Security News

Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit. The hacking group, dubbed GhostEmperor by Kaspersky researchers who spotted it, use the Demodex rootkit, which acts as a backdoor to maintain persistence on compromised servers.

Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI bootkit using a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. While the tool was previously deployed through tampered installers of legitimate applications such as TeamViewer, VLC, and WinRAR that were backdoored with an obfuscated downloader, subsequent updates in 2014 enabled infections via Master Boot Record bootkits with the goal of injecting a malicious loader in a manner that's engineered to slip past security tools.

Microsoft is relaxing its app store policies for Windows and the redesigned marketplace will meet the needs of customers and developers across a variety of app experiences. With Windows 11, Microsoft has opened up its store to developers using different types of frameworks, packaging technologies, and commerce platforms.

Commercially developed FinFisher malware now can infect Windows devices using a UEFI bootkit that it injects in the Windows Boot Manager. "During our research, we found a UEFI bootkit that was loading FinSpy. All machines infected with the UEFI bootkit had the Windows Boot Manager replaced with a malicious one," Kasperksy researchers revealed today.

A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. When Windows 11 was first announced, Microsoft released the operating system's new system requirements, which included a TPM 2.0 security processor, Secure Boot, newer CPUs, and at least 64 GB of hard drive space.

Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services servers. The malware, dubbed by Microsoft Threat Intelligence Center researchers FoggyWeb, is a "Passive and highly targeted" backdoor that abuses the Security Assertion Markup Language token.

In addition to these design overhauls, Windows 11 also comes with a new File Explorer and Settings app. File Explorer is getting a new header menu, modern context menu and minor improvements.

Microsoft has released an emergency fix for freezing and crashing app issues caused by September's KB5005565 and KB5005101 cumulative updates. With the release of the Windows 10 KB5005101 preview update and the KB5005565 cumulative update, Microsoft states that users may have experienced app freezes, app crashes, and the inability to launch an application.

Security researchers have found a flaw in the Microsoft Windows Platform Binary Table that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012. WPBT is a fixed firmware ACPI table introduced by Microsoft starting with Windows 8 to allow vendors to execute programs every time a device boots.

Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code - which is used in a number of security scanning products," Google Threat Analysis Group's Neel Mehta said in a write-up published on Thursday.