Tag: windows
-
Windows 10 KB5048652 update fixes new motherboard activation bug
by
in SecurityNewsMicrosoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device’s motherboard. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-kb5048652-update-fixes-new-motherboard-activation-bug/
-
Windows 11 KB5048667 & KB5048685 cumulative updates released
by
in SecurityNewsMicrosoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5048667-and-kb5048685-cumulative-updates-released/
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
SPA is for Single-Page Abuse! Using Single-Page Application Tokens to Enumerate Azure
by
in SecurityNewsAuthor: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology needs to include identity, authentication, storage, application management, and web services. One of the most common methods for organizations to begin…
-
Microsoft NTLM Zero-Day to Remain Unpatched Until April
by
in SecurityNews
Tags: attack, credentials, cyberattack, microsoft, mitigation, ntlm, update, vulnerability, windows, zero-dayThe second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april
-
Windows-Troubleshooting mit Boot-USB-Stick – Boot-Probleme in Windows-Clients und -Servern lösen
by
in SecurityNews
Tags: windowsFirst seen on security-insider.de Jump to article: www.security-insider.de/windows-reparatur-mit-usb-stick-anleitung-a-ae9b0cefb36be24548a6caf033a67431/
-
New Meeten Malware Attacking macOS And Windows Users To Steal Logins
by
in SecurityNewsA sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors behind this campaign have employed AI-generated content to create fake companies, such as >>Meetio,
-
Top tips for CISOs running red teams
by
in SecurityNewsRed team is the de facto standard in offensive security testing when you want to know how all security investments, from technological controls to user training to response procedures, work together when subjected to a targeted attack. Unlike penetration testing, which aims to comprehensively assess a system, or purple team, which assesses detection and response…
-
Kostenlose Micropatches Day-Schwachstelle gefährdet Millionen Windows-Geräte
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cyberkriminalitaet-schwachstelle-alle-windows-versionen-a-c7118a7d17e56154a71501d74663ba15/
-
EDR-Software ein Kaufratgeber
by
in SecurityNews
Tags: ai, android, api, backup, browser, chrome, cloud, computing, crowdstrike, cyberattack, detection, edr, endpoint, firewall, identity, incident response, intelligence, iot, kubernetes, linux, macOS, mail, malware, microsoft, network, ransomware, risk, siem, soar, software, sophos, threat, tool, windows, zero-day -
Critical Windows Zero-Day Alert: No Patch Available Yet for Users
by
in SecurityNewsProtect your systems with automated patching and server hardening strategies to defend against vulnerabilities like the NTLM zero-day…. First seen on hackread.com Jump to article: hackread.com/windows-zero-day-alert-no-patch-available-for-users/
-
Ubisoft fixes Windows 11 24H2 conflicts causing game crashes
by
in SecurityNewsMicrosoft has now partially lifted a compatibility hold blocking the Windows 24H2 update on systems with some Ubisoft games after the French video game publisher has fixed bugs causing crashes, freezes, and audio issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/ubisoft-fixes-windows-11-24h2-conflicts-causing-game-crashes/
-
Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades
Microsoft now blocks the Windows 11 24H2 update on computers with outdated Google Workspace Sync installs because they’re causing Outlook launch issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/outdated-google-workspace-sync-blocks-windows-11-24h2-upgrades/
-
Qlik Sense for Windows Vulnerability Allows Remote Code Execution
by
in SecurityNewsQlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that could lead to remote code execution (RCE) if exploited. Security patches have been released to mitigate these risks and ensure system integrity. The vulnerabilities, discovered during Qlik’s internal security testing, pose a significant threat to systems running Qlik Sense Enterprise for…
-
0patch hilft: Zero-Day-Lücke in allen gängigen Windows-Versionen entdeckt
by
in SecurityNewsBetroffen sind Windows 7 bis 11 sowie Windows Server 2008 bis 2022. Angreifer können NTLM-Hashes abgreifen. Einen Patch gibt es – aber nicht von Microsoft. First seen on golem.de Jump to article: www.golem.de/news/0patch-hilft-zero-day-luecke-in-allen-gaengigen-windows-versionen-entdeckt-2412-191505.html
-
Windows 11 24H2 rolls out to more devices with a growing list of known issues
by
in SecurityNews
Tags: windowsCompatibility holds persist as gamers face black screens First seen on theregister.com Jump to article: www.theregister.com/2024/12/05/microsoft_windows_roll_out/
-
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Microsoft’s OS sure loves throwing your creds at remote systems First seen on theregister.com Jump to article: www.theregister.com/2024/12/06/opatch_zeroday_microsoft/
-
Microsoft Expands Access to Windows Recall AI Feature
The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-expands-access-windows-recall-ai-feature
-
Microsoft expands Recall preview to Intel and AMD Copilot+ PCs
by
in SecurityNewsMicrosoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-expands-recall-preview-to-intel-and-amd-copilot-plus-pcs/
-
New Windows zero-day exposes NTLM credentials, gets unofficial patch
by
in SecurityNewsA new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/
-
Crypto-stealing malware posing as a meeting app targets Web3 pros
by
in SecurityNewsCybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/crypto-stealing-malware-posing-as-a-meeting-app-targets-web3-pros/
-
Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials
by
in SecurityNewsResearchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection with obfuscation and anti-analysis techniques, steals data from various browsers, applications, and cryptocurrency wallets. It operates as an Electron or NodeJS application, injecting code into vulnerable apps and communicating with C2 servers. The malware’s FUD status is maintained through regular updates…
-
Microsoft confirms there will be no U-turn on Windows 11 hardware requirements
by
in SecurityNewsTPM 2.0 ‘non-negotiable’ for latest OS, says software giant First seen on theregister.com Jump to article: www.theregister.com/2024/12/04/microsoft_windows_11_tpm/
-
0patch für 0-day URL File NTLM Hash Disclosure-Schwachstelle
by
in SecurityNewsACROS Security ist auf eine bisher nicht per Update geschlossene Schwachstelle in Windows gestoßen, die per URL die Offenlegung von NTLM Hash-Werten ermöglicht. ACROS Security hat einen opatch Micropatch veröffentlicht, um diese Schwachstelle zu beseitigen. Bis zum Bereitstellen eines Updates … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/06/windows-0patch-fuer-0-day-url-file-ntlm-hash-disclosure-schwachstelle/
-
Windows, macOS users targeted with cryptoinfo-stealing malware
Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but thanks to clever misuse of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/06/information-cryptocurrency-stealing-malware-windows-macos/
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
December 2024 Patch Tuesday forecast: The secure future initiative impact
by
in SecurityNewsIt seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it has been a busy year with continued Windows 11 releases, the new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/06/december-2024-patch-tuesday-forecast/
-
CISOs still cautious about adopting autonomous patch management solutions
by
in SecurityNews
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
Windows NTLM Zero-Day Vulnerability Exposes User Credentials
by
in SecurityNewsA critical zero-day vulnerability affecting all modern Windows Workstation and Server versions has been discovered. The flaw enables attackers to steal NTLM credentials with minimal user interaction, posing a significant security risk. It impacts systems from Windows 7 and Server 2008 R2 to the latest Windows 11 (v24H2) and Server 2022. The vulnerability allows attackers…