Security News

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer.

Earlier this week, Microsoft has shared guidance on securing Windows 365 Cloud PCs and more info on their built-in security capabilities. The guidance is broken down into actions customers can take to secure Cloud PCs enrolled in Windows 365 Business and Windows 365 Enterprise subscription plans.

Starting this week, Microsoft customers can use the Azure Virtual Desktop to virtualize a Windows 11 preview desktop on Azure virtual machines. "Azure Virtual Desktop has become a popular cloud VDI platform to run desktops and apps in the cloud and deliver a full Windows experience to users virtually anywhere," said Kam VedBrat, GM for Windows Virtual Desktop at Microsoft.

Microsoft has released Windows 11 ISO images this week, and as it's always smart to have a copy of the operating system media to resolve critical problems, we will explain how you can download the Windows 11 ISO directly from Microsoft. Microsoft makes it very easy to download Windows 11 ISOs directly from the Windows Insider program.

Below we have tracked some of the ransomware stories that we are following this week. Another report illustrates how threat actors are tracking researchers on Twitter as a new ransomware gang known as LockFile uses the PetitPotam attack to take over Windows domains.

This article goes hands-on with a new Windows 11 feature called 'Focus Sessions' that aims to keep people focused while performing a particular task. This week, Microsoft released a new version of the 'Alarms & Clock' app via the Microsoft Store with a new feature called 'Focus Sessions.

At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in the business.

A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft's official security update. In July, security researcher GILLES Lionel, aka Topotam, disclosed a new technique called 'PetitPotam' that performs unauthenticated forced authentication on domain controllers using various functions in the MS-EFSRPC API. Microsoft's security update is not complete.

Microsoft has finally released the first official ISOs for Windows 11, allowing users to perform clean installs of the new operating system. Microsoft released their first preview build of Windows 11 at the end of June, and since then, users have been eagerly anticipating the first release of ISO images.

The gist of the matter is that the default rules of the Windows Filtering Platform - a set of API and system services that provide a platform for creating network filtering apps - permit executable files to connect to TCP sockets in AppContainers, which can enable malicious actors to pull off EoP. Essentially, some rules defined in WFP can be matched by a malicious actor to connect to an AppContainer and inject malicious code. As Forshaw explained in his report, connecting to an external network resource from an AppContainer is enforced through default rules in the WFP: "For example, connecting to the internet via IPv4 will process rules in the FWPM LAYER ALE AUTH CONNECT V4 layer," he wrote.