Security News

Researchers at firmware and supply-chain security company Ecylpsium claim to have found what they have rather dramtically dubbed a "Backdoor" in hundreds of motherboard models from well-known hardware maker Gigabyte. You can reinstall Windows at any time, and a standard Windows image doesn't know whether you're going to be using a Gigabyte motherboard or not, so it doesn't come with GigabyteUpdateService.

Microsoft says SMB signing will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build rolling out to Insiders in the Canary Channel. "This changes legacy behavior, where Windows 10 and 11 required SMB signing by default only when connecting to shares named SYSVOL and NETLOGON and where Active Directory domain controllers required SMB signing when any client connected to them," Microsoft said.

Microsoft is now rolling out a new Windows 11 dev build allowing Insiders to view their phone's camera roll in the File Explorer Gallery. Once the Windows 11 Insider Preview Build 23471 gets installed, they can add photos from their phone by clicking a new button added to the File Explorer's command bar.

After the malicious driver is written to the disk, Terminator loads it to use its kernel-level privileges to kill off the user-mode processes of AV and EDR software running on the device. While it is not clear how the Terminator program is interfacing with the driver, a PoC exploit was released in 2021 that exploits flaws in the driver to execute commands with Windows Kernel privileges, which could be used to terminate normally-protected security software processes.

One of these fundamental security procedures is the period resetting of a strong login password - a security task that users are understandably reluctant to participate in. In Windows 11, administrators of local user accounts can force members to reset their respective passwords on their next login by making a simple change on a specific configuration screen.

The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services web servers to gain initial access to corporate networks. The latest tactic of targeting Windows IIS servers was discovered by South Korean researchers at the AhnLab Security Emergency Response Center.

The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software. Windows applications will prioritize DLLs in the same folder as the executable, loading them before all others.

Microsoft has released a new Windows 11 dev build that adds a long-awaited feature allowing users to ensure that all windows are shown as individual items in the taskbar. The new never combined mode is rolling out to Windows Insiders in the Dev Channel, so it might take some time to reach all enrolled devices.

A new ransomware operation named 'Buhti' uses the leaked code of the LockBit and Babuk ransomware families to target Windows and Linux systems, respectively. Blacktail uses the Windows LockBit 3.0 builder that a disgruntled developer leaked on Twitter in September 2022.

Microsoft says some 32-bit applications are impacted by recurring failures when saving and copying files across multiple Windows versions. The intermittent issue only affects apps that are large address aware and are also using the CopyFile API on Windows 11 21H2 and 22H2 or Windows 10 21H2 and 22H2. "Windows devices are more likely to be affected by this issue when using some commercial/enterprise security software which uses extended file attributes," Microsoft said.