Security News
Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients. "For most individual users, automatic updates will be enabled by default. When enabled, users will have the opportunity to opt-out of automatic updates for their desktop client after the first install or first update where this feature is present," said Jeromie Clark, Security & Privacy Technical Product Manager at Zoom.
The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try some new third-party programs to customize the experience and get the most out of Windows 11. Windows 11 is essentially Windows 10 with a new design, so it also comes with the same bloatware problem.
The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try some new third-party programs to customize the experience and get the most out of Windows 11. Windows 11 is essentially Windows 10 with a new design, so it also comes with the same bloatware problem.
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposedGoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. Malicious Python packages employ advanced detection evasion techniquesJFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times.
Free unofficial patches have been released to protect Windows users from a local privilege escalation zero-day vulnerability in the Mobile Device Management Service impacting Windows 10, version 1809 and later. While Microsoft has most likely also noticed Naceri's June disclosure, the company is yet to patch this LPE bug, exposing Windows 10 systems with the latest November 2021 security updates to attacks.
A sad-faced Microsoft engineer has had to reset the "Days since we last shot ourselves in the foot" counter at the company's HQ after a security update broke Microsoft Defender for Endpoint on Windows Server Core. The latter included the LTSC editions of Windows 10 as Microsoft pointed out, only devices with a Windows Server Core installation were affected.
Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems. The enterprise endpoint security platform might fail to start or run on devices with a Windows Server Core installation.
Microsoft has released the optional KB5007253 Preview cumulative update for Windows 10 2004, Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. Microsoft claims this update fixes network printing issues causing 0x000006e4, 0x0000007c, or 0x00000709 error codes to be displayed. The KB5007253 cumulative update preview is part of Microsoft's September 2021 monthly "C" update, allowing admins to test fixes coming as part of the December 2021 Patch Tuesday.
A new stealthy JavaScript loader named RATDispenser is being used to infect devices with a variety of remote access trojans in phishing attacks. Once launched, the loader will write a VBScript file to the %TEMP% folder, which is then executed to download the malware payload. These layers of obfuscation help the malware evade detection 89% of the time, based on VirusTotal scan results.
Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates.