windows

Security updates affect Windows 10, 11 and server versions. Microsoft has released updates for a number of Windows products, eliminating the CVE-2024-43629 vulnerability identified by a specialist from the Positive Technologies Security Expert Center. The updates cover Windows 10, Windows 11...

The bundle of functions requires special configuration to prevent an update rollback attack. SafeBreach specialist Alon Leviev found that attackers can use outdated components of the Windows kernel to bypass key protections, such as Driver Signature Enforcement, which allows rootkits to be...

Kernel protection turned out to be powerless against the new PoC exploit. A critical vulnerability in the Common Log File System (CLFS) driver has been discovered in the Windows 11 operating system, which allows local users to escalate their privileges. CLFS is responsible for efficiently...

How a backup protocol has become a major security threat. Akamai has discovered a vulnerability in the MS-RPC client that could allow an NTLM Relay attack. RPC is an important element of Windows, supporting a variety of services. Despite the security measures in place, some components remain...

Hackers have learned how to "blind" protection systems with just one tool. Trend Micro found that in a number of attacks, attackers used the EDRSilencer tool to disable EDR system alerts. Cybercriminals integrate the tool into their attacks to hide the traces of attacks and evade detection...

The elusive virus changes its appearance over 600 times per hour. SonicWall specialists have discovered new activity of CoreWarrior malware, a persistent Trojan that spreads at high speed. The virus creates dozens of copies of itself and connects to multiple IP addresses, creating access...

A new round in the confrontation between attackers and Microsoft. A recently published guide to the PrintNightmare group of vulnerabilities has sparked discussions about how to bypass the Point and Print (PnP) restrictions proposed in the article. The author decided not just to update the post...

Microsoft is expanding Defender options to all platforms. Microsoft has introduced updated Defender features to help protect users when connecting to public Wi-Fi networks. Defender VPN has been added to Defender to protect your data from eavesdropping. Defender now automatically detects...

Experts warn of a vulnerability in Windows that allows bypassing User Account Control (UAC) and escalating privileges in the system to the SYSTEM level. The issue, which is being tracked under the identifier CVE-2024-6769, received a CVSS score of 6.7. A demo exploit is currently available...

Simple steps to protect files from ransomware. Ransomware-type malware is a serious threat. It encrypts files on the computer, blocking access to them until the victim pays the demanded ransom. Files become hostages, and if it is not possible to cope with the attack by other methods, the user...

The problems affected both home and corporate solutions. ESET has fixed two privilege escalation vulnerabilities in its products for Windows and macOS operating systems. These vulnerabilities allowed attackers to gain unauthorized access to system resources. The first vulnerability, with the...

The robot test has become a nightmare for users. Information security experts warn of a new fraudulent scheme: attackers have begun to use fake CAPTCHA tests to install malware on Windows computers. This is a signal that users should pay more attention to protecting their data and be careful...

Elastic Security Labs has revealed the details of the "LNK Stomping" attack. As part of its recent Patch Tuesday update, which we have already published a separate article about, Microsoft has fixed a zero-day vulnerability in the Windows Smart App Control and SmartScreen functions, which has...

A poorly studied malware leaves no chance for specialists to study. Trend Micro specialists have discovered a new multi-platform backdoor KTLVdoor from the Chinese group Earth Lusca. KTLVdoor is developed in Golang and has versions for Windows and Linux. The previously unknown malware is...

One wrong step and the system comes under the full control of intruders. Chinese security researchers recently discovered real-world attacks exploiting the CVE-2024-30051 vulnerability (CVSS scale score: 7.8), which was used in cyberattacks related to QakBot, a known banking Trojan. The...

The dangerous Zero-day was used long before the patch appeared. On September 2, security researcher Sergey Kornienko of PixiePoint published an analysis and demonstration of the exploitation of a critical zero-day vulnerability in the Windows kernel known as CVE-2024-38106. This privilege...

Why is your antivirus powerless against a new Trojan? CYFIRMA has discovered a new malicious program called Mekotio Trojan, which is actively distributed among users around the world. This sophisticated Trojan uses PowerShell technology to infiltrate computers and steal sensitive information...

Researchers from Kaspersky Lab report the discovery of a macOS version of the HZ Rat backdoor targeting users of the Chinese applications DingTalk and WeChat. At the same time, the observed artifacts almost exactly repeat the functionality of the Windows version of the backdoor and differ only...

Alon Leviev created a tool to return old vulnerabilities to the system. Alon Leviev, a specialist from SafeBreach, has released the Windows Downdate tool, which allows you to return old vulnerabilities on updated Windows 10, Windows 11, and Windows Server systems. A downgrade attack allows...

How one account led to the collapse of the IT infrastructure. A group of pro-Ukrainian cybercriminals successfully attacked the IT infrastructure of a Russian industrial organization, exploiting a vulnerability in the Windows operating system. The vulnerability, known since 2022, is related to...