Security News

This week's Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micro's security products that breaks some of their capabilities, including the ransomware protection feature. "The UMH component used by several Trend Micro endpoint and server protection products is responsible for some advanced features such as ransomware protection," the antivirus vendor revealed.

Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. Attackers can launch this attack using the KrbRelayUp tool developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn privilege escalation tools.

Microsoft has announced that Windows Subsystem for Linux distros are now supported on Windows Server 2022 after installing this week's cumulative update previews. To install the Windows Server 2022 KB5014021 update, you must go to Settings > Windows Update and manually 'Check for updates.

Microsoft has improved the account settings in the latest Windows 11 preview build, a settings page that now lists Office subscriptions linked to the user's Microsoft 365 account. The Windows Insider team started rolling out a new 'Your Microsoft account' settings page within Windows 11's Settings in October 2021.

Microsoft has released optional cumulative update previews for Windows 11, Windows 10 version 1809, and Windows Server 2022, with fixes for Direct3D issues impacting client and server systems. The updates are part of Microsoft's scheduled April 2022 monthly "C" updates, allowing Windows users to test the fixes released on June 15th as part of next month's Patch Tuesday.

Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware. These operations spanned between February and April 2022, coinciding with the Russian invasion of Ukraine.

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

Microsoft is testing a new feature in the latest Windows 11 preview build that displays an Internet search box directly on the desktop. The problem is that it does not honor your default browser and only uses Bing and Microsoft Edge instead. This new feature is currently being tested with a small subset of Windows Insiders running the Windows 11 build 25120 on the 'Dev' channel.

Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects.