- Hackers are now hiding malware in Windows Event LogsSecurity researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed… Read more: Hackers are now hiding malware in Windows Event Logs
- Hundreds of HP printers vulnerable to remote code execution flawsHP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. The first security bulletin warns about about a buffer overflow flaw that could lead to remote code execution on the affected machine. Tracked as CVE-2022-3942, the security issue was reported… Read more: Hundreds of HP printers vulnerable to remote code execution flaws
- German government advises against using Kaspersky antivirusGermany’s Federal Office for Information Security, BSI, is warning companies against using Kaspersky antivirus products due to threats made by Russia against the EU, NATO, and Germany.Kaspersky is a Moscow-based cybersecurity and antivirus provider founded in 1997, that has a long history of success, but also controversy over the company’s possible relationship with the Russian… Read more: German government advises against using Kaspersky antivirus
- Ubisoft confirms ‘cyber security incident’, resets staff passwordsVideo game developer Ubisoft has confirmed that it suffered a ‘cyber security incident’ that caused disruption to its games, systems, and services. The announcement comes after multiple Ubisoft users had reported issues last week accessing their Ubisoft service. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far,… Read more: Ubisoft confirms ‘cyber security incident’, resets staff passwords
- Microsoft is testing ads in the Windows 11 File ExplorerMicrosoft has begun testing promotions for some of its other products in the File Explorer app on devices running its latest Windows 11 Insider build. The new Windows 11 “feature” was discovered by a Windows user and Insider MVP who shared a screenshot of an advertisement notification displayed above the listing of folders and files… Read more: Microsoft is testing ads in the Windows 11 File Explorer
- Norton 360 antivirus now lets you mine Ethereum cryptocurrencyNortonLifelock has added the ability to mine Ethereum cryptocurrency directly within its Norton 360 antivirus program as a way to “protect” users from malicious mining software.This new mining feature is called ‘Norton Crypto’ and will be rolling out tomorrow to Norton 360 users enrolled in Norton’s early adopter program. When Norton Crypto is enabled, the software… Read more: Norton 360 antivirus now lets you mine Ethereum cryptocurrency
- CISA gives federal agencies until Friday to patch Exchange serversThe US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first. While none of… Read more: CISA gives federal agencies until Friday to patch Exchange servers
- NSA discovers critical Exchange Server vulnerabilities, patch nowMicrosoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. All the flaws lead to remote code execution on a vulnerable machine and were discovered and reported to Microsoft by the U.S. National Security Agency (NSA). Microsoft also found some of… Read more: NSA discovers critical Exchange Server vulnerabilities, patch now
- FBI nuked web shells from hacked Exchange Servers without telling ownersA court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers’ owners. On March 2nd, Microsoft released a series of Microsoft Exchange security updates for vulnerabilities actively exploited by a hacking group known as HAFNIUM. vulnerabilities are collectively known as ProxyLogon and were used by threat actors in January… Read more: FBI nuked web shells from hacked Exchange Servers without telling owners
- Microsoft Exchange servers now targeted by BlackKingdom ransomwareAnother ransomware operation known as ‘BlackKingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ansomware. Based on the logs from his honeypots, Hutchins states that the threat actor used the vulnerability to execute… Read more: Microsoft Exchange servers now targeted by BlackKingdom ransomware
- Researcher adds his fake package to Microsoft Azure SDK releases listA security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite. New package added to Azure SDK releases page This month security… Read more: Researcher adds his fake package to Microsoft Azure SDK releases list
- Microsoft fixes Office issue causing memory, disk space errorsMicrosoft has addressed a known issue causing memory or disk space errors when opening some documents using Microsoft Word, Microsoft Excel, or other Microsoft Office apps. This known issue only affects customers who have installed Microsoft Office apps from the Microsoft Store and are trying to open an Office document that triggers the Protected View feature. Protected View is… Read more: Microsoft fixes Office issue causing memory, disk space errors
- Expert publishes PoC exploit code for Microsoft Exchange flawsThis week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws.On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT… Read more: Expert publishes PoC exploit code for Microsoft Exchange flaws
- Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacksSupermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. Last year, cybersecurity firms Advanced Intelligence and Eclypsium released a joint report about a new malicious firmware-targeting ‘TrickBoot’ module delivered by the notorious TrickBot malware. When executed, the module will analyze a device’s UEFI firmware to determine… Read more: Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks
- Working Windows and Linux Spectre exploits found on VirusTotalWorking exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. The vulnerability was unveiled as a hardware bug in January 2018 by Google Project Zero researchers. If successfully exploited on vulnerable systems, it can be used by attackers to steal sensitive… Read more: Working Windows and Linux Spectre exploits found on VirusTotal
- Ryuk ransomware now self-spreads to other Windows LAN devicesA new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims’ local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021. “Through the use of scheduled tasks, the malware propagates itself – machine to machine – within the Windows domain,”… Read more: Ryuk ransomware now self-spreads to other Windows LAN devices
- Microsoft fixes Windows 10 drive corruption bugMicrosoft has fixed a Windows 10 bug that could cause NTFS volumes to become corrupted by merely accessing a particular path or viewing a specially crafted file. Last month, BleepingComputer reported on a new Windows bug that allows any users, including those with low privileges, to mark an NTFS volume as dirty. All a Windows… Read more: Microsoft fixes Windows 10 drive corruption bug
- Chinese hackers used NSA exploit years before Shadow Brokers leakChinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. EpMe is the original exploit created by Equation Group around 2013 for a Windows zero-day bug tracked as CVE-2017-2005. The vulnerability was used for escalating Windows user privileges after gaining… Read more: Chinese hackers used NSA exploit years before Shadow Brokers leak
- Windows 10 clipboard history now lets you paste as plain textMicrosoft has added a ‘paste as plain text’ option to the Windows 10 clipboard history in the latest Preview build available for Windows Insiders in the Dev Channel. Starting with Windows 10 Insider Preview Build 21318, users will see a new option added to the interface, which allows them to remove all formatting from clipboard… Read more: Windows 10 clipboard history now lets you paste as plain text
- Windows 10 21H1 coming soon, here are the new featuresEarlier this week, Microsoft officially announced the Windows 10 version 21H1 update and it’ll begin rolling out to consumers in the first half of this year. Like the October 2020 Update (20H2), this new update also comes with a minimal set of features, general improvements, and bug fixes. Windows 10 version 21H1 is essentially based… Read more: Windows 10 21H1 coming soon, here are the new features
- The rounded corners are back: Microsoft demonstrates a new user interfaceThe latest examples of the appearance of Windows 10 go back to the days of Windows 7, Vista and XP with rounded corners for windows, dialogs and pop-up menus. This customized user interface is part of the Fluent Design transformation.These are further steps in the overall evolution of the Fluent design language, which has permeated… Read more: The rounded corners are back: Microsoft demonstrates a new user interface
- Microsoft force installs Windows 10 update to remove Flash PlayerMicrosoft is force installing a Windows 10 update that removes the embedded 32-bit version of Adobe Flash Player from the operating system.In October, we reported that Microsoft had released the KB4577586 optional update to remove the embedded 32-bit Flash Player from Windows and prevent it from being installed again.Microsoft Catalog, and once installed, could no… Read more: Microsoft force installs Windows 10 update to remove Flash Player
- Microsoft confirms Windows 10 21H1 will run on existing hardwareMicrosoft has officially confirmed that Windows 10, version 21H1 will be the next Windows 10 update to be released later during the spring of 2021. Windows 10 21H1 will come with no hardware requirement changes when compared to Windows 10 20H2, the previous release, according to a blog post on the company’s official Windows Hardware… Read more: Microsoft confirms Windows 10 21H1 will run on existing hardware
- DDoS attack takes down EXMO cryptocurrency exchange serversThe servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. “We are currently experiencing a DDoS attack on our platform,” the exchange said in a notification published earlier today. “Please note that the EXMO exchange website is now under the DDoS attack. The servers are temporarily… Read more: DDoS attack takes down EXMO cryptocurrency exchange servers
- Patch Windows to avoid denial of service attacks: MicrosoftMicrosoft has issued an urgent security alert advising customers to apply patches for vulnerabilities in the Windows transmission control/internet protocol (TCP/IP) networking stack, as its security researchers expect the flaws to be exploited soon. Of the three vulnerabilities, the CVE-2021-24086 flaw is easy to exploit for denial of service attacks that cause a STOP error with a… Read more: Patch Windows to avoid denial of service attacks: Microsoft
- Linux systems are the target of cyberattacksCheck Point Research has uncovered cyberattacks on Linux systems. An attacker exploits vulnerabilities in systems and tries to create a botnet using the new FreakOut malware variant, which can scan ports, gather information, eavesdrop on the network, perform DDoS attacks or flooding. The botnet could also be controlled remotely. In the event of successful misuse,… Read more: Linux systems are the target of cyberattacks
- Microsoft: Windows 10 1909 reaches end of service in MayMicrosoft has reminded customers that some editions of Windows 10, version 1909 (also known as the November 2019 Update) will reach end of service in May 2021. Microsoft stops providing technical support and fixes for newly discovered issues and security vulnerabilities for all products that reach their end of service.Redmond advises customers still using end of… Read more: Microsoft: Windows 10 1909 reaches end of service in May
- Microsoft warns of an increasing number of web shell attacksMicrosoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month. Web shells are tools (scripts or programs) that threat actors deploy on hacked servers to gain and/or maintain access, as well as to remotely… Read more: Microsoft warns of an increasing number of web shell attacks
- Microsoft releases emergency fix for Windows 10 WiFi crashesMicrosoft has released an emergency KB5001028 out-of-band update to fix a bug causing Windows 10 to crash when connecting to WPA3 Wi-Fi networks. According to a new support issue posted to Microsoft’s Windows Message Center, the bug was introduced in the recent Windows 10 1909 cumulative updates. Specifically, KB4598298, released on January 21, 2021, and KB4601315,… Read more: Microsoft releases emergency fix for Windows 10 WiFi crashes
- 12-year-old Windows Defender bug gives hackers admin rightsMicrosoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. Microsoft Defender Antivirus is the default anti-malware solution on over 1 billion systems running Windows 10 according to Microsoft’s stats. https://www.bleepingcomputer.com/news/security/12-year-old-windows-defender-bug-gives-hackers-admin-rights/
ARCHIVE
- May 2022 (1)
- March 2022 (4)
- June 2021 (1)
- April 2021 (3)
- March 2021 (7)
- February 2021 (14)
- September 2019 (1)
- November 2018 (1)
- October 2018 (1)
- August 2018 (1)
- May 2018 (3)