Security News

Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process. One of the most common methods to steal Windows credentials is to gain admin privileges on a compromised device and then dump the memory of the Local Security Authority Server Service process running in Windows.

The U.S. Cybersecurity & Infrastructure Security Agency has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks.CISA's warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect the organization's network.

In a support document updated today, Microsoft stated that Windows 10 20H2 will reach EOS on May 10, 2022. "These editions will no longer receive security updates after May 10, 2022. Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 to remain supported," Microsoft explained.

Exe in Windows Server in favor of Windows PowerShell, which also includes the ability to query Windows Management Instrumentation. "The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by Windows PowerShell for WMI," explains the list of deprecated Window features.

Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32. A report from the threat research team at security analytics platform Uptycs shows that the use of regsvr32.

A Windows living-off-the-land binary known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. In this case, Regsvr32 is aMicrosoft-signed command line utility in Windows that allows users to register and unregister libraries.

Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. The timing of the attacks coincides with the moment that Microsoft announced Windows 11's broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation's success.

The new update is now available for Windows 10 21H2, version 21H1, and version 20H2 As per the official release notes, Microsoft has published two main cumulative updates for Windows 10 - KB5010342 and KB5010345. Like every Patch Tuesday, you can check for and install new updates by going to Settings, clicking on Windows Update, and selecting 'Check for Updates' to install the updates.

Microsoft has released the Windows 11 KB5010386 cumulative update with security updates, performance improvements, and fixes for an LDAP bug. Windows 11 users can install today's update by going to Start > Settings > Windows Update and clicking on 'Check for Updates.

Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service. The Mozilla Maintenance Service is an optional Firefox and Thunderbird service that makes application updates possible in the background.