Microsoft has released today a security update that will change the default behavior of the "Point and Print" feature to mitigate a severe security issue disclosed last month. From a report: First added in Windows 2000, the Point and Print feature works by connecting to a print server to download and install necessary print drivers every time a user creates a connection to a remote printer without providing installation media. Earlier this year, Jacob Baines, a reverse engineer for Dark Wolf Solutions, found that threat actors inside a company's network could abuse the Point and Print feature to run a malicious print server and force Windows systems to download and install malicious drivers.

Since Point and Print ran with SYSTEM privileges, the feature effectively provided threat actors with an easy way to gain admin rights inside any large corporate or government network. Microsoft initially tried to patch the issue -- tracked as CVE-2021-34481 -- last month, but the patches were deemed incomplete. Today, the company took another approach. Since the vulnerability is exploiting a design flaw, Microsoft chose today to change the default behavior of the Point and Print feature.

Cross-chain decentralized finance (DeFi) platform Poly Network was attacked on Tuesday, with the alleged hacker draining roughly $600 million in crypto. From a report: Poly Network, a protocol launched by the founder of Chinese blockchain project Neo, operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tuesday's attack struck each chain consecutively, with the Poly team identifying three addresses where stolen assets were transferred. At the time that Poly tweeted news of the attack, the three addresses collectively held more than $600 million in different cryptocurrencies, including USDC, wrapped bitcoin (WBTC), wrapped ether (WETH) and shiba inu (SHIB), blockchain scanning platforms show.

"We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses," the Poly team tweeted. The $600 million figure would place the Poly Network hack among the largest in crypto history. Tether froze approximately $33 million in relation to the hack, Tether CTO Paul Adroino tweeted. About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. The transaction was rejected.

WIth the release of Firefox 91 on Tuesday, Mozilla has introduced a bigger hammer for smashing the cookies that websites, advertisers and tracking companies can use to record your online behavior. From a report: The new feature, called enhanced cookie clearing, is designed to block tracking not just from a website, but also from third parties whose code appears on the site. The technology is designed to let you clear cookies for a particular website but also the more aggressive "supercookies" designed to evade lesser privacy protections. The feature is an option if you enable Firefox's strict mode for cookie handling, which partitions website data into separate storage containers. "You can easily recognize and remove all data a website has stored on your computer, without having to worry about leftover data from third parties embedded in that website," Mozilla said in a blog post.