Security News

A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Windows includes a security feature called Mark-of-the-Web that flags a file as having been downloaded from the Internet and should be treated with caution as it could be malicious.

Microsoft is developing a Windows system optimization program called 'PC Manager' that combines existing Windows tools into one interface. If you are a Windows user, you have likely run into various Windows system cleaners or system optimization programs that promise to increase the speed of your computer by deleting unnecessary files and Registry keys.

Microsoft says the latest Windows 11 preview build improves update management for IT administrators and fixes several issues leading to app crashes. The focus of this build's update improvements is to help admins make system restarts after Windows updates are installed more predictable.

Details have emerged about a previously undocumented and fully undetectable PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at SafeBreach, said in a new report.

SafeBreach Labs says it has detected a novel fully undetectable PowerShell backdoor, which calls into question the accuracy of threat naming. "The attack starts with a malicious Word document, which includes a macro that launches an unknown PowerShell script," said Bar.

Windows Terminal is now the default console for Windows 11 22H2, marking a significant shift in how Windows users run their command line programs. Windows users have been running their console programs within the Windows Command Prompt for years.

Microsoft has released the long-awaited Windows 11 tabbed File Explorer, Suggested Actions, Taskbar Overflow features, and Task Manager quick-access features in a new preview cumulative update. Last month, Microsoft released Windows 11 22H2 with various new features.

The feature update can be installed via Windows Update by going to Settings > Update & Security > Windows Update and clicking the "Check for updates" button. Customers using devices running Windows 10 20H2 or newer will have a fast installation experience as the Windows 10 2022 will install like a monthly update.

While the use of text messaging goes a long way toward protecting an organization against cyber criminals who attempt to use stolen passwords as a way of gaining access to accounts, text messaging-based MFA has vulnerabilities of its own. Risk of text message use in multi-factor authentication.

Microsoft has issued an out-of-band non-security update to address an issue triggering SSL/TLS handshake failures on client and server platforms. "We address an issue that might affect some types of Secure Sockets Layer and Transport Layer Security connections. These connections might have handshake failures," Microsoft explains.