Hacking Windows 8 | Breaking Cybersecurity News | The Hacker News

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft's Azure cloud service by exploiting it to take control over Windows Live Tiles , one of the key features Microsoft built into Windows 8 operating system. Introduced in Windows 8, the Live tiles feature was designed to display content and notifications on the Start screen, allowing users to continuously pull up-to-date information from their favorite apps and websites. To make it easier for websites to offer their content as Live Tiles, Microsoft had a feature available on a subdomain of a separate domain, i.e., " notifications.buildmypinnedsite.com ," that allowed website admins to automatically convert their RSS feeds into a special XML format and use it as a meta tag on their websites. The service, which Microsoft had already shut down, was hosted on its own Azure Cloud platform with the subdomain configured/linked to an Azure account operated by the company. However,...

Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google's tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn't appears to be a righ...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

Google has once again released the details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system before Microsoft planned to patch the bug, triggering a new quarrel between the two tech giants. This is second time in less than a month when the Google's security research team known as Project Zero released details of the vulnerability in Microsoft's operating system, following its 90-day public disclosure deadline policy. Google Project Zero team routinely finds vulnerabilities in different products from different companies. The vulnerabilities then get reported to the affected software vendors and if they do not patch the flaws in 90 days, Google automatically makes the vulnerability along with its details public. DISCLOSURE OF TWO SECURITY HOLES IN LESS THAN A MONTH Two weeks back, Google Project Zero team disclosed details of an elevation of privilege (EoP) vulnerability  affecting Windows 8.1 that may have allowed hackers to modify cont...