Security News

A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware. While there were ways to use ADB to sideload Android apps, users began looking for methods that let them add the Google Play Store to Windows 11.

The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots. Researchers within Microsoft's Detection and Response Team and Threat Intelligence Center spotted the software nasty, dubbed Tarrask, creating undesirable scheduled tasks via Windows Task Scheduler, which is typically used by IT administrators to automate such chores as updating programs, tidying up file systems, and starting certain applications.

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. Microsoft Threat Intelligence Center, which dubbed the defense evasion malware "Tarrask," characterized it as a tool that creates "Hidden" scheduled tasks on the system.

The Cybersecurity and Infrastructure Security Agency has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver. According to a binding operational directive issued in November, all Federal Civilian Executive Branch Agencies agencies must secure their systems against this security flaw after being added to CISA's catalog of Known Exploited Vulnerabilities.

After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows. The update is solely concerned with CVE-2022-24765, an interesting bug which afflicts the Git for Windows fork of Git.

The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month. The actively exploited flaw relates to an elevation of privilege vulnerability in the Windows Common Log File System.

Microsoft says Windows admins can now opt into automatic updates for. NET 6.0 to the Automatic Updates channel as a third option on top of Windows Server Update Services and Microsoft Update Catalog.

Microsoft has released the Windows 11 KB5012592 cumulative update with security updates, quality improvements, and a fix that makes it easier to switch your default browser. KB5012592 is a mandatory cumulative update as it contains the April 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft has released Windows 10 KB5012599 and KB5012591 cumulative updates for versions 21H2, version 21H1, version 20H2 and 1909 to fix security vulnerabilities and resolve bugs. This update is not available for May 2020 Update if you use the consumer edition, but the same update will be offered on devices using enterprise or education SKUs.

Microsoft has discovered a new malware used by the Chinese-backed Hafnium hacking group to maintain persistence on compromised Windows systems by creating and hiding scheduled tasks. "Further investigation reveals forensic artifacts of the usage of Impacket tooling for lateral movement and execution and the discovery of a defense evasion malware called Tarrask that creates 'hidden' scheduled tasks, and subsequent actions to remove the task attributes, to conceal the scheduled tasks from traditional means of identification."