windows

Metabase Q experts have discovered a new malware designed to steal cash from ATMs running Windows. How infection occurs has not been established, but most likely it requires physical access to the device. An analysis of the sample carried out by the cybersecurity company showed that the Trojan...

The hacker showed how to easily extract the saved data. Shortly before the official launch of Windows Recall on new Copilot+ PCs , security researchers demonstrated that preview versions of the tool store screenshots in an unencrypted database. Ethical hacker Alex Hagenach has released a tool...

You can upgrade your privileges in just two seconds. How much do hackers want for a new hacking tool? A new exploit for local Privilege escalation (LPE) in Windows operating systems has appeared on underground hacker forums. According to the seller under the pseudonym "vulns-rock", the exploit...

Why did many banks and retail chains begin to massively update self-service devices, cash registers and operating systems in 2020? How to navigate the variety of OS and update options? How to save on updating and not pay twice? Who and how should update the software on ATMs and other devices...

Hackers have attacked at least 48 organizations by 2024. In November 2023, experts from the Positive Technologies Cybersecurity Expert Center (PT Expert Security Center) published their first study on attacks by the previously unknown hacker group Hellhounds on Russian companies. The study...

How did hundreds of Internet users manage to download a Trojan browser instead of a legitimate one? A new campaign to distribute malware through the Google Ads advertising platform coincided with the launch of the Arc web browser for Windows, which led to the infection of many users with Trojan...

Были замечены злоумышленники, использующие поддельные веб-сайты, маскирующиеся под законные антивирусные решения от Avast, Bitdefender и Malwarebytes, для распространения вредоносного ПО, способного красть конфиденциальную информацию с устройств Android и Windows. "Размещение вредоносного...

Malvertising continues to gain popularity. Cybercriminals have come up with a sophisticated scheme to infect corporate networks with malicious software. They place advertisements in search engines such as Google with links to download popular utilities for Windows. However, victims receive...

TL; DR: The DNS resolver in Windows 10 sends requests to all DNS server addresses known to the system in parallel, binding the request to the interface, and uses the response that came faster. If you use a DNS server from a local segment, this behavior allows your ISP or an attacker with a Wi-Fi...

There is a solution to the problem of disabling a VPN, but there are some nuances. Microsoft fixed an issue that caused VPN connections to stop working on client and server platforms after installing the April Windows updates. Affected Windows versions include Windows 11, Windows 10, and...

The corporation destroyed another way to infect systems. Microsoft has fixed a zero-day vulnerability that was actively used to spread the QakBot botnet on Windows systems. The heap-based buffer overflow vulnerability CVE-2024-30051 (CVSS score 3.1: 7.8) affects the Desktop Window Manager...

Kaspersky Lab has announced the discovery of the "most advanced" cyber espionage network, named Careto (from the Spanish word harya, erysipelas). In Russian, the network and its associated Trojan are called "Mask", in English - The Mask. The researchers gave the name Careto to the Trojan after...

The cybercrime group Fancy Bear, which in the West is associated with Russia, took advantage of a vulnerability in the Windows print service component to load a previously unknown malware into the system — goosegg. This malware has been active since June 2020 and uses an already fixed bug that...

Связанный с Россией субъект угрозы национальному государству, отслеживаемый как APT28, использовал уязвимость системы безопасности в компоненте диспетчера очереди печати Microsoft Windows для доставки ранее неизвестного пользовательского вредоносного ПО под названием GooseEgg. Инструмент для...

It turns out that Microsoft's proprietary tool can not only hang... Over the past few years, security experts have observed an increase in cyber attacks on organizations in Eastern and Western Europe, as well as North America. The reason for this is hackers from the APT29 group, who actively...

Новое исследование показало, что процесс преобразования пути DOS в NT может быть использован злоумышленниками для получения руткит-подобных возможностей для сокрытия файлов, каталогов и процессов и олицетворения их личности. "Когда пользователь выполняет функцию, у которой есть аргумент path в...

The SafeBreach study reveals serious risks in converting file paths. A new study has found vulnerabilities in the process of converting DOS to NT paths in the Windows operating system, which can allow attackers to hide files, mimic directories and processes, acquiring capabilities similar to...

Incorrect DOS paths in the file name nomenclature in Windows can be used to hide malicious content, files, and processes. A researcher from SafeBreach, Or Yair, identified a problem related to the process of converting a DOS path to NT format in Windows. Attackers gain rootkit capabilities to...

At the Black Hat Asia conference held in Singapore, two new ways to use Windows fibers to execute malicious code were presented. One of them, Poison Fiber, allows attacks to be carried out remotely. Both PoC's are authored by independent information security researcher Daniel Jary. According to...

The company uses full-screen banners to remind you about the transition to Windows 11. Microsoft is actively encouraging users to upgrade to Windows 11, as official support for Windows 10 expires in October 2025. The company started displaying full-screen banners with a reminder about this...