Security News

A privilege escalation bug, affecting versions of Windows 10, received a workaround fix by Microsoft Wednesday to prevent attackers from accessing data and creating new accounts on compromised systems. The bug, dubbed SeriousSAM, affects the Security Accounts Manager database in all versions of Windows 10.

Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system. While the very first Formbook samples were detected in the wild in January 2016, the sale of the malware on underground forums stopped in October 2017, only to be resurrected more than two years later in the form of XLoader in February 2020.

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT Coordination Center's Will Dormann said in an advisory published Sunday.

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. "An elevation of privilege vulnerability exists because of overly permissive Access Control Lists on multiple system files, including the Security Accounts Manager database," the Windows makers noted.

Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first. In a previous article, we noted that many of the security features listed as absolute requirements for a successful Windows 11 installation are already available as options in Windows 10, you just have to turn them on manually.

Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. The moniker HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files, known in Microsoft jargon as hives or hive files. These hive files include a trio called SAM, SECURITY and SYSTEM, which between them include secret data including passwords and security tokens that regular users aren't supposed to be able to access.

Today, researchers at ReversingLabs have disclosed their findings on two malicious npm packages that secretly steal passwords from your Chrome web browser. "We have contacted NPM to take the package down. We are still waiting on their security team to respond," ReversingLabs' chief software architect and co-founder, Tomislav Pericin told BleepingComputer in an email interview.

A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. The connection between the two malware pieces was confirmed after a member of the community reverse-engineered XLoader and found that it had the same executable as Formbook.

"An elevation of privilege vulnerability exists because of overly permissive Access Control Lists on multiple system files, including the Security Accounts Manager database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute code on a victim system to exploit this vulnerability," Microsoft confirmed. The vulnerability stems from the fact that non-administrative users can read the vulnerable host's sam, system, and security Windows Registry hive files.

Microsoft has shared a workaround for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. "An elevation of privilege vulnerability exists because of overly permissive Access Control Lists on multiple system files, including the Security Accounts Manager database," Microsoft explains in a security advisory published on Tuesday evening.