Security News

Microsoft has released Windows 11 ISO images this week, and as it's always smart to have a copy of the operating system media to resolve critical problems, we will explain how you can download the Windows 11 ISO directly from Microsoft. Microsoft makes it very easy to download Windows 11 ISOs directly from the Windows Insider program.

Below we have tracked some of the ransomware stories that we are following this week. Another report illustrates how threat actors are tracking researchers on Twitter as a new ransomware gang known as LockFile uses the PetitPotam attack to take over Windows domains.

This article goes hands-on with a new Windows 11 feature called 'Focus Sessions' that aims to keep people focused while performing a particular task. This week, Microsoft released a new version of the 'Alarms & Clock' app via the Microsoft Store with a new feature called 'Focus Sessions.

At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in the business.

A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft's official security update. In July, security researcher GILLES Lionel, aka Topotam, disclosed a new technique called 'PetitPotam' that performs unauthenticated forced authentication on domain controllers using various functions in the MS-EFSRPC API. Microsoft's security update is not complete.

Microsoft has finally released the first official ISOs for Windows 11, allowing users to perform clean installs of the new operating system. Microsoft released their first preview build of Windows 11 at the end of June, and since then, users have been eagerly anticipating the first release of ISO images.

The gist of the matter is that the default rules of the Windows Filtering Platform - a set of API and system services that provide a platform for creating network filtering apps - permit executable files to connect to TCP sockets in AppContainers, which can enable malicious actors to pull off EoP. Essentially, some rules defined in WFP can be matched by a malicious actor to connect to an AppContainer and inject malicious code. As Forshaw explained in his report, connecting to an external network resource from an AppContainer is enforced through default rules in the WFP: "For example, connecting to the internet via IPv4 will process rules in the FWPM LAYER ALE AUTH CONNECT V4 layer," he wrote.

1200 with the awaited new Windows Hello security feature, WPA3 HPE support, and GPU computing in the Windows Subsystem for Linux. In July, Microsoft officially released the Windows 10 21H2 feature update to Insiders for testing but stated that its new features would be coming later.

By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between attacks, researchers at Tencent who first identified HolesWarm refer to the malware as the "King of Vulnerability Exploitation."

Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser. Learn how to install and activate this Windows 10 security feature.