Lavasoft Blog

The latest version of Microsoft’s Skype program hides the user’s IP address. The IP (= internet protocol) address has the potential to reveal a user’s location as well as the identity of their internet service provider which, in turn, can be used to retrieve additional personal identifiers. While the improvement in privacy is helpful for all users, the update is largely directed at gamers who utilize the messenger service. 

Visitors to the MSN homepage have been targeted with malicious advertising. According to security researcher Jerome Segura, the malvertising was delivered to users through the AdSpirit advertising network, one of MSN’s advertising partners. Users who clicked on the banner advertisements were re-directed to the RIG and Neutrino exploit kits.

Security researcher Klikki Oy has received a $10,000 bug bounty for discovering a security flaw in Yahoo Mail. The XSS vulnerability discovered could have allowed a potential attacker to forward the contents of the victim’s inbox to an external website and compromise the account itself. Yahoo learned about the threat last month, implemented a fix and rewarded the researcher through a bug bounty program.  

The Microsoft Office 365 Exchange Online Protection team is introducing three new changes to protect users of their email service. The changes are being rolled out in the first quarter of 2016 and include faster detection of malicious attachments, increased efficiency for categorizing spam and new protection against fake CEO spoofing attacks.