s choosing. This lets the attacker violate all of the browser’s rules for the web, such as same-origin policy, and so it is important to web users that we try as hard as possible to block RCE attacks.

However, despite our best efforts, sometimes attackers get RCE anyway. In this post, we’ll explore some of the significant improvements we’ve made in the Windows 10 Creators Update to strengthen our next line of defense: the Microsoft Edge sandbox.
Read more
#2155 Massive uproar on alleged Windows 10 built-in ‘keylogger’ feature
#2154 Strengthening the Microsoft Edge sandbox
#2153 SmartTV hacking - Oneconsult talk at EBU Media Cyber Security seminar (VIDEO)
#2152 GiftGhostBot attacks ecommerce gift card systems across major online retailers
#2151 New attack XSSJacking combines clickjacking, pastejacking, and SelfXSS
#2150 Symantec backs its CA
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12