Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw … [Read more...] about Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
windows
How DopplePaymer Hunts & Kills Windows Processes
In a July 2019 blog post about DoppelPaymer, Crowdstrike Intelligence reported that ProcessHacker was being hijacked to kill a list of targeted processes and gain access, delivering a “critical hit.” Although the blog is now a couple of years old, the hijacking technique is interesting enough to dig into its implementation. The hijack occurs when ProcessHacker loads a malicious … [Read more...] about How DopplePaymer Hunts & Kills Windows Processes
Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit … [Read more...] about Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets
Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack
Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 … [Read more...] about Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack
FinSpy (aka FinFisher) spyware for Windows, macOS, Linux, Android, and iOS
At Kaspersky’s recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read more about their findings in Securelist’s post. In this article, meanwhile, we explore what kind of malware FinSpy is and how you can protect yourself from it. What is FinSpy … [Read more...] about FinSpy (aka FinFisher) spyware for Windows, macOS, Linux, Android, and iOS
Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012
Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior … [Read more...] about Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012
Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that … [Read more...] about Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users
Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in … [Read more...] about Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
New Malware Targets Windows Subsystem for Linux to Evade Detection
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install … [Read more...] about New Malware Targets Windows Subsystem for Linux to Evade Detection
WildPressure APT Emerges With New Malware Targeting Windows and macOS
A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Russian cybersecurity firm attributed the attacks to an advanced persistent threat … [Read more...] about WildPressure APT Emerges With New Malware Targeting Windows and macOS