Security News
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
According to research from cybersecurity company ESET, the APT 37 threat group used the newly discovered malware against very specific entities. The researchers say that the hackers delivered their commands to Dolphin by uploading them on Google Drive.
Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage. According to research from cybersecurity company ESET, the APT 37 threat group used the newly discovered malware against very specific entities.
Google's Threat Analysis Group has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. While TAG is Google's team of security experts focused on protecting Google users from state-sponsored attacks, it also keeps track of dozens of companies that enable governments to spy on dissidents, journalists, and political opponents using surveillance tools.
Microsoft has addressed a known issue leading to significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. "There is a performance reduction in 22H2 when copying larger files from a remote computer down to a Windows 11 computer or when copying files on a local drive," explained Microsoft's Ned Pyle when acknowledging the issue more than a month ago in early October.
Password salting is a technique for making passwords more difficult to crack by adding random values to the stored password hash. In order to understand password salting and its benefits however, it is necessary to understand how Windows stores passwords and some of the risks that are associated with storing passwords in that way.
Microsoft has released the November optional KB5020044 preview cumulative update for all editions of Windows 11, version 22H2. [...]
Updates to Windows Server released as part of this month's Patch Tuesday onslaught might cause some domain controllers to stop working or automatically restart, according to Microsoft. The enterprise software behemoth said organizations installing KB5019966 or later updates on domain controllers could see a memory leak with the Local Security Authority Subsystem Service.
Windows 11 may soon show a system tray indicator notifying when your computer is connected to a VPN, allowing users wishing to browse anonymously to ensure they are connected. As first reported by Neowin, Twitter user PhantomOcean3 discovered that Windows 11 'Dev' build 25247 includes a new hidden feature that, when enabled, displays a small shield icon overlaid the Network system tray icon when connected to a VPN. The image below above have been made larger, and the shield is relatively small in practice, so if this makes it into production, we should expect the shield to be more prominent.
"LSASS might use more memory over time and the DC might become unresponsive and restart," Microsoft explains on the Windows Health dashboard. "Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart."