Security News

The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control to deliver malware across multiple workstations and endpoints on a network, researchers have discovered. Researchers at Morphisec Labs team said they discovered code last March that uses the Windows 10 WSReset UAC Bypass to circumvent user account control and deliver malware in recent samples of TrickBot, according to a report released last week.

They can still upgrade from Windows 7 to Windows 10 for free, but those who continue to use Windows 7 now that support has ended are simply more vulnerable to security risks. In addition to that, the good news is that some browser and many AV manufacturers will continue to offer Windows 7 support.

Proof-of-concept exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution. Remote Desktop Gateway is a Windows Server component previously known as Terminal Services Gateway.

Businesses continuing to run Windows 7 should tread carefully and keep Windows 7 at their peril. Compatibility should not be a big issue as Windows 10 can run on most systems that supported Windows 7.

A potential ransomware process using EFS was discovered by researchers at SafeBreach. This approach entirely uses Windows features - and can consequently be defined as a form of 'living off the land' - although the primary difference with traditional ransomware is that this process uses different Windows features that are less likely to be monitored.

Among 60,000 large companies analyzed by security ratings company BitSight, almost 90% still have Windows 7 PCs in their environment. Among the 60,000 organizations studied over the past 60 days by BitSight's data science team, 70% were using Windows 7 in some capacity.

The encryption technology Microsoft uses to protect Windows file systems can be exploited by ransomware. So says the research team at Safebreach Labs, which has demonstrated how file-scrambling software nasties can not only tap into the Windows Encrypting File System but also avoid anti-malware tools.

Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoingWith several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day. January 2020 Patch Tuesday: Microsoft nukes Windows crypto flaw flagged by the NSAAs forecasted, January 2020 Patch Tuesday releases by Microsoft and Adobe are pretty light: the "Star of the show" is CVE-2020-0601, a Windows flaw flagged by the NSA that could allow attackers to successfully spoof code-signing certificates and use them to sign malicious code or intercept and modify encrypted communications.

Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.

A day after the U.S. National Security Agency disclosed a vulnerability that could affect the cryptographic operations in some versions of Microsoft Windows, security researchers started releasing "Proof of concept" code to show how attackers potentially could exploit the flaw. The vulnerability affects versions of Windows 10 as well as Windows Server 2016 and 2019.