Security News

Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. Windows Notepad languished without new features for years while more modern text editors, like Notepad2 and Notepad++, were developed and released.

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. The known issue impacts all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates.

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.

North Korea's notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7. Rapid7 isn't sure how the gang distributes its latest attack, but is confident the payload includes poisoned Microsoft Compiled HTML Help files along with ISO, VHD, ZIP and RAR files.

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. Affected servers are freezing and rebooting because of a Local Security Authority Subsystem Service process memory leak introduced with the March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022.

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. 1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor.

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which...

Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. The unsolicited ads are believed to be shown when users have Google Chrome open and configured to use Google as the default search engine.

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific...

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The...