The PrintNightmare vulnerability has turned out to be a big issue for Windows system users and the cybersecurity community. On Tuesday, Microsoft seemed to have finally addressed this flaw with the release of the KB5004945 update, though things might not turn out as expected. Just hours after the release of this update, researchers Matthew Hickey […]
Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as “PrintNightmare” — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported […]
Microsoft on Thursday officially confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw. The company is tracking the security weakness under […]
The security experts at G Data have recently detected a malicious driver, Netfilter that is signed by Microsoft itself. And this Netfilter rootkit generally connects to C&C infrastructure along with a Chinese IP address. However, in one of the recent reports, Microsoft has confirmed that they have hired a malicious driver, and now it is […]
In a recent statement, Microsoft confirmed that Netfilter, a malicious driver distributed within some gaming environments, was signed by the company. Karsten Hahn, researcher at security firm G Data, mentions that this rootkit was first detected a couple of weeks ago and has connection to IP addresses and C&C servers in China. For the cybersecurity […]
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) […]
Microsoft on Friday said it’s investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China. The driver, called “Netfilter,” is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting […]
In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. “This recent […]
Cybersecurity specialists reported the finding of multiple vulnerabilities in Drawings SDK, a development toolkit for accessing.dwg and .dgn data through an API developed by the Open Design Alliance. According to the report, successful exploitation of these flaws would allow threat actors to trigger use-after-free, out-of-bounds read and write conditions and other risk scenarios. Below are […]
A recent cybersecurity report mentions that a group of threat actors may have abused a security flaw in the chat service built into Microsoft Teams that would have allowed them to impersonate an employee of an affected company in order to send emails for malicious purposes. Evan Grant, the expert in charge of the report, […]
The fraudsters ran their campaigns from the cloud and used phishing attacks and email forwarding rules to steal financial information
The cybersecurity researchers of the Check Point research team have recently detected that the threat actors of the Chines APT hacking group, SharpPanda are performing cyber-espionage campaigns. These Chinese APT threat actors are targeting the Southeast Asian government agencies. However, the main motive of these threat actors is to implant Windows backdoor programs to hijack […]
Epsilon Red is a set of distinctive PowerShell scripts, that were being developed for making encryption. During an investigation of an unnamed attack that happened on a U.S. company in the hospitality sector, the security analysts of Sophos have detected a new malware. According, to the security experts, the threat actors of this new ransomware […]
Microsoft on Thursday warned of a “massive email campaign” that’s pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. “This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them,” the Microsoft Security Intelligence team […]
Axel Souchet, a security researcher who used to work for Microsoft, revealed the Proof of Concept (PoC) exploit code to abuse a critical Windows IIS server vulnerability. The vulnerability, tracked as CVE-2021-31166, was discovered by Microsoft security teams and fixed in early May 2021. The flaw received a score of 9.8/10 on the Common Vulnerability […]
Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors, […]
The malware is capable of stealing credentials, webcam data, taking screenshots, and other sensitive information from a targeted device. Microsoft has recently uncovered a spear-phishing campaign targeting aerospace and travel organizations and warns about their multiple remote access trojans (RATs) deployed using a new and stealthy malware loader. Attackers are using phishing emails to spoof […]
Recently hundreds of Windows system users have been surprised to notice that, unexpectedly, the storage space on their devices appeared completely full, and a situation that seems to be due to a Windows Defender error. Some users report that the security software flaw causes hundreds of thousands of files to be created, so the device’s […]
Microsoft and cybersecurity firm FireEye has identified three new malware used by SolarWinds hackers in their last year’s attack on highly critical private and government cyberinfrastructure in the United States. According to FireEye and Microsoft’s latest analysis, the SolarWinds hack was far more sinister than it initially appeared to be. Reportedly, the companies have […]
The research team at vpnMentor, who discovered the data, believes that it belongs to Microsoft as some of the files appeared to originate from a series of pitches made to Microsoft Dynamics Recently vpnMentor’s research team led by Noam Rotem uncovered a data breach that may presumably be owned by one of the biggest companies […]
Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. “Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more,” Boston-based cybersecurity firm Cybereason said in an analysis […]