We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks. […]
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach “leverages executables commonly found in the trusted WinSxS folder and […]
CVE-2023-36874 is not just any vulnerability; rather, it is a zero-day that is being actively exploited. This indicates that the vulnerability was being exploited in the wild even before any remedy was provided, and in some cases, even before it was publicly acknowledged. Because they provide a window of opportunity before updates are sent out, […]
Mandiant recently identified that in a targeted attack on Ukrainian government entities, trojanized ISO files were used by threat actors to cloak malicious programs posing as legitimate Windows 10 installers for the first step in compromising their networks. Malicious installers are delivering malware that could perform a wide range of malicious activities, including:- Monitoring compromised […]
The Windows Common Log File System (CLFS) Driver has an elevation of privilege vulnerability identified as CVE-2022-37969 (CVSS score: 7.8). For reporting this vulnerability, Microsoft gave credit to Quan Jin of DBAPPSecurity, Genwei Jiang with Mandiant, FLARE OTF, CrowdStrike, and Zscaler ThreatLabz. Software clients can make advantage of the general-purpose logging service known as the […]
BitRAT is one of the best Remote Access Trojan (RAT) available for sale in a hacking forum since 2020. Attackers rely on this RAT mostly because of its salient features like running process tasks, file tasks, and remote commands along with info-stealing features, HVNC. Remote Desktop, coin mining, and proxies. It is natively coded in […]
Cybersecurity specialists recently published an exploit for a local privilege escalation vulnerability whose successful exploitation would allow malicious users to obtain administrator privileges on Windows 10 systems. Tracked as CVE-2022-21882, the flaw was addressed in Microsoft January 2022 security patches. According to the report, authenticated local threat actors could gain elevated privileges on the target […]
A group of researchers has released unofficial security patches to address a zero-day vulnerability of local privilege escalation on Windows 10 systems versions 1809 and later. According to reports, this error resides in the “Access to work or school” configuration, and allows evading a patch implemented by the company to address the flaw tracked as […]
Cybersecurity specialists report the publication of an exploit for a critical zero-day vulnerability affecting Windows 10, Windows 11 and Windows Server systems. Described as a local privilege escalation, the flaw can be exploited to open the system prompt with SYSTEM privileges from a least-privilege account. Successful exploitation of the vulnerability would allow threat actors to […]
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a “sophisticated multi-stage malware […]
Cybersecurity specialists report the discovery of a dangerous vulnerability in Microsoft 3D Viewer, a 3D object visualization and augmented reality tool first launched in Windows 10 1703. According to the report, successful exploitation of this flaw would allow threat actors to execute arbitrary code in the affected implementations. The vulnerability requires user interaction to be […]
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack. Attackers can exploit this vulnerability to […]
Jonas Lyk, a cybersecurity specialist, reported the discovery of a critical vulnerability in Windows 10 systems whose exploitation would allow threat actors to gain high privileges and even steal user passwords. The expert mentions that the vulnerability lies in the signature in which the operating system grants access to its configuration files. The flaw was […]
The upcoming Windows 10 Sun Valley update has been in discussion for a while now. According to insiders, this will be one of the largest updates to the system, through which Microsoft hopes to “refresh the desktop PCs” and bring its OS back into the spotlight. Here’s what is currently known about this update. UI […]
Windows 10 is by far the most acknowledged Windows operating system. Microsoft rolls out updates frequently to ensure bugs are fixed and also the user experience is enhanced. Even as these updates are intended to improve the system performance and security, it is important for you to alter a few settings to improve system security […]
Both Microsoft and Google have released software updates yesterday to fix some security vulnerabilities, including a zero-day vulnerability that has been exploited in the wild. These zero-day vulnerabilities were discovered by Kaspersky but have been exploited by advanced hacker groups. Hackers can use these vulnerabilities to install spyware directly on their targets. After tracing the […]
When talking about the Apple ecosystem, one of the things that I like is that you can receive phone calls on your iPhone, iPad, or Mac. Sadly, Android users haven’t been able to have that level of comfort until now. Microsoft has added the much-awaited phone call feature to its Your Phone app for Windows […]
The year 2019 is about to end. We saw many new products and features from various tech giants, and yes, Microsoft is one of those companies. Speaking of its all-time operating system Windows 10, the company has brought some significant changes to the table. So to put things in one place, I created a roundup […]
After all the ups and downs (mostly downs), the Windows Mobile story is now coming to a full stop. Per the official schedule, Microsoft is delivering the last security update for Windows 10 Mobile version 1709 as a part of the December 10 Patch Tuesday. After this, Microsoft will be pulling support for Windows 10 […]
A batch file includes the commands to be executed by Command Prompt in Windows 10 (and older versions). I have already explained what is a batch file and how to create your own. However, you’ll require administrator privileges for your batch file to run some commands in the Windows Command Prompt. In this article, I […]
Many people who use Windows 10 as their daily driver often try to find ways to remove bloatware from Windows 10 or any other OS for that matter. For those who don’t know, the term bloatware is used to refer to the unnecessary apps and software that come preloaded on OS and create a mess. […]