New DLL Search Order Hijacking Technique Targets WinSxS folder

January 2, 2024 at 10:36AM Security Joes discovered a new DLL search order hijacking technique allowing adversaries to execute malicious code in Windows’ WinSxS folder. The technique abuses applications’ search order, leading to the loading of a malicious DLL before the legitimate library. Attackers can inject unauthorized code into trusted processes, effectively bypassing security tools. … Read more

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

January 1, 2024 at 09:18AM Security researchers have uncovered a new DLL search order hijacking technique that allows threat actors to execute malicious code on Windows 10 and 11. By leveraging trusted WinSxS folder executables, adversaries can bypass security mechanisms and introduce potentially vulnerable binaries into the attack chain. Security Joes urges organizations to closely … Read more

Microsoft disables MSIX protocol handler abused in malware attacks

December 28, 2023 at 02:05PM Microsoft disabled the MSIX ms-appinstaller protocol handler due to multiple financially motivated threat groups exploiting it to infect Windows users with malware. The attackers used the CVE-2021-43890 vulnerability to bypass security measures and distribute malware. Microsoft recommends installing the patched App Installer version 1.21.3421.0 or later and advised disabling the … Read more

Ransomware Attackers Abuse Multiple Windows CLFS Driver Zero-Days

December 22, 2023 at 03:14PM Attackers have exploited five vulnerabilities, including four zero-days, in a sensitive Windows kernel-level driver, exposing a systemic issue in Windows CLFS. The high-performance logging system, favored by hackers for low-level system privileges, suffers from design flaws, leading to a series of easily exploited bugs. Without redesign, it poses ongoing security … Read more

Microsoft’s Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical

December 13, 2023 at 01:48AM Microsoft’s final 2023 Patch Tuesday update addressed 33 flaws, with 4 rated Critical and 29 rated Important. This year, they’ve patched over 900 flaws, including vulnerabilities like remote code execution and information disclosure. Akamai also discovered attacks against Active Directory domains using Microsoft DHCP servers, prompting recommendations from Microsoft. Other … Read more

Microsoft deprecates Defender Application Guard for Office

November 27, 2023 at 04:02PM Microsoft is deprecating Defender Application Guard for Office and Windows Security Isolation APIs. They recommend using Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as alternatives. Application Guard for Office is a security feature that restricts files downloaded from untrusted sources, protecting against malware … Read more

Exploit for Critical Windows Defender Bypass Goes Public

November 21, 2023 at 04:32PM A proof-of-concept exploit (PoC) has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The exploit involves tricking users into clicking on a malicious internet shortcut or link. The vulnerability affects various Windows … Read more

Flipper Zero Bluetooth spam attacks ported to new Android app

October 31, 2023 at 04:13PM Software developer Simon Dankelmann has created an Android app called ‘Bluetooth-LE-Spam’ that can generate Bluetooth Low Energy (BLE) spam alerts on Android and Windows devices. The app can simulate various devices and send frequent connection requests, potentially disrupting Bluetooth-connected devices like mice and keyboards. While the app is currently in … Read more