Security News

Kaspersky uncovers fileless malware inside Windows event logs
2022-05-09 17:17

Kaspersky uncovers fileless malware inside Windows event logs. The cybersecurity company published a blog on May 4 detailing that, for the first time ever, hackers have placed shellcode into Windows event logs, hiding Trojans as fileless malware.

Hackers are now hiding malware in Windows Event Logs
2022-05-09 12:00

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible.

This New Fileless Malware Hides Shellcode in Windows Event Logs
2022-05-08 19:51

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. The adversary simulation software modules are then used as a launchpad to inject code into Windows system processes or trusted applications.

Trend Micro antivirus modified Windows registry by mistake — How to fix
2022-05-07 14:03

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified. As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ FRS.VSNTE222 and Virus/Malware: TSC GENCLEAN. Fix and workaround available.

Trend Micro modified Windows registry by mistake — How to fix
2022-05-07 14:03

Trend Micro has fixed a false positive issue affecting its Apex One endpoint security solution leading to Microsoft Edge updates being tagged as malware and Windows registry changes. As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ FRS.VSNTE222 and Virus/Malware: TSC GENCLEAN. Fix and workaround available.

USB-based Wormable Malware Targets Windows Installer
2022-05-06 11:10

Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Eventually the worm installs malicious dynamic link library files found on the infected USB. While researchers first noticed Raspberry Robin as early as September 2021, most of the activity observed by Red Canary occurred during January of this year, researchers said.

New Raspberry Robin worm uses Windows Installer to drop malware
2022-05-05 21:36

Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021.

Microsoft: Windows 11 KB5012643 update will break some apps
2022-05-04 14:06

Microsoft has warned Windows 11 users that they might experience issues launching and using some. Affected apps use optional components such as Windows Workflow and Windows Communication Foundation.

Using PowerShell to manage password resets in Windows domains
2022-05-04 14:01

You can find the date of the user's most recent password change by examining the PwdLastSet attribute, shown in Figure 1. Only one user's password change date is being shown, but there are any number of ways to tell the Get-ADUser cmdlet to display data for multiple user accounts.

Microsoft fixes Windows 11 bug causing flickers in safe mode
2022-05-02 13:00

Microsoft has addressed a newly acknowledged known issue that caused flickering screen problems and made some Windows apps seem unstable in Safe Mode without Networking. "Devices experiencing this issue can log a System error on the Windows Event Log, with Source 'Winlogon' and the following description: 'The shell stopped unexpectedly and explorer.exe was restarted'," Microsoft explained.