Tag: windows
-
Microsoft Entra Private Access brings conditional access to on-prem Active Directory
Susan Bradley / CSOThe deepest level of auditing, including workgroup and domain authentication attempts that use NTLM, can be achieved by setting:Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers = Audit AllNetwork security: Restrict NTLM: Audit NTLM authentication in this domain = Enable allNetwork security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable…
-
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
Tags: attack, backdoor, chatgpt, cve, cyber, exploit, malware, open-source, ransomware, threat, vulnerability, windowsThe PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This sophisticated modular backdoor facilitates targeted attacks by exploiting CVE-2025-29824, an elevation-of-privilege vulnerability in the Windows Common Log File System…
-
Threat Actors Exploit Microsoft Help Index File to Deploy PipeMagic Malware
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage a Microsoft Help Index File (.mshi) to deploy the PipeMagic backdoor, marking a notable evolution in malware delivery methods. This development ties into the exploitation of CVE-2025-29824, a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver, which Microsoft…
-
Weaponized Python Package >>termncolor<< Uses Windows Run Key for Persistence
Cybersecurity experts discovered a complex supply chain attack that originated from the Python Package Index (PyPI) in a recent disclosure from Zscaler ThreatLabz. The package in question, termed >>termncolor,>colorinal.>termncolor
-
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Tags: attack, cve, cybersecurity, exploit, flaw, malware, microsoft, ransomware, threat, vulnerability, windowsCybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks.The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability impacting the Windows Common Log File System (CLFS) that was addressed by Microsoft in April 2025, First…
-
Recent Windows updates may fail to install via WUSA
Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-windows-server-2025-updates-may-fail-from-network-shares/
-
Windows 10 KB5063709 update fixes extended security updates enrollment
Microsoft has released the KB5063709 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including a fix for a bug that prevented enrollment in extended security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-kb5063709-update-fixes-extended-security-updates-enrollment/
-
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Today is Microsoft’s August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-august-2025-patch-tuesday-fixes-one-zero-day-107-flaws/
-
Windows 11 KB5063878 & KB5063875 cumulative updates released
Microsoft has released Windows 11 KB5063878 and KB5063875 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5063878-and-kb5063875-cumulative-updates-released/
-
Californian man so furious about forced Windows 11 upgrade that he’s suing Microsoft
He wants Microsoft to keep supporting Windows 10 until its market share drops below 10% First seen on theregister.com Jump to article: www.theregister.com/2025/08/11/microsoft_sued_over_premature_windows/
-
Windows 11 23H2 Home and Pro reach end of support in November
Microsoft announced today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving updates in three months. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/
-
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks.”They repeatedly tried to extract the NTDS database from domain controllers — the primary repository for user password hashes and authentication data in a…
-
5 key takeaways from Black Hat USA 2025
Tags: access, api, attack, authentication, botnet, business, cisco, cloud, container, control, credentials, data, endpoint, exploit, firmware, flaw, framework, Hardware, iam, login, malicious, malware, network, password, programming, rce, remote-code-execution, service, software, technology, tool, update, usa, vulnerability, windowsVaults can be cracked open: Critical vulnerabilities in popular enterprise credential vaults were unveiled by security researchers from Cyata during Black Hat.The flaws in various components of HashiCorp Vault and CyberArk Conjur, responsibly disclosed to the vendors and patched before their disclosure, stemmed from subtle logic flaws in authentication, validation, and policy enforcement mechanisms, as…
-
Hackers Exploit ClickFix Technique to Compromise Windows and Run PowerShell Commands
Threat actors have begun a geographically focused campaign against Israeli infrastructure and corporate entities in a sophisticated cyber incursion discovered by Fortinet’s FortiGuard Labs. Delivered exclusively through Windows systems via PowerShell scripts, the attack chain enables remote access, facilitating data exfiltration, persistent surveillance, and lateral movement within compromised networks. Classified as high severity, this operation…
-
Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks
Security researchers have uncovered a “zero-click” denial-of-service chain that can silently turn thousands of Microsoft Windows Domain Controllers (DCs) into a globe-spanning botnet, raising fresh alarms in a year already defined by record-breaking distributed-denial-of-service (DDoS) activity. DDoS attacks climbed 56% year-over-year in late-2024 according to Gcore’s latest Radar report, and Cloudflare’s network has already blocked…
-
Microsoft tests cloud-based Windows 365 disaster recovery PCs
Microsoft has announced the limited public preview of Windows 365 Reserve, a service that provides temporary desktop access to pre-configured cloud PCs for employees whose computers have become unavailable due to cyberattacks, hardware issues, or software problems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-cloud-based-windows-365-disaster-recovery-pcs/
-
OneNote finally gets “paste text only” feature on Windows and Mac
Microsoft confirmed that it’s testing the ability to paste text only (plain format) to OneNote for Windows and Mac. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/onenote-finally-gets-paste-text-only-feature-on-windows-and-mac/
-
Sicherheits-News: Datenlecks (Google, Telekom); Schwachstellen (WinRAR, Windows) und mehr
Noch ein kleiner Sammelbeitrag zu Sicherheitsthemen. Es gibt mal wieder Datenlecks, bei Google, bei der Telekom etc. Die Software WinRAR enthält eine Schwachstelle, über die Schadsoftware ausgeliefert wird. Und Domain Controller mit Windows können in ein DDoS-Werkzeug verwandelt werden, die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/11/sicherheits-news-datenlecks-google-telekom-schwachstellen-winrar-windows-und-mehr/
-
‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers
Research revealed more DoS flaws: SafeBreach researchers also discovered CVE-2025-26673 in DC’s Netlogon service, where crafted RPC calls could crash the service remotely without authentication. By exploiting this weakness, attackers could knock out a critical Windows authentication component, potentially locking users out of domain resources until the system is rebooted. Similarly, CVE-2025-49716 targets Windows Local…
-
Win-DDoS: Attackers can turn public domain controllers into DDoS agents
SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/11/win-ddos-domain-controllers-ddos-vulnerability-cve-2025-32724/
-
Silent Watcher Targets Windows Systems, Steals Data via Discord Webhooks
K7 Labs investigated the Cmimai Stealer, a Visual Basic Script (VBS)-based infostealer that surfaced in June 2025 and uses PowerShell and native Windows scripting to secretly exfiltrate data. This is a recent development in the cybersecurity environment. This malware, first highlighted in a tweet, operates as a lightweight threat actor tool that circumvents execution policies,…
-
Windows RPC Protocol Exploited to Launch Server Spoofing Attacks
A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks. The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services and potentially escalate privileges or steal sensitive credentials. Security researcher SafeBreach uncovered the vulnerability through…
-
Windows RPC Protocol Exploited to Launch Server Spoofing Attacks
A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks. The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services and potentially escalate privileges or steal sensitive credentials. Security researcher SafeBreach uncovered the vulnerability through…
-
Erzwungene Obsoleszenz: Mann verklagt Microsoft für Windows-10-Supportende
Der Kläger wirft Microsoft vor, durch das Ende des Windows-10-Supports entstehende Risiken bewusst hinzunehmen, um den KI-Markt zu dominieren. First seen on golem.de Jump to article: www.golem.de/news/erzwungene-obsoleszenz-mann-verklagt-microsoft-fuer-windows-10-supportende-2508-199017.html
-
WinRAR Zero-Day Under Active Exploitation Update to Latest Version Immediately
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability.Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive…
-
Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation
Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft’s Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server.The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage…
-
Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models
Cybersecurity researchers have uncovered multiple security flaws in Dell’s ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware.The vulnerabilities have been codenamed First…
-
ReVault! When your SoC turns against you”¦ deep dive edition
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/
-
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data
Microsoft security researchers have uncovered four critical vulnerabilities in Windows BitLocker that could allow attackers with physical access to bypass the encryption system and extract sensitive data. The findings, revealed in research dubbed >>BitUnlocker,
-
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data
Microsoft security researchers have uncovered four critical vulnerabilities in Windows BitLocker that could allow attackers with physical access to bypass the encryption system and extract sensitive data. The findings, revealed in research dubbed >>BitUnlocker,