Security News

Microsoft has released the Windows 10 KB5017308 and KB5017315 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolves twenty bugs and performance issues. This update is not available for Windows 10 1909 or Windows 10 2004.

Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this month. Unlike the original Windows 11 release, it won't be a massive update with radical design changes.

"This issue only affects devices after adding a Microsoft account. It does not affect Active Directory domain users accounts or Azure Active Directory accounts." Microsoft says it addressed this issue via Known Issue Rollback, a Windows capability designed to revert buggy Windows non-security fixes pushed through Windows Update.

Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems. This aligns with Microsoft's findings that DEV-0270 uses BitLocker, a data protection feature that provides full volume encryption on devices running Windows 10, Windows 11, or Windows Server 2016 and above.

Microsoft says the latest Windows 11 preview build has improved the Accounts Settings page to provide Xbox subscription management capabilities. The new 'Your Microsoft account' settings page within Windows 11's Settings was rolled out by the Windows Insider team starting in October 2021.

Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches. "The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.

A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries. According to a report by Check Point, the malware is created by a developer named 'Nitrokod,' which at first look appears to be clean of malware and provides the advertised functionality.

Microsoft has released the optional KB5016691 Preview cumulative update for Windows 11 with 22 fixes or improvements. This Windows 11 cumulative update is part of Microsoft's August 2022 monthly "C" update, allowing users to test upcoming fixes coming in the September 2022 Patch Tuesday.

Microsoft has discovered a new malware used by the Russian hacker group APT29 that enables authentication as anyone in a compromised network. Dubbed 'MagicWeb', the new malicious tool is an evolution of 'FoggyWeb', which allowed hackers to exfiltrate the configuration database of compromised Active Directory Federation Services servers, decrypt token-signing and token-decryption certificates, and fetch additional payloads from the command and control server.