Tag: windows
-
CrowdStrike Falcon Windows Sensor Flaw Could Let Attackers Execute Code and Delete Files
CrowdStrike has disclosed two critical vulnerabilities affecting its Falcon sensor for Windows that could enable attackers to delete arbitrary files and potentially compromise system stability. The cybersecurity company released patches for both security flaws in its latest sensor version 7.29, along with hotfixes for earlier versions. Security Vulnerabilities Enable File Deletion Attacks The vulnerabilities, identified…
-
Unter Windows 10 und 11 – Lokale Rechteausweitung in der Nvidia App
First seen on security-insider.de Jump to article: www.security-insider.de/nvidia-app-schwachstelle-windows-angriffe-a-1d55f1e63944b131ca8191941cf91945/
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
Warum der Übergang zu Windows 11 notwendig ist – Kostenfalle Windows 10: über 6,8 Milliarden Euro für individuellen Support
Tags: windowsFirst seen on security-insider.de Jump to article: www.security-insider.de/kostenfalle-windows-10-ueber-68-milliarden-euro-fuer-individuellen-support-a-43db4552ac788bbdece582d17a801218/
-
Warum der Übergang zu Windows 11 notwendig ist – Kostenfalle Windows 10: über 6,8 Milliarden Euro für individuellen Support
Tags: windowsFirst seen on security-insider.de Jump to article: www.security-insider.de/kostenfalle-windows-10-ueber-68-milliarden-euro-fuer-individuellen-support-a-43db4552ac788bbdece582d17a801218/
-
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of the browser. External researchers discovered these issues and reported them through Google’s vulnerability disclosure program.…
-
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of the browser. External researchers discovered these issues and reported them through Google’s vulnerability disclosure program.…
-
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of the browser. External researchers discovered these issues and reported them through Google’s vulnerability disclosure program.…
-
Millions in UK at risk of cyber-attacks as Windows 10 ends updates, Which? finds
Survey shows one in four users intend to keep using system as it is phased out, despite increased virus and malware riskAbout 5 million British computer users risk becoming vulnerable to cyber-attacks and scams after Microsoft next week stops updating its decade-old Windows 10 system, consumer campaigners have warned.One in four of an estimated 21…
-
Windows und Android: Google schließt schwerwiegende Lücken in Chrome
Ein Pufferüberlauf in Chrome für Windows, MacOS, Linux und Android erlaubt unter Umständen eine Remotecodeausführung. First seen on golem.de Jump to article: www.golem.de/news/windows-und-android-google-schliesst-schwerwiegende-luecken-in-chrome-2510-200916.html
-
CISA Alerts to Active Attacks on Critical Windows Vulnerability
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, microsoft, vulnerability, windowsThe US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical Microsoft Windows vulnerability that allows attackers to elevate privileges to SYSTEM level. The flaw, tracked as CVE-2021-43226, affects the Common Log File System (CLFS) driver, a core component of Windows responsible for managing system and application…
-
No account? No Windows 11, Microsoft says as another loophole snaps shut
Workaround sent to the big OOBE in the sky with latest Insider builds First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/windows_11_local_account_loophole/
-
No account? No Windows 11, Microsoft says as another loophole snaps shut
Workaround sent to the big OOBE in the sky with latest Insider builds First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/windows_11_local_account_loophole/
-
Microsoft kills more Microsoft Account bypasses in Windows 11
Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing Windows 11. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-blocks-more-tricks-to-skip-microsoft-account-setup-in-windows-11/
-
Support für Windows 10 bis 2032 – So gelingt der Wechsel zu Windows 10 IoT Enterprise LTSC mit UpDownTool
First seen on security-insider.de Jump to article: www.security-insider.de/windows10-iot-enterprise-ltsc-updowntool-a-682fac3319d3c7c637b3413eb78d994d/
-
Podcast Besser Wissen: Windows 11 oder Weltuntergang?
Wir besprechen im Podcast die Folgen von Update-Verweigerung und Alternativen zu Windows 11. First seen on golem.de Jump to article: www.golem.de/news/podcast-besser-wissen-windows-11-oder-weltuntergang-2510-200807.html
-
CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
Tags: access, cisa, control, cve, cyber, cybersecurity, exploit, flaw, infrastructure, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this flaw resides in the Common Log File System (CLFS) driver. Attackers who gain local access can bypass security controls and elevate their privileges, potentially leading to full system compromise. Background…
-
CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
Tags: access, cisa, control, cve, cyber, cybersecurity, exploit, flaw, infrastructure, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this flaw resides in the Common Log File System (CLFS) driver. Attackers who gain local access can bypass security controls and elevate their privileges, potentially leading to full system compromise. Background…
-
Datenschutz bei Windows 11: Diese versteckte Funktion verrät Microsoft alles über euer Surfverhalten
First seen on t3n.de Jump to article: t3n.de/news/datenschutz-bei-windows-11-diese-funktion-verraet-microsoft-alles-ueber-euer-surfverhalten-1709517/
-
Datenschutz bei Windows 11: Diese versteckte Funktion verrät Microsoft alles über euer Surfverhalten
First seen on t3n.de Jump to article: t3n.de/news/datenschutz-bei-windows-11-diese-funktion-verraet-microsoft-alles-ueber-euer-surfverhalten-1709517/
-
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, linux, microsoft, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This…
-
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, linux, microsoft, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This…
-
Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration
A security vulnerability has been identified in Zabbix Agent and Agent2 for Windows, potentially allowing local users to escalate their privileges to the SYSTEM level. Tracked as CVE-2025-27237, the flaw originates from the way these agents handle the OpenSSL configuration file on Windows systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/zabbix-agent-cve-2025-27237/
-
TDL 006 – Beyond the Firewall: How Attackers Weaponize Your DNS
Tags: access, attack, breach, business, cisa, ciso, computer, conference, control, cyber, data, data-breach, dns, exploit, firewall, google, government, group, guide, infrastructure, intelligence, Internet, iraq, jobs, leak, malicious, malware, network, phishing, ransomware, service, software, switch, threat, tool, windowsSummary Beyond the Firewall: How Attackers Weaponize Your DNS For many IT professionals, DNS is the internet’s invisible plumbing, historically managed by a “guy with a Unix beard in the basement,” as Infoblox educator Josh Kuo recalled on the Defenders Log podcast. But this foundational, often overlooked, protocol has become a primary vector for sophisticated…
-
Android and Windows gamers worldwide potentially affected by bug in Unity game engine
An advisory from Unity, which makes the software behind dozens of popular games, warns developers to patch a vulnerability that could allow an attacker to execute code via an affected app. First seen on therecord.media Jump to article: therecord.media/unity-game-engine-vulnerability-android-windows-linux-macos
-
Zabbix Agent/Agent2 for Windows Vulnerability Could Allow Privilege Escalation
A security flaw in Zabbix Agent and Agent2 for Windows has been discovered that could allow a local attacker to gain higher system privileges. The issue, tracked as CVE-2025-27237, stems from the way the agent loads its OpenSSL configuration file. By exploiting this weakness, an attacker with limited rights on a Windows host could escalate…
-
Yurei Ransomware leverages SMB shares and removable drives to Encrypt Files
Targeting Windows systems, Yurei employs advanced file encryption and stealth techniques to maximize impact and minimize detection. Encrypted files are appended with the extension .Yurei, and victims receive a ransom note named _README_Yurei.txt with Tor-based contact channels. CYFIRMA has observed a new ransomware strain, “Yurei Ransomware,” developed in Go language and circulating in multiple malware…
-
Unity Warns Developers of Security Vulnerability Affecting Games on Android, Windows, and Linux Platforms
A recently disclosed security vulnerability in Unity has prompted security updates and, in some cases, game removals across platforms like Steam. The issue affects Unity versions 2017.1 and later, spanning a wide range of games and applications released over the last several years. According to Unity, this Unity vulnerability impacts software built for Android, Windows, macOS,…
-
Microsoft Defender-Bug meldet fehlerhafte BIOS-Update Benachrichtigungen
Besitzer von Dell-Geräten mit Windows werden derzeit möglicherweise von Defender-Fehlalarmen überrascht, die ein “BIOS-Update” melden. Das Ganze betrifft wohl Dell-Geräte, auf denen Microsoft Defender for Endpoint unter Windows läuft und trat am 2. Oktober 2025 plötzlich auf. Microsoft hat dazu … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/03/microsoft-defender-bug-meldet-fehlerhafte-bios-update-benachrichtigungen/
-
Windows 10 refuses to go gentle into that good night
Rage, rage against the dying of the free security updates First seen on theregister.com Jump to article: www.theregister.com/2025/10/02/windows_10_statcounter/