Bleeping Computer: Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws

Bleeping Computer: Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws. “Today is Microsoft’s May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today’s update, eight are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.”

One Good Thing: 32 years after its debut, Microsoft Solitaire is still a blissful time-waster (Vox)

Vox: One Good Thing: 32 years after its debut, Microsoft Solitaire is still a blissful time-waster. “There’s a pleasant, throwback quality to solitaire in this age of doomscrolling. For a few minutes at a time, I can look away from the rest of the world and just look for a way to get to the six of clubs that I know I need to finish this game.”

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens (Bleeping Computer)

Bleeping Computer: GitHub: Attacker breached dozens of orgs using stolen OAuth tokens. “GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including npm.”

TechCrunch: Microsoft seizes domains used by Russian spies to target Ukraine

TechCrunch: Microsoft seizes domains used by Russian spies to target Ukraine. “Microsoft has successfully seized domains used by APT28, a state-sponsored group operated by Russian military intelligence, to target institutions in Ukraine. The tech giant said in a blog post on Thursday that Strontium — Microsoft’s moniker for APT28 or ‘Fancy Bear,’ a hacking group linked to Russia’s GRU — used the domains to target multiple Ukrainian institutions, including media organizations, as well as government institutions and think tanks involved in foreign policy in the U.S. and Europe.”

Engadget: Whistleblower says Microsoft spent millions on bribes abroad

Engadget: Whistleblower says Microsoft spent millions on bribes abroad. “In an essay published Friday on the whistleblower platform Lioness, former Microsoft manager Yasser Elabd alleged that Microsoft fired him after he alerted leadership to a workplace where employees, subcontractors and government operators regularly engaged in bribery. He further alleges that attempts to escalate his concerns resulted in retaliation within Microsoft by managers, and eventual termination from his role.”

Bleeping Computer: Lapsus$ hackers leak 37GB of Microsoft’s alleged source code

Bleeping Computer: Lapsus$ hackers leak 37GB of Microsoft’s alleged source code. “The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft’s internal Azure DevOps server. Early Sunday morning, the Lapsus$ gang posted a screenshot to their Telegram channel indicating that they hacked Microsoft’s Azure DevOps server containing source code for Bing, Cortana, and various other internal projects.”

Reuters: China requires Microsoft’s Bing to suspend auto-suggest feature

Reuters: China requires Microsoft’s Bing to suspend auto-suggest feature. “Microsoft Corp’s Bing, the only major foreign search engine available in China, said a ‘relevant government agency’ has required it to suspend its auto-suggest function in China for seven days. The suspension marks the second of its kind for Bing since December, and arrives amid an ongoing crackdown on technology platforms and algorithms from Beijing.”

Appears to say: Microsoft Edge now provides auto-generated image labels (Windows Blog)

Windows Blog: Appears to say: Microsoft Edge now provides auto-generated image labels. “Alt text is critical to making the web accessible, yet it’s often overlooked. Our data suggests that more than half of the images processed by screen readers are missing alt text. To help fill that gap, Microsoft Edge will now provide auto-generated alt text for images that do not include it. Auto-generated alt text helps users of assistive technology such as screen readers discover the meaning or intent of an images on the web.”

Microsoft Blog: Microsoft for Startups Founders Hub now open to all – no funding needed

Microsoft Blog: Microsoft for Startups Founders Hub now open to all – no funding needed. “Based on real-world feedback from thousands of entrepreneurs from around the world, across a range of backgrounds, we are excited to unveil, Microsoft for Startups Founders Hub. Open to anyone with an idea, the platform is designed to address the most common challenges startups face.”

Following Google’s lead: Microsoft axes Russia Today and bans state-owned media ads (CityAM)

City AM: Following Google’s lead: Microsoft axes Russia Today and bans state-owned media ads. “Microsoft have stated in a blog post that it will be removing Russian state-owned media outlet RT’s mobile apps from the Windows App store, as well as cutting ads on Russian state-sponsored media…. Microsoft said it would not display any state-sponsored RT and Sputnik content, de-rank search results on Bing and not place any ads from its ad network on those sites.”