Security News

Microsoft says Windows 11 customers might experience networking speed issues if Dell's SmartByte software runs on their devices. Microsoft has now also found compatibility issues between the SmartByte networking software and Windows 11, version 21H2, that could lead to slower than expected Internet speeds on impacted devices.

Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the operating system is increasingly becoming a "Tempting target." Slovak cybersecurity firm ESET codenamed the new malware "ESPecter" for its ability to persist on the EFI System Partition, in addition to circumventing Microsoft Windows Driver Signature Enforcement to load its own unsigned driver that can be used to facilitate espionage activities such as document theft, keylogging, and screen monitoring by periodically capturing screenshots.

Microsoft's second Security Signals report shows that enterprise security decision-makers are concerned about the security impact of hybrid work, and they expect PC hardware to help, said Dave Weston, director of OS security at Microsoft. "On one hand, that is somewhat intuitive because you're losing Intrusion Detection Systems and some of the network-based analysis and of course the physical protection of being on campus." But it also underlines that while Windows 10 has the same features for zero-trust security approaches that are built into Windows 11, they haven't been adopted broadly because people just don't turn them on.

A newly discovered and previously undocumented UEFI bootkit has been used by attackers to backdoor Windows systems by hijacking the Windows Boot Manager since 2012. Bootkits are malicious code planted in the firmware invisible to security software that runs within the operating system since the malware is designed to load before everything else, in the initial stage of the booting sequence.

Right after officially releasing Windows 11, Microsoft has added three know issues to the Windows 11 12H2 release health dashboard. Microsoft has released Windows 11 worldwide yesterday and is now rolling it out via Windows Update to new Windows 10 devices and those pre-loaded with Windows 11.

Microsoft has officially released Windows 11 and ISO images that allow you to create bootable media to perform clean installs of the operating system and troubleshoot bugs and problems. Go to Download Windows 11 page in your favorite web browser.

Microsoft has released Windows 11 worldwide, and it is now rolling it out via Windows Update on devices with compatible hardware and the latest updates. Windows 10 users can upgrade to Windows 11 for free now via Windows Update as long as their device has compatible hardware.

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "Sophisticated multi-stage malware framework" that allows for providing persistence and remote control over the targeted hosts.

Microsoft has released the optional KB5005611 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes bugs in Microsoft Outlook and makes it easier to mitigate the PrintNightmare vulnerability. This cumulative update is part of Microsoft's September 2021 monthly "C" update, allowing Windows users to test the upcoming fixes before they are automatically deployed in the forthcoming October 2021 Patch Tuesday.

Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent. The malware looks and acts the part of a legitimate antivirus solution specially created to scan the system for traces of Pegasus traces and to remove them.