Windows Zero-Day Still Circulating After Faulty Fix
A high-severity Windows zero-day allows an attacker to install programs and access admin privileges such as viewing, changing, and deleting data. It can lead to a complete desktop takeover and is located in the Print Spooler API. However, the critical flaw remains dangerous after Microsoft failed to effectively patch the
Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows
A new flaw in Windows can allow malicious actors to exploit the vulnerability to escalate privileges to SYSTEM on Windows 10 through utilizing access through the Microsoft Store. Researchers at IOActive uncovered the threat, which was patched in October as part of Microsoft’s monthly Patch Tuesday. The flaw is known
Agencies Must Patch Zerologon Bug by Monday says US CISA
Earlier this week, the US Department of Homeland Security issued an emergency directive that calls for all civilian government agencies to patch a Windows vulnerability that has been categorized as high-risk. The bug, CVE-2020-1472, is a new form of a privilege bug that occurs when an attacker uses the Netlogon
Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
Security researchers and US government authorities have been alerting the public to a critical privilege escalation flaw in Microsoft services, urging admins to address the pressing security issue. A proof-of-concept exploit code has been recently released for a Windows flaw that could allow attackers to obtain administrative privileges within a
FBI issues warning over Windows 7 end-of-life
On Monday, the FBI sent a private industry notification to US private sector partners warning about Windows 7 computers reaching their end-of-life. According to the warning, the operating system fulfilled its shelf life earlier this year. The FBI stated that they had observed threat actors targeting computer network infrastructure after
Billions of Devices Impacted by Secure Boot Bypass
New research shows that billions of Windows and Linux devices are vulnerable to cyberattacks originating from a bug in the GRUB2 bootloader, which security experts have named the “BootHole” bug. The exploitation of the bug could lead to malware infection, information theft, and allow attackers to move laterally into corporate,
Emergency Windows 10 Update: Critical ‘Large Image’ Security Flaw Confirmed
Microsoft has issued an emergency patch for a serious vulnerability affecting the Windows 10. Microsoft chose not to wait for Patch Tuesday, as the vulnerability could lead to the compromise of Windows 10 devices or Windows Server System. Another vulnerability was also patched in the emergency out-of-band update, ranked as
New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD
Researchers have used a new fuzzing tool to uncover a total of 26 vulnerabilities in operating systems Linux, macOS, Windows, and FreeBSD. The research team consists of individuals from Purdue University and the Swiss Federal Institute of Technology Lausanne. The fuzzing tool was created by the researchers and has been
New PipeMon malware uses Windows print processors for persistence
The Winnti hacking group has targeted video game companies again in a new campaign that utilizes recent malware called PipeMon, a modular backdoor that was identified earlier this year. PipeMon was discovered on servers belonging to video game developers of games that feature multiplayer options (massively multiplayer online) games. The
San Francisco Airport Attack Linked to Russian State Hackers
Last month, the San Francisco International Airport (SFO) was the victim of a cyberattack. This week, the airport revealed that the attack had been carried out by state-sponsored Russian hackers. The airport revealed the attack last week, stating that two of its websites were under attack for a period of