Security News

Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows,.

"These attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution in the Chrome web browser, we were able to find and analyze an elevation of privilege exploit that was used to escape the sandbox and obtain system privileges," Larin explained. According to Kaspersky, the two Windows flaws were chained to an exploit for a different Chrome vulnerability to plant high-end malware on specific targets running Windows.

Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide. The zero-day exploit chain deployed in the campaign used a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems.

As part of the June 2021 Patch Tuesday, Microsoft has released new cumulative updates for all supported version of Windows, including Windows 10 KB5003637 & KB5003635 for the Windows 10 May 2021 Update and Windows 10 October 2020 Update. The cumulative updates include security fixes for PCs with May 2021 Update, October 2020 Update and May 2020 Update.

A reverse engineer has discovered what is claimed to be "The first known malware targeting Windows containers to compromise cloud environments," a sentence to put any system administrator on edge. Building on work published in December of last year on reverse-engineering Windows containers, security researcher Daniel Prizmant's latest discovery - made during his day job at Palo Alto Networks' Unit 42 security arm - looks to punch holes in Kubernetes clusters, and has apparently succeeded in doing so across at least 23 known targets.

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant.

Windows containers have been victimized for over a year by the first known malware to target Windows containers. In a post published on Monday, Prizmant wrote that Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers, with the main purpose of opening "a backdoor into poorly configured Kubernetes clusters in order to run malicious containers."

A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks. Dubbed Siloscape, the heavily obfuscated malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and perform various other nefarious activities.

New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities. It organizes app containers into pods, nodes, and clusters, with multiple nodes forming clusters managed by a master which coordinates cluster-related tasks such as scaling or updating apps.

From simply changing the accent color to installing a new theme from the Windows Store, Windows 10 provides plenty of options by default. Windows 10 allows you to manage the volume mixer and audio devices from the Settings app.