Security News

SafeBreach Labs says it has detected a novel fully undetectable PowerShell backdoor, which calls into question the accuracy of threat naming. "The attack starts with a malicious Word document, which includes a macro that launches an unknown PowerShell script," said Bar.

Windows Terminal is now the default console for Windows 11 22H2, marking a significant shift in how Windows users run their command line programs. Windows users have been running their console programs within the Windows Command Prompt for years.

Microsoft has released the long-awaited Windows 11 tabbed File Explorer, Suggested Actions, Taskbar Overflow features, and Task Manager quick-access features in a new preview cumulative update. Last month, Microsoft released Windows 11 22H2 with various new features.

The feature update can be installed via Windows Update by going to Settings > Update & Security > Windows Update and clicking the "Check for updates" button. Customers using devices running Windows 10 20H2 or newer will have a fast installation experience as the Windows 10 2022 will install like a monthly update.

While the use of text messaging goes a long way toward protecting an organization against cyber criminals who attempt to use stolen passwords as a way of gaining access to accounts, text messaging-based MFA has vulnerabilities of its own. Risk of text message use in multi-factor authentication.

Microsoft has issued an out-of-band non-security update to address an issue triggering SSL/TLS handshake failures on client and server platforms. "We address an issue that might affect some types of Secure Sockets Layer and Transport Layer Security connections. These connections might have handshake failures," Microsoft explains.

A threat actor is selling on hacking forums what they claim to be a new UEFI bootkit named BlackLotus, a malicious tool with capabilities usually linked to state-backed threat groups. UEFI bootkits are planted in the system firmware and are invisible to security software running within the operating system because the malware loads in the initial stage of the booting sequence.

A free unofficial patch has been released through the 0patch platform to address an actively exploited zero-day flaw in the Windows Mark of the Web security mechanism. Windows automatically adds MotW flags to all documents and executables downloaded from untrusted sources, including files extracted from downloaded ZIP archives, using a special 'Zone.Id' alternate data stream.

Details have emerged about a now-patched security flaw in Windows Common Log File System that could be exploited by an attacker to gain elevated permissions on compromised machines. "The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file in CLFS.sys," the cybersecurity firm said in a root cause analysis shared with The Hacker News.

The downloaded malicious files contained JavaScript that initiated an intricate infection with the file-encrypting malware. A report from HP's threat intelligence team notes that Magniber ransomware operators demanded payment of up to $2,500 for home users to receive a decryption tool and recover their files.