Security News

Microsoft has finally made Windows Terminal the default terminal in Windows 11 Insider 'Dev' preview builds, bringing a new modern interface for all your command-line programs. In both Windows 10 Insider builds and Windows 11, Microsoft has already integrated support for Windows Terminal into the operating system, letting you select it as your default console terminal.

VMware has admitted an update on some versions of its Carbon Black endpoint solution is responsible for BSODs and boot loops on Windows machines after multiple organizations were affected by the problem. The problem surfaced yesterday, with threat hunter Tim Geschwindt stating on Twitter he knew of about 50 organizations struggling with the issue, and saying the Carbon Black endpoint solution was "Causing blue screens of death for devices running sensor version 3.7.0.1253".

Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware's Carbon Black endpoint security solution. The root of the problem is a ruleset deployed today to Carbon Black Cloud Sensor 3.6.0.1979 - 3.8.0.398 that causes devices to crash and show a blue screen at startup, denying access to them.

Microsoft has described a severe ChromeOS security vulnerability that one of its researchers reported to Google in late April. Microsoft's write-up is noteworthy both for the severity of the bug and for flipping of the script - it has tended to be Google, particularly its Project Zero group, that calls attention to bugs in Microsoft software.

Microsoft PowerToys is getting a new utility called PowerOCR that lets you select text in an image and copy it directly to the Windows clipboard. The new PowerToy is being developed by Windows app/utility developer Joseph Finney who opened a 'pull request' on July 4th announcing the new PowerOCR program he was creating.

Microsoft PowerToys is getting a new utility called PowerOCR that lets you select text in an image and copy it directly to the Windows clipboard. The new PowerToy is being developed by Windows app/utility developer Joseph Finney who opened a 'pull request' on July 4th announcing the new PowerOCR program he was creating.

Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. During the August 2022 Patch Tuesday, Microsoft released the standalone KB5012170 'Security update for Secure Boot DBX' to resolve vulnerabilities found in various UEFI bootloaders that threat actors could use to bypass the Windows Secure Boot feature and execute unsigned code.

Microsoft is warning that users may see a 0x800f0922 error when trying to install Windows KB5012170 Secure Boot security update on currently supported operating systems for consumers and the enterprise-class Server version. Error 0x800f0922 is related strictly to KB5012170, a security update for the Secure Boot DBX, a repository that holds revoked signatures for Unified Extensible Firmware Interface bootloaders.

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell.

Some signed third-party bootloaders for the Unified Extensible Firmware Interface could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads. Eclypsium security researchers Mickey Shkatov and Jesse Michael discovered vulnerabilities affecting UEFI bootloaders from third-party vendors that could be exploited to bypass the Secure Boot feature on Windows machines.