Windows

Use Windows event logs for ransomware investigations, JPCERT/CC advises

Don't miss, Hot stuff, Incident Response, logging, News, Ransomware, Windows /

Use Windows event logs for ransomware investigations, JPCERT/CC advises 2024-10-01 at 13:46 By Zeljka Zorz The JPCERT Coordination Center – the first Computer Security Incident Response Team established in Japan – has compiled a list of entries in Windows event logs that could help enterprise defenders respond to human-operated ransomware attacks and potentially limit the […]

React to this headline:

Loading spinner

Use Windows event logs for ransomware investigations, JPCERT/CC advises Read More »

Microsoft revised the controversial Copilot+ Recall feature

Artificial Intelligence, data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows /

Microsoft revised the controversial Copilot+ Recall feature 2024-09-30 at 13:46 By Zeljka Zorz Microsoft has made changes to Recall – the screenshot-taking, AI-powered search feature for Copilot+ PCs running Windows 11 – to reassure users worried about security and privacy. The security of the feature has been assessed by Microsoft’s Offensive Research & Security Engineering

React to this headline:

Loading spinner

Microsoft revised the controversial Copilot+ Recall feature Read More »

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes

BSOD, buggy update, CrowdStrike, Featured, Incident Response, Microsoft, Windows /

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes 2024-09-24 at 23:16 By Ryan Naraine CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident. The post CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes Read More »

Windows users targeted with fake human verification pages delivering malware

CloudSEK, Don't miss, Hot stuff, Malware, News, Palo Alto Networks, Proofpoint, trojan, Windows /

Windows users targeted with fake human verification pages delivering malware 2024-09-19 at 17:01 By Zeljka Zorz For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human verification

React to this headline:

Loading spinner

Windows users targeted with fake human verification pages delivering malware Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day

exploited, Vulnerabilities, Windows, Zero-Day /

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day 2024-09-16 at 14:46 By Ionut Arghire Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024. The post Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day Read More »

EchoStrike: Generate undetectable reverse shells, perform process injection

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, red team, software, Windows /

EchoStrike: Generate undetectable reverse shells, perform process injection 2024-09-16 at 07:31 By Mirko Zorz EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be the first entry point into a company.

React to this headline:

Loading spinner

EchoStrike: Generate undetectable reverse shells, perform process injection Read More »

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel

CrowdStrike, EDR, Endpoint Security, Featured, kernel, Microsoft, Windows /

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel 2024-09-13 at 21:45 By Ryan Naraine Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe.  The post Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel Read More »

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

0-day, CVE, Don't miss, Elastic, Hot stuff, Immersive Labs, News, Patch Tuesday, SharePoint, Tenable, Trend Micro, vulnerability, Windows /

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes 2024-09-10 at 22:46 By Zeljka Zorz September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect

React to this headline:

Loading spinner

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes Read More »

33 open-source cybersecurity solutions you didn’t know you needed

cybersecurity, Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, software, Windows /

33 open-source cybersecurity solutions you didn’t know you needed 2024-09-10 at 06:31 By Help Net Security Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals. In this article, you will

React to this headline:

Loading spinner

33 open-source cybersecurity solutions you didn’t know you needed Read More »

September 2024 Patch Tuesday forecast: Downgrade is the new exploit

Adobe, apple, Chrome, cybersecurity, Don't miss, Expert analysis, Expert corner, Firefox, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, patching, Windows /

September 2024 Patch Tuesday forecast: Downgrade is the new exploit 2024-09-06 at 08:16 By Help Net Security I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities

React to this headline:

Loading spinner

September 2024 Patch Tuesday forecast: Downgrade is the new exploit Read More »

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

APT, CVE, cybercrime, Don't miss, ESET, exploit, Hot stuff, News, Windows /

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) 2024-08-28 at 12:02 By Help Net Security ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to

React to this headline:

Loading spinner

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) Read More »

x64dbg: Open-source binary debugger for Windows

bug hunting, GitHub, malware analysis, News, open source, reverse engineering, software, Windows /

x64dbg: Open-source binary debugger for Windows 2024-08-19 at 07:01 By Mirko Zorz x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend its capabilities to

React to this headline:

Loading spinner

x64dbg: Open-source binary debugger for Windows Read More »

Copy2Pwn Zero-Day Exploited to Bypass Windows Protections

MotW, security bypass, Vulnerabilities, Windows, Zero-Day /

Copy2Pwn Zero-Day Exploited to Bypass Windows Protections 2024-08-16 at 13:17 By Eduard Kovacs ZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows. The post Copy2Pwn Zero-Day Exploited to Bypass Windows Protections appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Copy2Pwn Zero-Day Exploited to Bypass Windows Protections Read More »

Microsoft fixes 6 zero-days under active attack

0-day, CVE, Don't miss, Hot stuff, Immersive Labs, Microsoft, Microsoft Edge, MS Office, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

React to this headline:

Loading spinner

Microsoft fixes 6 zero-days under active attack Read More »

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

exploit, Featured, Microsoft, Patch Tuesday, Vulnerabilities, Windows, Zero-Day /

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited 2024-08-13 at 23:01 By Ryan Naraine Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category. The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

React to this headline:

Loading spinner

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

BSOD, CrowdStrike, disaster recovery, Falcon, Featured, Incident Response, Microsoft, Vulnerabilities, Windows /

CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash 2024-08-06 at 21:16 By Ryan Naraine CrowdStrike says the Falcon sensor crash that blue-screened Windows machines was caused by a “confluence” of vulnerabilities and testing gaps. The post CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Don't miss, Elastic, Features, malware detection, Microsoft, News, security controls, vulnerability, Windows /

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

Some good may come out of the CrowdStrike outage

Bitdefender, CrowdStrike, Don't miss, Endpoint Security, Fortinet, fraud, Hot stuff, Malware, Microsoft, News, SecureWorks, Trellix, UpGuard, Windows /

Some good may come out of the CrowdStrike outage 2024-07-29 at 19:31 By Zeljka Zorz Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well. Some silver linings As CrowdStrike was forced to explain,

React to this headline:

Loading spinner

Some good may come out of the CrowdStrike outage Read More »

Scroll to Top