Tag: Windows

May 10, 2023

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature […]

April 24, 2023

A new “all-in-one” stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. “It includes several modules that all work via an FTP service,” Fortinet […]

April 6, 2023

An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks’ Cortex […]

March 22, 2023

Just yesterday, we wrote about a bug in Google Pixel phones, apparently now patched, with potentially dangerous consequences. The bug finders, understandably excited (and concerned) by what they’d found, decided to follow the BWAIN principle for maximum, turning it into […]

March 14, 2023

Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG). TAG discovered the in-the-wild exploit, and reported it to […]

February 15, 2023

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based […]

December 1, 2022

The most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or […]

October 27, 2022

Event Log is an Internet Explorer-specific application that exists in all Windows iterations, due to the deep integration of the browser with the operating system. Due to the specific set of permissions that Event Log has, two security defects haunt […]

September 28, 2022

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability […]

September 16, 2022

Roughly one in every five Windows servers(opens in new tab) is missing endpoint protection, meaning organizations of all sizes are risking various cybersecurity incidents, including ransomware. A report from Sevco Security, which analyzed data coming in from more than 500,000 […]

July 18, 2022

A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots. According to Dragos researchers, the adversary seems […]

May 31, 2022

A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. After initially dismissing the vulnerability as “not a security related issue”, Microsoft has now issued a […]

May 6, 2022

Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at […]

May 4, 2022

Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover […]

February 2, 2022

Microsoft has revealed it enterprise endpoint security antivirus offering also now provides threat and vulnerability management for Android and iOS. The move means that Microsoft Defender for Endpoint now works with all major platforms for workstations, servers, as well as […]

January 31, 2022

More than half (53%) of the IoT (internet of things) and internet of medical things (IoMT) devices used in healthcare contain critical cybersecurity risks, according to The State of IoMT Device Security report by Cynerio, which analyzed devices from more […]

January 12, 2022

A new cross-platform backdoor called “SysJoker” has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that’s believed to have been initiated during the second half of 2021. “SysJoker masquerades as […]

September 16, 2021

After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. The Passwordless account option “Beginning today, you can now completely remove the password from your […]

September 14, 2021

Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in […]

July 26, 2021

French researcher Gilles Lionel, who goes by @topotam77, recently published proof-of-concept code that attackers could use to take over a Windows network. The hack, which he has dubbed PetitPotam (which is a nod to the endangered Pygmy Hippopotamus, as far […]