Security News

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

Microsoft is testing a new multi-app kiosk mode lockdown feature for IT admins in the latest Windows 11 Insider Preview build released to the Dev Channel. "Multi-app kiosk mode is a lockdown feature for Windows 11 that allows an IT administrator to select a set of allowable apps to run on the device, while all other functionalities are blocked," Windows Insider team members Amanda Langowski and Brandon LeBlanc said.

A cyber mercenary that "Ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor, is an Austria-based outfit called DSIRF that's linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero, which can be used to hack targets' phones, computers, and internet-connected devices.

Microsoft has released the first preview build of Windows 10, version 22H2, to Windows Insiders for enterprise testing before the general release later this year. "Commercial devices configured for the Release Preview Channel via the Windows Insider Program Settings page or via Windows Update for Business policy, whether through Microsoft Intune or through Group Policy, will automatically be offered Windows 10, version 22H2 as an optional update."

Microsoft has linked a threat group it tracks as Knotweed to a cyber mercenary outfit named DSIRF, targeting European and Central American entities using a malware toolset dubbed Subzero. Using passive DNS data while investigating Knotweed attacks, threat intelligence firm RiskIQ also found that infrastructure actively serving malware since February 2020 linked to DSIRF, including its official website and domains likely used to debug and stage the Subzero malware.

Microsoft has released the optional KB5015878 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes numerous bug fixes and enhancements, including gaming and Windows Autopilot fixes and a new Focus Assist feature. The KB5015878 cumulative update preview is part of Microsoft's July 2022 monthly "C" update, allowing admins to test upcoming fixes released in the August 2022 Patch Tuesday.

A strong account lockout policy is one of the most effective tools for stopping brute force authentication attempts on Windows domains. As an alternative, you can force an account lockout to remain in effect until an administrator unlocks the account by setting the account lockout duration value to 0.

Microsoft is now taking steps to prevent Remote Desktop Protocol brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise, said in a series of tweets last week.

Microsoft has addressed a known issue that was causing the start menu on some Windows 11 to malfunction after installing recent updates. This known issue affects only devices running Windows 11, version 21H2, and it was acknowledged on Friday after Redmond received customer reports of start menu issues affecting some systems.

Microsoft is warning customers that Windows updates released since June 28 will trigger printing issues on devices connected using USB. "Microsoft has received reports of issues affecting some printing devices following installation of Windows updates released June 28 and later," Redmond explained. "Normal printer usage might be interrupted for either scenario, resulting in failure of printing operations," the company said in a notice on the Windows health dashboard.