‘MagicDot’ Windows Weakness Allows Unprivileged Rootkit Activity

April 19, 2024 at 05:47AM A security researcher at SafeBreach, Or Yair, outlined vulnerabilities associated with the DOS-to-NT path conversion process in Windows, dubbed “MagicDot,” during a Black Hat Asia 2024 session. The issues enable attackers to conceal and impersonate files, directories, and processes, leading to potentially dangerous post-exploitation capabilities. Yair detailed four related vulnerabilities, … Read more

Windows 11 KB5036893 update released with 29 changes, Moment 5 features

April 9, 2024 at 02:08PM Microsoft has released the KB5036893 cumulative update for Windows 11 23H3, containing 29 changes, fixes, and security updates. It is mandatory and enables Moment 5 features for all users. Users can install it via Windows Update or the Microsoft Update Catalog. The update also includes fixes and improvements and enables … Read more

Windows 11 KB5036893 released with 29 changes, Moment 5 features

April 9, 2024 at 02:00PM Microsoft has released the KB5036893 cumulative update for Windows 11 23H3, featuring 29 changes and enabling Moment 5 features for all users. It’s mandatory for April 2024 security updates fixing sixty vulnerabilities. The update can be installed via Windows Update or Microsoft Update Catalog and includes multiple enhancements and fixes. … Read more

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs

April 9, 2024 at 01:39PM Summary: Numerous security vulnerabilities affecting various Microsoft products, Azure services, Intel, and Lenovo have been identified, ranging from remote code execution and elevation of privilege to information disclosure and denial of service. Severity levels vary from critical to low, highlighting the widespread impact on the affected systems. After reviewing the … Read more

Hackers Targeting Human Rights Activists in Morocco and Western Sahara

April 9, 2024 at 10:45AM Human rights activists in Morocco and the Western Sahara are being targeted by a new threat actor called Starry Addax. They are using phishing attacks to trick victims into installing fake Android apps and harvesting credentials from Windows users. The actor has been active since January 2024 and is using … Read more

Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server 

March 12, 2024 at 03:51PM Microsoft rolled out patches for 60 security vulnerabilities in Windows, including critical flaws in HyperV and Open Management Infrastructure. Other fixes cover issues in Microsoft Excel and Azure Kubernetes, and Adobe also released patches for critical-severity vulnerabilities in several enterprise products. Both companies reported no active exploits for the addressed … Read more

Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs

March 6, 2024 at 01:42PM A threat actor is leveraging fake Skype, Google Meet, and Zoom meetings to distribute malware targeting Android and Windows users. This campaign, discovered in December, poses a significant cybersecurity threat. By mimicking legitimate URLs and hosting on a single IP address, the attackers are successfully distributing malicious payloads, emphasizing the … Read more

Hackers steal Windows NTLM authentication hashes in phishing attacks

March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound … Read more

CISA warns of Microsoft Streaming bug exploited in malware attacks

March 1, 2024 at 02:22PM CISA has directed U.S. agencies to secure Windows systems against a critical vulnerability in Microsoft Streaming Service actively exploited in attacks. Tracked as CVE-2023-29360, the flaw allows local attackers to gain SYSTEM privileges without user interaction. Federal agencies must patch systems by March 21, as the bug has been exploited … Read more

Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub

February 27, 2024 at 08:51AM The Xeno RAT, an open-source remote access trojan, has been released on GitHub, with capabilities for remote system management and unique features such as real-time audio recording and hidden virtual network computing module. This release underscores the rise of freely available malware, highlighted by cybersecurity firm Cyfirma. Additionally, the article … Read more