Security News

Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team, the malware uses a resilient domain generation algorithm to identify its command-and-control infrastructure and utilizes the Windows Registry for all of its storage operations, thereby enabling it to bypass antimalware engines. The RAT "Utilizes novel methods for fileless persistence, on-system activity, and dynamic run-time capabilities like self-updating and recompilation," researchers Matt Stafford and Sherman Smith said, adding it "Represents an evolution in fileless malware techniques, as it uses the registry for nearly all temporary and permanent storage and therefore never writes anything to disk, allowing it to operate beneath or around the detection threshold of most security tools."

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. It's worth noting that this is in addition to the 21 flaws resolved in the Chromium-based Microsoft Edge browser.

Microsoft is working on making Windows Terminal the default terminal emulator program in Windows 11 instead of the Windows Console Host, starting next year. Unlike the current default app, the Windows Terminal app comes with support for multiple console tabs in a single window and choosing between the cmd shell, PowerShell, and Linux distro shells installed via the Windows Subsystem for Linux.

Microsoft has addressed a known issue that plagued Windows Server customers for weeks, preventing the Defender for Endpoint enterprise security platform from launching on some systems. The issue only impacts devices where customers installed Windows Server 2019 and Windows Server 2022 security updates issued during last month's Patch Tuesday.

Microsoft has released the Windows 11 KB5008215 cumulative update to fix security vulnerabilities and bugs introduced in previous versions. KB5008215 is a mandatory cumulative update containing security updates, performance improvements, and bug fixes for Windows 11 21H2. You can install this update by going to Start > Settings > Windows Update and clicking on 'Check for Updates.

The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction. "We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.

December 2021 Patch Tuesday is rolling out to devices on Windows 10 version 2004, version 20H2, version 21H1 and version 21H2. As per the official release notes, Microsoft has published two cumulative updates - KB5008212 and KB5008206. Like the November release, this month's security updates include security fixes for November 2021 Update, May 2021 Update, October 2020 Update, and May 2020 Update.

Dell's fix wasn't comprehensive enough to prevent additional exploitation, and as security researchers warn now, it is an excellent candidate for future Bring Your Own Vulnerable Driver attacks. "However, the partially fixed driver can still help attackers."

The vulnerability affects all Windows versions, including Windows 11 and Windows Server 2022, and it can be exploited by attackers with limited local accounts to escalate privileges and run code with admin rights. Mitja Kolsek, the co-founder of the 0patch service that delivers hotfixes that don't require system reboots, explains that the issue stems from the way Windows installer creates a Rollback File that allows restoring the data deleted or modified during the installation process.

Windows 11 is getting a new "Voice Access" feature to control the operating system using your voice and a microphone. While Microsoft has already supported dictation via a microphone, the ability to use your voice to execute commands in Windows has been limited to specific applications.