Security News

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. DEV#POPPER is the moniker assigned to an active malware campaign that tricks software developers into downloading booby-trapped software hosted on GitHub under the guise of a job interview.

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017.

Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users - just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update. More than 17 million users might have received the broken update and, as Google put it, "Experienced the issue."

The remote access trojan known as Gh0st RAT has been observed being delivered by an "Evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the web are being singled out.

Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar, but it's turned off by default. When the "End Task" feature is enabled, you can right-click on an app icon in the taskbar and see an "End Task" option.

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. WhatsApp blocks multiple file types considered to carry a risk to users but the company tells BleepingComputer that it does not plan to add Python scripts to the list.

Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. "Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted," Microsoft explained.

Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. The July 2024 non-security preview update fixes an issue that sometimes caused Windows backups to fail on devices with an Extensible Firmware Interface system partition.

Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike's shoddy testing software made possible.

Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache node discovery on enterprise networks. The fix is included with the KB5040525 July 2024 preview update for Windows 10 22H2 released yesterday, which also comes with fixes for WDAC issues causing memory leaks and app failures,.