06 Aug 2021

Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers at Black Hat Say

Researchers at the cybersecurity conference Black Hat have demonstrated how it is possible to circumvent Microsoft’s Windows Hello biometric authentication through utilizing a spoofed camera. Researchers found that Windows Hello is faulty and can easily be overcome with a single infrared image of a user’s face on a tampered copy

Read More
21 Jul 2021

This new password-stealing Windows malware is distributed via ads for cracked software

Cybersecurity company Bitdefender has discovered a new form of malware that is delivered to victims via advertisements that appear in search results. Bitdefender states that the malware is being used as a gateway for attackers to steal passwords, deliver additional malware, and install cryptocurrency miners. The malware targets Windows devices

Read More
19 Jul 2021

Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware

According to new reports, a unique set of spyware strains created by an Israeli firm used by governments across the world to conduct surveillance on dissidents has been defanged by Microsoft. The company is called Candiru or Sourgum and specializes in the sale of the DevilsTongue surveillance malware. The malware

Read More
09 Jul 2021

Microsoft patches remaining versions of Windows against PrintNightmare flaw

Microsoft has released patches to protect all versions of Windows against the PrintNightmare flaw. Microsoft deployed fixes to the remaining versions of Windows on Wednesday after the initial patches were released on Tuesday. Windows 10 version 1607, all versions of Windows Server 2012 and Windows Server 2016 are newly patched. 

Read More
25 Jun 2021

Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency

Malware named Crackonosh has been found to spread through pirated and cracked software that is frequently discovered through torrents, forums, and malicious websites, according to researchers at Avast. The Avast team conducted an investigation into this situation after uncovering Reddit reports of their antivirus software users curious as to why

Read More
24 May 2021

This massive phishing campaign delivers password-stealing malware disguised as ransomware

Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised

Read More
04 May 2021

Patch issued to tackle critical security issues present in Dell driver software since 2009

On Tuesday, SentinelLabs reported that a researcher on their team had discovered 5 serious vulnerabilities in Dell’s DBUtil BIOS driver. This technology is used in Dell’s desktop and laptop PCs, notebooks, and tablet products, therefore affecting a wide range of Dell’s offerings. The team reported that the flaws have existed

Read More
10 Feb 2021

Android Devices Hunted by LodaRAT Windows Malware

The LodaRAT has been found targeting Android devices in a new campaign. The malware has historically targeted Windows devices, however, is now being distributed in an ongoing campaign that seeks to spy on victims. The LodaRAT has also been updated, with the more aggressive version spotted by researchers in a

Read More
28 Dec 2020

Windows Zero-Day Still Circulating After Faulty Fix

A high-severity Windows zero-day allows an attacker to install programs and access admin privileges such as viewing, changing, and deleting data. It can lead to a complete desktop takeover and is located in the Print Spooler API. However, the critical flaw remains dangerous after Microsoft failed to effectively patch the

Read More
04 Nov 2020

Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows

A new flaw in Windows can allow malicious actors to exploit the vulnerability to escalate privileges to SYSTEM on Windows 10 through utilizing access through the Microsoft Store. Researchers at IOActive uncovered the threat, which was patched in October as part of Microsoft’s monthly Patch Tuesday. The flaw is known

Read More