Security News

Nvidia has released a display driver hotfix to address recently reported high CPU usage and blue screen issues on Windows 10 and Windows 11 systems. As the company explains, the GeForce Hotfix Driver Version 531.26 fixes higher CPU usage from NVIDIA Container that could be observed after exiting games and random bug checks on some laptop models.

Nvidia confirmed today that it's working to fix a driver issue causing high CPU usage and blue screens of death on Windows systems. The buggy driver is the GeForce Game Ready 531.18 WHQL driver released on February 28th that introduced support for RTX Video Super Resolution.

A new phishing campaign targets organizations in Eastern European countries with the Remcos RAT malware with aid from an old Windows User Account Control bypass discovered over two years ago. The use of mock trusted directories to bypass Windows User Account Control stands out in the attack as it's been known since 2020 but remains effective today.

Microsoft is adding a new Canary channel to its nine-year-old Windows Insider Program to let the most fearless users test what it describes as "Hot off the presses" features. Windows builds released through the Canary Channel will have higher numbers than the ones in the Dev, Beta, and Release Preview channels, starting with 25000 series builds.

The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, we first need to explain how we got here.

Microsoft is testing a new and modern-looking Windows 11 volume mixer accessible via the taskbar Quick Settings panel that helps adjust the volume on a per-app basis and switch between audio devices. Testers need to open the Quick Settings panel to access it after clicking the volume icon in the Windows tray or use the new global keyboard shortcut for even faster control.

Microsoft has released out-of-band security updates for 'Memory Mapped I/O Stale Data' information disclosure vulnerabilities in Intel CPUs.The Mapped I/O side-channel vulnerabilities were initially disclosed by Intel on June 14th, 2022, warning that the flaws could allow processes running in a virtual machine to access data from another virtual machine.

The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infected even fully patched Windows 11 systems. BlackLotus is the first public example of UEFI malware that can avoid the Secure Boot mechanism, thus being able to disable security protections that come with the operating system.

ESET researchers have published the first analysis of a UEFI bootkit capable of circumventing UEFI Secure Boot, a critical platform security feature. "Our investigation started with a few hits on what turned out to be the BlackLotus user-mode component - an HTTP downloader - in our telemetry late in 2022. After an initial assessment, code patterns found in the samples brought us to the discovery of six BlackLotus installers. This allowed us to explore the whole execution chain and to realize that what we were dealing with here is not just regular malware," says Martin Smolár, the ESET researcher who led the investigation into the bootkit.

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled. Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.