Tag: windows
-
Addressed Windows CLFS zero-day exploited in ransomware intrusions
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/addressed-windows-clfs-zero-day-exploited-in-ransomware-intrusions
-
Microsoft Warns Ransomware Actors Exploiting Windows Flaw
by
in SecurityNewsTech Giant Says Threat Actors Are Exploiting a Flaw in Widely-Targeted Windows Tool. Ransomware threat actors are exploiting a zero-day vulnerability discovered in a highly targeted Windows logging system tool in a campaign in part targeting U.S. IT and real estate sectors, Microsoft confirmed in a Tuesday blog post urging customers to apply available patches.…
-
Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
by
in SecurityNewsMicrosoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-common-log-file-system-vulnerability/
-
Windows 11 April update unexpectedly creates new ‘inetpub’ folder
Microsoft’s April 2025 Patch Tuesday updates are strangely creating an empty “inetpub” folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
-
Exploited Windows zero-day addressed on April Patch Tuesday
by
in SecurityNewsMicrosoft delivers fixes for 121 vulnerabilities with 11 rated critical this month. Admins will have extra mitigation work to correct three flaws. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366622229/Exploited-Windows-zero-day-addressed-on-April-Patch-Tuesday
-
Windows CLFS zero-day exploited in ransomware attacks
by
in SecurityNewsA threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/windows-clfs-zero-day-exploited-ransomware/744878/
-
Patchday: Windows 10/11 Updates (8. April 2025)
by
in SecurityNewsAm 8. April 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben sollen. Updates … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/09/patchday-windows-10-11-updates-8-april-2025/
-
CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
by
in SecurityNewsCISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog. The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/
-
U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-30406 and CVE-2025-29824, to its…
-
WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
by
in SecurityNewsWhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/whatsapp-vulnerability-windows-cve-2025-30401/
-
Windows-Sicherheit: Patientenakte 2014
by
in SecurityNewsHeute veröffentlichen wir unser White Paper zum Thema Windows-Sicherheit im Jahr 2014. Der Bericht enthält unter anderem interessante Informationen über Schwachstellen in Microsoft Windows und Office, die innerhalb des letzten Jahres gepatcht wurden, Drive-By-Downloads und Techniken zur Schadensbegrenzung. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/01/08/windows-sicherheit-2014/
-
Windows 7: Ende des Mainstream Supports
by
in SecurityNewsWie Microsoft bereits im Juli 2014 angekündigt hatte, wurde der Mainstream Support für das beliebte Betriebssystem Windows 7 am vergangenen Dienstag eingestellt. Nutzer erhalten zwar nach wie vor Sicherheitsupdates, darüber hinaus allerdings keine Aktualisierungen. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/01/15/windows-7-ende-des-mainstream-supports/
-
Windows-Gefahren: Vergangenheit, Gegenwart und Zukunft
by
in SecurityNewsMobile Malware befindet sich auf dem Vormarsch, doch die fragmentierte Marktsituation erschwert den Cyberkriminellen ihre Arbeit ganz im Gegensatz zu der Welt der Desktops und Laptops: Laut Net Marketshare laufen seit letztem Monat 90 Prozent der Computer unter einer Windows-Version. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/05/19/windows-gefahren-vergangenheit-gegenwart-und-zukunft/
-
Sicherheitslücke bei WinRAR bedroht Windows-Rechner
by
in SecurityNewsEine Sicherheitslücke in der Archivierungssoftware WinRAR könnte von Kriminellen ausgenutzt werden, um Sicherheitswarnungen zu umgehen und beliebigen Code auf Windows-Rechnern auszuführen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/sicherheitslucke-bei-winrar-bedroht-windows-rechner
-
Microsoft Security Update Summary (8. April 2025)
by
in SecurityNewsMicrosoft hat am 8. April 2025Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 121 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert. Diese Schwachstelle wurde bereits angegriffen. Nachfolgend findet sich ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/09/microsoft-security-update-summary-8-april-2025/
-
April 2025 updates break Windows Hello on some PCs
by
in SecurityNewsMicrosoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-updates-break-windows-hello-on-some-pcs/
-
Whatsapp plugs bug allowing RCE with spoofed filenames
by
in SecurityNewsWhatsapp makes for a popular attack vector: Whatsapp has been frequently targeted in the past for its popularity as an encrypted chatting platform. With over 10 billion downloads on Google Play Store alone, the platform makes for a lucrative target for threat actors.A similar security oversight was reported in July 2024 to be affecting the…
-
Windows Kerberos Vulnerability Enables Security Feature Bypass
by
in SecurityNewsMicrosoft has disclosed a new security vulnerability in Windows operating systems, tracked as CVE-2025-29809. This flaw, classified withImportantseverity, impacts the Kerberos authentication protocol, potentially enabling attackers to bypass critical security features. The vulnerability stems from weaknesses described underCWE-922: Insecure Storage of Sensitive Information, making it a pressing concern for organizations relying on Kerberos for secure authentication.…
-
Microsoft Warns of Ransomware Attacks Exploiting CVE-2025-29824 Zero-Day
by
in SecurityNewsOn April 8, 2025, Microsoft released its monthly security updates, addressing a total of 121 vulnerabilities across various products. Among these, CVE-2025-29824, a zero-day vulnerability in the Windows Common Log File System (CLFS) Driver, has been actively exploited in ransomware… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-29824-zero-day-ransomware-attacks/
-
Lenovo und Superfish Lösungsfindung statt Panik
by
in SecurityNewsSeit ein paar Tagen sorgt Superfish für einigen Ärger im Netz. Denn diese schlecht durchdachte Software wurde auf einigen Lenovo-Rechnern vorinstalliert mitgeliefert und gefährdet auf Microsoft Windows Computern die Sicherheit. Doch die Aufregung ist in manchen Fällen unbegründet. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/02/23/lenovo-und-superfish/
-
Patchday: Windows Server-Updates (8. April 2025)
by
in SecurityNewsAm 8. April 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/09/atchday-windows-server-updates-8-april-2025/
-
Woran erkenne ich gefährliche Apps? 5 Tipps
by
in SecurityNewsKennst du das? Du willst eine App herunterladen und musst erstmal gefühlt unendlich viele Rechte abtreten, bevor du sie überhaupt installieren darfst? Inzwischen gibt es eine regelrechte Flut an Anwendungen für iOS, Android, Windows und Blackberry. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/05/22/woran-erkenne-ich-gefahrliche-apps-5-tipps/
-
Microsoft patches zero-day actively exploited in string of ransomware attacks
by
in SecurityNewsMicrosoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-april-2025/
-
Novel Neptune RAT variant sets sights on Windows
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/novel-neptune-rat-variant-sets-sights-on-windows
-
The SQL Server Crypto Detour
by
in SecurityNews
Tags: access, api, backup, credentials, crypto, cryptography, data, encryption, jobs, microsoft, password, service, sql, tool, update, vulnerability, windowsAs part of my role as Service Architect here at SpecterOps, one of the things I’m tasked with is exploring all kinds of technologies to help those on assessments with advancing their engagement. Not long after starting this new role, I was approached with an interesting problem. A SQL Server database backup for a ManageEngine’s…
-
Microsoft fixes auth issues on Windows Server, Windows 11 24H2
by
in SecurityNewsMicrosoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-auth-issues-on-windows-server-windows-11-24h2/
-
Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day
by
in SecurityNewsPatch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild. The post Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/
-
Spoofing vuln threatens security of WhatsApp Windows users
by
in SecurityNewsMeta has disclosed and patched a potentially dangerous spoofing flaw in WhatsApp for Windows that could have caused big problems for unwitting users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622276/Spoofing-vuln-threatens-security-of-WhatsApp-Windows-users