Security News

Microsoft says that some USB printers will start printing random text after installing Windows updates released since late January 2025. [...]

USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These...

Microsoft has lifted a compatibility block preventing Windows 11 24H2 upgrades after fixing a bug causing USB connection issues to some scanners. [...]

Microsoft now blocks the Windows 11 24H2 update on computers with standalone scanners, multi-function printers, fax machines, modems, and other network devices with eSCL protocol support. [...]

Microsoft fixes a known issue in the Windows KB5043145 preview update that causes reboot loops, freezes systems, and breaks USB and Bluetooth devices. [...]

A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. [...]

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. Google is now testing an "Unrestricted WebUSB" feature that allows Isolated Web Apps to access these restricted devices and interfaces.

Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes. The KB5034848 cumulative update preview is part of Microsoft's "Optional non-security preview updates" schedule, released on the fourth week of every month.

A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. The attackers hide these payloads in plain sight, placing them in forum user profiles on tech news sites or video descriptions on media hosting platforms.

A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks...