Tag: windows
-
Sicherheit: Windows Hello eher nicht für Business verwenden
Microsoft bietet unter Windows 10 und Windows 11 ja eine biometrisch abgesicherte Anmeldung über Windows Hello. Sich mittels Gesichtserkennung oder Fingerabdruck statt Passwörtern sicher anmelden? Eher nicht, meinen deutsche Sicherheitsforscher, die in Unternehmensumgebungen vor einer Verwendung von Windows Hello warnen. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/09/sicherheit-windows-hello-eher-nicht-fuer-business-verwenden-2/
-
Microsoft eventually realized the world isn’t just the Northern Hemisphere
Veteran engineer explains the fall of ‘Fall’ in Windows release First seen on theregister.com Jump to article: www.theregister.com/2025/08/07/windows_naming_conventions/
-
DarkCloud Stealer Targets Windows Systems to Harvest Login Credentials and Financial Data
A new variant of the DarkCloud information-stealer malware has been observed targeting Microsoft Windows systems, primarily affecting Windows users by collecting sensitive data such as login credentials, financial information, and personal contacts. Discovered in early July 2025 by Fortinet’s FortiGuard Labs, this high-severity campaign leverages sophisticated phishing tactics to initiate infections, demonstrating advanced evasion methods…
-
Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims
The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating…
-
Microsoft 365 apps to soon block file access via FPRPC by default
Microsoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-365-apps-to-soon-block-file-access-via-insecure-fprpc-legacy-auth-protocol-by-default/
-
Komplettlösung für Datenrettung, Systemreparatur und Passwort-Wiederherstellung – Lazesoft Windows Recovery stellt Windows wieder her
First seen on security-insider.de Jump to article: www.security-insider.de/lazesoft-windows-recovery-stellt-windows-wieder-her-a-3730dd05c96684c361072841e201f689/
-
Privatnutzer: ESU-Lizenz für Windows 10 gilt für mehrere PCs
Privatanwender, die mehrere Windows-10-Rechner besitzen, brauchen nicht für jeden PC eine eigene ESU-Lizenz – dafür aber einen Microsoft-Account. First seen on golem.de Jump to article: www.golem.de/news/privatnutzer-esu-lizenz-fuer-windows-10-gilt-fuer-mehrere-pcs-2508-198956.html
-
Hybrid Exchange environment vulnerability needs fast action
if they haven’t already done so, install the Hot Fix released April 18, or any newer release, on their on-premises Exchange servers and follow the configuration instructions outlined in the document Deploy dedicated Exchange hybrid app. For additional details, they should refer to Exchange Server Security Changes for Hybrid Deployments;then reset the service principal’s keyCredentials. That reset should be…
-
How Machine Learning Detects Living off the Land (LotL) Attacks
Elite cybercriminals prefer LotL attacks because they’re incredibly hard to spot. Instead of deploying obvious malware, attackers use the same trusted tools that an IT team relies on daily, such as PowerShell, Windows Management Instrumentation (WMI) and various integrated utilities on almost every computer. When attackers use legitimate system tools, traditional security software thinks everything…
-
Hackers Exploit SVG Files with Embedded JavaScript to Deploy Malware on Windows Systems
Threat actors are increasingly using Scalable Vector Graphics (SVG) files to get beyond traditional defenses in the quickly developing field of cybersecurity. Unlike raster formats such as JPEG or PNG, which store pixel-based data, SVGs are XML-structured documents that define vector shapes, paths, and text, enabling seamless scalability. This inherent flexibility, however, permits the embedding…
-
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems.”At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it…
-
Weg von Windows: Linux auf Business-Desktops und -Notebooks immer beliebter
Der treibende Faktor soll weniger der Wunsch nach Open-Source, sondern die Verbesserung der Sicherheitslage in Unternehmen sein. First seen on golem.de Jump to article: www.golem.de/news/weg-von-windows-linux-auf-business-desktops-und-notebooks-immer-beliebter-2508-198920.html
-
Windows tips for reducing the ransomware threat
Tags: access, attack, authentication, backup, breach, cloud, computer, control, credentials, government, identity, infrastructure, login, mfa, microsoft, monitoring, network, ntlm, passkey, privacy, ransomware, risk, service, threat, windowsSusan Bradley / CSOIdeally you should have no such protocols observed.
-
Over 100 Dell models exposed to critical ControlVault3 firmware bugs
ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively named ReVault (tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919) in Dell’s ControlVault3 firmware that expose over 100 laptop models to firmware implants and Windows login bypass via physical…
-
ReVault flaws let attackers bypass Windows login or place malware implants on Dell laptops
Planting implants: An investigation by Cisco Talos uncovered two out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050) an arbitrary free (CVE-2025-25215) and a stack-overflow flaw (CVE-2025-24922), all affecting the ControlVault firmware.The same researchers also discovered an unsafe deserialization flaw (CVE-2025-24919) affecting ControlVault’s Windows APIs. This vulnerability makes it possible to trigger arbitrary code execution on the ControlVault firmware, allowing…
-
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
-
ReVault! When your SoC turns against you”¦
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/revault-when-your-soc-turns-against-you/
-
Raspberry Robin Malware Targets Windows Systems via New CLFS Driver Exploit
The Raspberry Robin malware, also known as Roshtyak, has undergone substantial updates that enhance its evasion and persistence on Windows systems. Active since 2021 and primarily disseminated through infected USB devices, this sophisticated downloader has integrated advanced obfuscation techniques to thwart reverse-engineering efforts. Encryption Tactics Researchers at Zscaler’s ThreatLabz have observed the addition of multiple…
-
Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover
New flaws in NVIDIA’s Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure. Newly revealed security flaws in NVIDIA’s Triton Inference Server for Windows and Linux could let remote, unauthenticated attackers fully take over vulnerable servers. According to Wiz Research team, chaining these vulnerabilities enables remote code execution…
-
New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems
The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign that leverages malicious Windows LNK shortcut files to deploy the REMCOS backdoor, a potent remote access trojan capable of full system compromise. This fingerprint…
-
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
Tags: ai, control, exploit, flaw, intelligence, linux, nvidia, open-source, remote-code-execution, windowsA newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers.”When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote…
-
North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections
Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This technique allows the malware to evade traditional antivirus detections by embedding encrypted shellcode in image data, which…
-
Interlock Ransomware Uses ClickFix Exploit to Execute Malicious Commands on Windows
The Interlock ransomware group was connected to several sophisticated cyber incidents that targeted firms in North America and Europe, according to a recent report published in July 2025 by eSentire’s Threat Response Unit (TRU). The group, active since September 2024, employs a multi-stage attack chain that begins with the exploitation of compromised websites, such as…
-
privacyIDEA Workshop Teil 5 – Sichere Anmeldung an jedem Windows-Desktop mit privacyIDEA
Tags: windowsFirst seen on security-insider.de Jump to article: www.security-insider.de/privacyidea-workshop-teil5-sicherer-windows-login-a-82a4d83de98af993b307699c3c9c5ca4/