Windows

TotalRecall shows how easily data collected by Windows Recall can be stolen

Artificial Intelligence, data security, data theft, Don't miss, GitHub, Hot stuff, Microsoft, News, PoC, Privacy, software, Windows /

TotalRecall shows how easily data collected by Windows Recall can be stolen 2024-06-05 at 13:16 By Zeljka Zorz Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal sensitive information. TotalRecall results (Source: Alexander Hagenah) Copilot+ Recall and its security pitfalls On […]

React to this headline:

Loading spinner

TotalRecall shows how easily data collected by Windows Recall can be stolen Read More »

Windows’ new Recall feature: A privacy and security nightmare?

data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows /

Windows’ new Recall feature: A privacy and security nightmare? 2024-05-22 at 15:32 By Zeljka Zorz Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts them, saves them, and leverages AI to allow users to search through them for

React to this headline:

Loading spinner

Windows’ new Recall feature: A privacy and security nightmare? Read More »

BLint: Open-source tool to check the security properties of your executables

Android, AppThreat, Don't miss, GitHub, Linux, mobile apps, News, open source, programming, software, Windows /

BLint: Open-source tool to check the security properties of your executables 2024-05-14 at 07:31 By Mirko Zorz BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries. BLint features “Several source code analysis

React to this headline:

Loading spinner

BLint: Open-source tool to check the security properties of your executables Read More »

CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation

CISA KEV, exploited, Russia, Vulnerabilities, Windows /

CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation 2024-04-24 at 16:16 By Ionut Arghire CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild. The post CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

0-day, APT, CVE, cyber espionage, Don't miss, exploit, Hot stuff, Microsoft, News, Windows /

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

React to this headline:

Loading spinner

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

April 2024 Patch Tuesday forecast: New and old from Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Microsoft, Mozilla, News, opinion, Patch Tuesday, Windows /

April 2024 Patch Tuesday forecast: New and old from Microsoft 2024-04-08 at 08:31 By Help Net Security This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw

React to this headline:

Loading spinner

April 2024 Patch Tuesday forecast: New and old from Microsoft Read More »

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

Automox, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V 2024-03-12 at 22:11 By Zeljka Zorz On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday, the

React to this headline:

Loading spinner

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V Read More »

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

backdoor, Check Point, Don't miss, exploit, Hot stuff, Linux, Malware, News, vulnerability, Windows /

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware 2024-03-12 at 11:01 By Helga Labus A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely

React to this headline:

Loading spinner

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Read More »

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

authentication, Don't miss, Hot stuff, initial access broker, News, phishing, Proofpoint, Varonis, Windows /

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes 2024-03-05 at 12:47 By Zeljka Zorz A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain

React to this headline:

Loading spinner

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes Read More »

Enshrouded: The Bridge Construction Report Quest Guide

Enshrouded, Games, PS5, Windows, Xbox Series S, Xbox Series X /

Enshrouded: The Bridge Construction Report Quest Guide 2024-03-04 at 14:03 By Usama Ali One of the most significant attributes of Enshrouded is its exploration, the objectives that lead to players coming across various resources, weapons, and whatnot. The Bridge Construction Report is no different. The quest starts when players hire the Carpenter, who then gives

React to this headline:

Loading spinner

Enshrouded: The Bridge Construction Report Quest Guide Read More »

Palworld: Where to Find and Catch Kitsun

Games, Palworld, Windows, Xbox One, Xbox Series S, Xbox Series X /

Palworld: Where to Find and Catch Kitsun 2024-03-04 at 13:22 By Usama Ali Paldeck completion is one of the main objectives in Palworld. In order to complete a Paldeck, players need to capture various Pals. While some Pals are present in large numbers and can be captured easily, some Pals are rare, and locating them

React to this headline:

Loading spinner

Palworld: Where to Find and Catch Kitsun Read More »

Where to Find Poison Sack in Enshrouded

Enshrouded, Games, Windows /

Where to Find Poison Sack in Enshrouded 2024-03-02 at 10:17 By Usama Ali Dive into the journey of Enshrouded, where you venture through many dangers. While passing through these precarious environments, you will continuously encounter creatures and powerful adversaries. To hunt down these creatures, you will need powerful weapons, both melee and ranged. This article

React to this headline:

Loading spinner

Where to Find Poison Sack in Enshrouded Read More »

CISA Warns of Windows Streaming Service Vulnerability Exploitation

exploited, Featured, Vulnerabilities, Windows /

CISA Warns of Windows Streaming Service Vulnerability Exploitation 2024-03-01 at 16:01 By Ionut Arghire CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild. The post CISA Warns of Windows Streaming Service Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

CISA Warns of Windows Streaming Service Vulnerability Exploitation Read More »

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack

CVE-2024-21338, exploited, Featured, Lazarus, Malware & Threats, North Korea, Vulnerabilities, Windows, Zero-Day /

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack 2024-02-29 at 13:46 By Eduard Kovacs North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. The post Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack Read More »

Windows Zero-Day Exploited in Attacks on Financial Market Traders

Malware & Threats, Windows, Zero-Day /

Windows Zero-Day Exploited in Attacks on Financial Market Traders 2024-02-14 at 14:17 By Eduard Kovacs CVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino). The post Windows Zero-Day Exploited in Attacks on Financial Market Traders appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Windows Zero-Day Exploited in Attacks on Financial Market Traders Read More »

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs

0-day, ACROS Security, Don't miss, Hot stuff, intrusion detection, logging, News, PoC, Windows, Windows Server /

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs 2024-01-31 at 18:31 By Zeljka Zorz A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for enterprise defenders. Discovered by a security researcher named Florian and

React to this headline:

Loading spinner

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs Read More »

Attackers can steal NTLM password hashes via calendar invites

authentication, Don't miss, enterprise, Hot stuff, News, Outlook, passwords, SMBs, Varonis, vulnerability, Windows /

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has

React to this headline:

Loading spinner

Attackers can steal NTLM password hashes via calendar invites Read More »

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)

Don't miss, Hot stuff, Malware, News, Trend Micro, Windows /

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) 2024-01-15 at 15:31 By Zeljka Zorz A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer. About the malware Phemedrone Stealer is a piece of malware written

React to this headline:

Loading spinner

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) Read More »

Microsoft is working on a more secure print system for Windows

Don't miss, drivers, Hot stuff, Microsoft, News, software protection, Windows /

Microsoft is working on a more secure print system for Windows 18/12/2023 at 17:01 By Helga Labus After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode (WPP). The problem with the current Windows print system

React to this headline:

Loading spinner

Microsoft is working on a more secure print system for Windows Read More »

Microsoft will offer extended security updates for Windows 10

consumer, Don't miss, end of support, enterprise, Hot stuff, News, security update, Windows /

Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay

React to this headline:

Loading spinner

Microsoft will offer extended security updates for Windows 10 Read More »

Scroll to Top