Security News

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines to install third-party remote management tools within compromised environments. "This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM," the threat intelligence firm said.

A financially motivated cybergang tracked by Mandiant as 'UNC3944' is using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines. From there, the attackers abuse the Azure Serial Console to install remote management software for persistence and abuse Azure Extensions for stealthy surveillance.

Windows Terminal is now the default console for Windows 11 22H2, marking a significant shift in how Windows users run their command line programs. Windows users have been running their console programs within the Windows Command Prompt for years.

Netgear is pushing out fixes for a bad Orbi firmware update released earlier this month that prevents users from accessing the device's admin console. "We are aware of an issue affecting the Orbi RBK85x and RBK75x Series Mesh WiFi 6 Systems," Netgear explained on their status page.

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the " first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell vulnerability, namely JNDI remote class loading," JFrog researchers Andrey Polkovnychenko and Shachar Menashe said.

Microsoft is working on making Windows Terminal the default terminal emulator program in Windows 11 instead of the Windows Console Host, starting next year. Unlike the current default app, the Windows Terminal app comes with support for multiple console tabs in a single window and choosing between the cmd shell, PowerShell, and Linux distro shells installed via the Windows Subsystem for Linux.

Elastic announces new features and updates across the Elastic Observability solution in its 7.13 release to streamline workflows in Microsoft Azure, simplify data integrations, and accelerate root cause analysis. Expanded capabilities include native integration in the Microsoft Azure console, the beta release of Fleet Server, and new troubleshooting views in Elastic APM. Elastic is announcing an enhanced partnership with Microsoft, enabling users to find and deploy Elastic directly from the Azure console and natively integrate observability and security data from Azure services.

Windows 10 will soon let you configure Windows Terminal as the default terminal application to launch console and PowerShell programs. When you launch a command-line console program in Windows 10, the operating system will automatically launch it in a Windows Console or PowerShell console displayed by the Windows Console Host, as shown below.

These bots grab some of the limited stock of the PS5 and Xbox on eBay and Amazon and then resell them at huge markups, says PerimeterX. Scalper bots, or sneaker bots, have been chewing up supplies of the Sony PS5 and Xbox consoles amid a shortage of both units, leaving indvidual buyers in a lurch. In a report published Thursday, bot fighter PerimeterX described the damage that automated bots are causing to consumers and retailers alike.

Sony's new PS5 is one topic ripe for exploitation, especially since the new console is in short supply due to a scarcity of semiconductor chips. A Friday report from security firm Kaspersky explains how a new scam promising a PS5 is playing out and offer tips on how to avoid taking the bait.