Security News

New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
2022-08-06 14:05

A new ransomware family called 'GwisinLocker' targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. On Wednesday, Korean cybersecurity experts at Ahnlab published a report on the Windows encryptor, and yesterday, security researchers at ReversingLabs published their technical analysis of the Linux version.

Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution
2022-08-04 13:34

That's because changing the passwords has to be done manually and individually, plus you have to find a way to keep everyone up to date on the unique latest strong password for each server without saving those passwords somewhere an attacker can also find them, like a PASSWORDS.XLS spreadsheet. The Local Administrator Password Solution is a tool Microsoft has offered since 2015 that deals with exactly that problem.

Windows 11 Smart App Control blocks files used to push malware
2022-08-03 20:35

Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several file types threat actors have recently adopted to infect targets with malware in phishing attacks. "Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros," David Weston, Microsoft's VP for Enterprise and OS Security, tweeted on Tuesday.

Microsoft rolling out fix for Windows 10 language bar issues
2022-08-03 16:00

Microsoft has addressed a known issue triggered by recent Windows 10 updates that caused the Input Indicator and Language Bar not to appear in the notification area. This known issue affects devices running Windows 10 version 20H2, 21H1, and 21H2, with more than one language installed.

Microsoft Defender now better at blocking ransomware on Windows 11
2022-08-02 19:13

Microsoft has released new Windows 11 builds to the Beta Channel with improved Microsoft Defender for Endpoint ransomware attack blocking capabilities. "We enhanced Microsoft Defender for Endpoint's ability to identify and intercept ransomware and advanced attacks," Microsoft's Amanda Langowski and Brandon LeBlanc said.

How to remove and overwrite all data on a hard drive for free in Windows 11
2022-08-02 17:03

How to remove and overwrite all data on a hard drive for free in Windows 11 We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. One of these parameters will not only format a hard drive for Windows operating system use, but it will also overwrite all data already on the drive with random numbers.

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload
2022-08-02 08:07

A threat actor associated with the LockBit 3.0 ransomware-as-a-service operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. "Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire, and a new way to side-load Cobalt Strike," researchers Julio Dantas, James Haughom, and Julien Reisdorffer said.

LockBit ransomware abuses Windows Defender to load Cobalt Strike
2022-07-29 14:29

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

LockBit operator abuses Windows Defender to load Cobalt Strike
2022-07-29 14:29

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

Windows 11’s new kiosk mode lets admins limit available apps
2022-07-29 13:07

Microsoft is testing a new multi-app kiosk mode lockdown feature for IT admins in the latest Windows 11 Insider Preview build released to the Dev Channel. "Multi-app kiosk mode is a lockdown feature for Windows 11 that allows an IT administrator to select a set of allowable apps to run on the device, while all other functionalities are blocked," Windows Insider team members Amanda Langowski and Brandon LeBlanc said.