Security News

Kaspersky uncovers fileless malware inside Windows event logs. The cybersecurity company published a blog on May 4 detailing that, for the first time ever, hackers have placed shellcode into Windows event logs, hiding Trojans as fileless malware.

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible.

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. The adversary simulation software modules are then used as a launchpad to inject code into Windows system processes or trusted applications.

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified. As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ FRS.VSNTE222 and Virus/Malware: TSC GENCLEAN. Fix and workaround available.

Trend Micro has fixed a false positive issue affecting its Apex One endpoint security solution leading to Microsoft Edge updates being tagged as malware and Windows registry changes. As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ FRS.VSNTE222 and Virus/Malware: TSC GENCLEAN. Fix and workaround available.

Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Eventually the worm installs malicious dynamic link library files found on the infected USB. While researchers first noticed Raspberry Robin as early as September 2021, most of the activity observed by Red Canary occurred during January of this year, researchers said.

Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021.

Microsoft has warned Windows 11 users that they might experience issues launching and using some. Affected apps use optional components such as Windows Workflow and Windows Communication Foundation.

You can find the date of the user's most recent password change by examining the PwdLastSet attribute, shown in Figure 1. Only one user's password change date is being shown, but there are any number of ways to tell the Get-ADUser cmdlet to display data for multiple user accounts.

Microsoft has addressed a newly acknowledged known issue that caused flickering screen problems and made some Windows apps seem unstable in Safe Mode without Networking. "Devices experiencing this issue can log a System error on the Windows Event Log, with Source 'Winlogon' and the following description: 'The shell stopped unexpectedly and explorer.exe was restarted'," Microsoft explained.