Currently when a user opens a file on a FTP server using Chrome, it will try and render that file in the browser. Developers propose download the file rather than opening it in the browser. However, Chrome will continue to display FTP directory indexes. Firefox wants to remove FTP support as well.
Skype development team announced testing of the new cloud filesharing feature in the latest Skype Insider Build. Users will be able to share a link to a file or folder in OneDrive directly in the chat. If your contact is on a mobile device and has the application available, the file will open directly in that app, and not in the browsers. If your contact does not have the application installed, the OneDrive web site can preview most commonly used filetypes. A new feature is currently available to Skype insiders.
A bug with the online video feature in Microsoft Word, recently discovered by Cymulate security researchers, found its first use for deliver malware. Trend Micro specialists discovered and described the URSNIF information stealer spreading mechanism. Users can defend against threats abusing this by blocking Word documents that has the embeddedHtml tag in their respective XML files or disabling documents with embedded video.
The company explained that in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently left an internal exploit for the Dirty COW vulnerability (CVE-2016-5195). The purpose of this QA validation step is to make sure the Cisco product contains the required fixes for this vulnerability. This issue affects versions X8.9 to X8.11.3. All affected software images have proactively been removed from the Cisco Software Center and will soon be replaced with fixed software images.
Trend Micro specialists have discovered a Trickbot’s new module, called pwgrab32 or PasswordGrabber, steals credentials from applications such as Filezilla, Microsoft Outlook, and WinSCP. It also steals usernames and passwords, Internet cookies, browsing history, autofills and HTTP posts from several popular web browsers such as Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge.
Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm. Support the sandbox feature is not enabled by default, but users can turn the feature on by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine. This is currently supported on Windows 10, version 1703 or later.
The document RFC 8484 defines a specific protocol, DNS over HTTPS (DoH), for sending DNS queries and getting DNS responses over HTTP using https URIs (and therefore TLS security for integrity and confidentiality). This is an Internet Standards Track document, it represents the consensus of the IETF community. Some experts speak negatively about the IETF decision.
New version of the browser Chrome 70, which is expected to be released on October 16, will block sites with certificates issued by Symantec, Thawte, VeriSign, Equifax, GeoTrust and RapidSSL before June 2016. Many popular resources are still not ready for this. According to security researcher Scott Helme 1139 sites in the top 1 million websites based on Alexa rankings will be affected.
In new Skype for Windows 10 update user will able to add, edit and check off tasks directly from app. Tasks will be saved and available in Skype, or in the To-Do app. You also will be able easily manage your tasks in Outlook.com without breaking your flow or leaving your inbox.