Tag: windows
-
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.”This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems,” French cybersecurity company Sekoia…
-
From Windows to Linux to ESXi: The Cicada3301 Ransomware Hits Them All
A sophisticated ransomware group, Cicada3301, has rapidly risen to prominence in the cybercrime landscape, targeting critical infrastructure sectors across the globe. First identified in June 2024, the Cicada3301 ransomware-as-a-service (RaaS)... First seen on securityonline.info Jump to article: securityonline.info/from-windows-to-linux-to-esxi-the-cicada3301-ransomware-hits-them-all/
-
Fake Google Meet conference errors push infostealing malware
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-meet-conference-errors-push-infostealing-malware/
-
SolarWinds, Firefox, Windows Face Active Exploitation: CISA Issues Urgent Warning
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the pressing need for organizations to address these risks promptly. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-3-known-exploited-vulnerabilities/
-
Windows 11 24H2: Recall nicht deinstallierbar …
Trotz gegenteiliger Zusicherungen stellt sich momentan heraus, dass Microsofts umstrittene Funktion Recall sich nicht unter Windows 11 24H2 deinstallieren lässt. Zudem scheint Microsoft so etwas wie “Recall für Arme” im Snipping-Tool in Windows eingeschleust zu haben. Ich greife mal die … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/10/16/windows-11-24h2-recall-nicht-deinstallierbar/
-
24H2: Windows-11-Update kappt das Netz
Das jüngste Windows-11-Update 24H2 hat Berichten zufolge bei einer Reihe von Benutzern Probleme mit der Internetverbindung verursacht. First seen on golem.de Jump to article: www.golem.de/news/24h2-windows-11-update-kappt-das-netz-2410-189874.html
-
Iranian Cyberspies Exploiting Recent Windows Kernel Vuln
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36474/Iranian-Cyberspies-Exploiting-Recent-Windows-Kernel-Vuln.html
-
One-year countdown to ‘biggest Ctrl-Alt-Delete in history’ as Windows 10 approaches end of support
Microsoft’s hardware compatibility gamble still hasn’t paid off First seen on theregister.com Jump to article: www.theregister.com/2024/10/14/final_year_windows_10/
-
Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code
Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to execute remote code. These vulnerabilities, primarily affecting Windows installations, highlight the critical need for organizations to update and secure their systems promptly. Overview of the Security Advisories Splunk, a leading provider of data analytics and monitoring solutions, has released a series…
-
Earth Simnavaz Exploits Windows Kernel Flaw CVE-2024-30088 in Attacks on Critical Infrastructure
Trend Micro researchers have uncovered a series of advanced cyberattacks carried out by the threat group Earth Simnavaz, also known as APT34 or OilRig. This Iranian-linked cyber espionage group has... First seen on securityonline.info Jump to article: securityonline.info/earth-simnavaz-exploits-windows-kernel-flaw-cve-2024-30088-in-attacks-on-critical-infrastructure/
-
High-severity Windows vulnerability leveraged in new OilRig APT attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/high-severity-windows-vulnerability-leveraged-in-new-oilrig-apt-attacks
-
CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address
Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies and connecting to various IP addresses. It establishes multiple backdoor connections and monitors user activity through Windows UI element hooks, which poses a significant security risk as it can compromise system integrity and steal sensitive data. The malware is a UPX-packed…
-
Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability
The Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region. The post Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/iranian-cyberspies-exploiting-recent-windows-kernel-vulnerability/
-
Iranian hackers now exploit Windows flaw to elevate privileges
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oilrig-hackers-now-exploit-windows-flaw-to-elevate-privileges/
-
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.”The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities…
-
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/
-
Windows 11 24H2 hoards 8.63 GB of junk you can’t delete
Tags: windowsWhen the ‘cleanup’ option stubbornly refuses First seen on theregister.com Jump to article: www.theregister.com/2024/10/11/windows_update_cleanup/
-
Nutzerbeschwerden: Fast 9 GBytes an unlöschbarem Update-Cache unter Windows 11
Früher ließ sich der Windows-Update-Cache mit Bordmitteln vollständig leeren. Dass dies unter Windows 11 nun nicht mehr geht, dürfte Absicht sein. First seen on golem.de Jump to article: www.golem.de/news/nutzerbeschwerden-fast-9-gbytes-an-unloeschbarem-update-cache-unter-windows-11-2410-189740.html
-
Technical Analysis of DarkVision RAT
Tags: access, antivirus, api, attack, cloud, communications, computer, control, cybercrime, data, detection, encryption, endpoint, infection, injection, malicious, malware, network, open-source, password, powershell, rat, remote-code-execution, startup, tactics, theft, threat, tool, windowsIntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making it accessible even to low-skilled cybercriminals. The RAT’s capabilities…
-
Microsoft Previews New Windows Feature to Limit Admin Privileges
In the latest Windows preview, Microsoft adds a feature, Administrator Protection, designed to prevent threat actors from easily escalating privileges and restrict lateral movement. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/windows-preview-limit-administrator-privileges
-
Ghidra data type archive for Windows driver functions
Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ghidra-data-type-archive-for-windows-drivers/
-
Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
The vulnerabilities are tied to the Microsoft Management Console and Windows MSHTML Platform. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-october-2024-117-updates/
-
Microsoft fixes Word bug that deleted documents when saving
Microsoft has fixed a known issue that was causing Word to delete some Windows users’ documents instead of saving them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-word-bug-that-deleted-documents-when-saving/
-
Windows 11 soll Passkeys künftig zwischen Geräten synchronisieren können
Microsoft plant offenbar, Passkeys künftig über den Microsoft-Account zwischen Geräten zu synchronisieren. Außerdem ist eine Drittanbieter-API geplant. First seen on heise.de Jump to article: www.heise.de/news/Windows-11-soll-Passkeys-kuenftig-zwischen-Geraeten-synchronisieren-koennen-9975539.html
-
Five zero-days to be fixed on October Patch Tuesday
Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366613194/Five-zero-days-to-be-fixed-on-October-Patch-Tuesday
-
Patchday: Windows Server 2012 / R2 und Windows 7 (8. Oktober 2024)
Zum 8. Oktober 2024 wurden diverse Sicherheitsupdates für Windows Server 2012/R2 (1. ESU Jahr) veröffentlicht. Für Windows 7 SP1 und Windows Server 2008 R2 ist der Support im Januar 2024 ausgelaufen. Es lassen sich aber Updates für Windows Embedded Standard … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/10/09/patchday-windows-server-2012-r2-und-windows-7-8-oktober-2024/
-
Microsoft Confirms Exploited Zero-Day In Windows Management Console
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36450/Microsoft-Confirms-Exploited-Zero-Day-In-Windows-Management-Console.html
-
Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems
The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems. It employs ransomware in a strategic manner, taking into account the potential impact of file encryption, in order to minimize…
-
Sicherheitslücke: RDP-Server von Windows aus der Ferne angreifbar
Ein erfolgreicher Angriff erfordert zwar eine gewonnene Race Condition, dafür aber keinerlei Authentifizierung oder Nutzer-Interaktion. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-rdp-server-von-windows-aus-der-ferne-angreifbar-2410-189652.html
-
U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Qualcomm this week addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score…