Archive for the ‘Windows Security’ Category

Windows Event Log Analysis

Trace and Log Analysis: A Pattern Reference for Diagnostics and Anomaly Detection

Leave a Comment

Experts warn of a new stealthy loader tracked as BLISTER

Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic Security researchers uncovered a malware campaign that leverages a new malware and a stealthy loader tracked as BLISTER, that uses a valid code signing certificate issued by Sectigo to evade detection. BLISTER loads second-stage payloads […]

Leave a Comment

Patch these 2 Active Directory flaws to prevent the takeover of Windows domains

Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains. The flaws, tracked as CVE-2021-42287 and CVE-2021-42278, can be chained to impersonate domain controllers and gain administrative privileges on Active Directory. Microsoft is now warning […]

Leave a Comment

‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t

Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability, snappily named OMIGOD. But wait! You probably don’t know whether you’re using OMI or not. Y’see, Open Management Infrastructure (OMI) is often silently installed on Azure—as a prerequisite. And, to make matters worse, Microsoft hasn’t rolled out the patch for you—despite publishing the code a month ago. So much for […]

Leave a Comment

Windows zero-day MSHTML attack

Details are scarce so far, but Microsoft is warning Office users about a bug that’s dubbed  CVE-2021-40444 , and described as Microsoft MSHTML Remote Code Execution Vulnerability. The bug doesn’t have a patch yet, so it’s what’s known as a zero-day, shorthand for “the Good Guys were zero days ahead of the Bad Guys with a patch for […]

Leave a Comment

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. The issues […]

Leave a Comment

Windows 11 Security Scare—MS Nixes Fixes on Older PCs

Windows 11 won’t auto-update on slightly old PCs. It appears this includes security updates—although Microsoft PR is doing its usual trick of ghosting reporters who ask. This sounds like a terrible idea: A fleet of unpatched Windows 11 PCs connected to the internet? That’s a recipe for disaster. Stand by for Redmond to walk this one back in an embarrassing climbdown. In […]

Leave a Comment

Interesting Privilege Escalation Vulnerability

It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into […]

Leave a Comment

This Mouse Gives you Admin on Windows

Razer gaming mice come with a buggy installer. It starts automatically when you plug in one of Razer’s devices. The installer runs as SYSTEM. And it lets you start a shell—which also runs as SYSTEM. A classic elevation-of-privilege bug. And one that’s incredibly simple to exploit. DĂŠjĂ  vu? It’s like PrintNightmare all over again. In today’s SB Blogwatch, we point the fingers […]

Leave a Comment

Defeating Microsoft’s Trusted Platform Module

Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization. They received no test credentials, configuration details, or other information about the machine. They were not only able to get into the BitLocker-encrypted computer, […]

Leave a Comment

Obtaining password hashes of Windows systems with PetitPotam attack

A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with him. […]

Leave a Comment

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Windows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping. As if one Windows Nightmare dogging all our printers were not enough… …here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry. Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. […]

Leave a Comment

WhyNotWin11 is a better replacement for Windows 11’s PC Health Check

An open-source application called WhyNotWin11 acts as a better drop-in replacement for Microsoft’s PC Health Check app to determine if your hardware is compatible with Windows 11. This week, Microsoft announced that the next version of Windows is Windows 11 would be the next version of Windows and that it would be released as a free upgrade […]

Leave a Comment

Windows HTTP flaw also impacts WinRM servers

Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including a critical HTTP Protocol Stack Remote Code Execution vulnerability tracked as CVE-2021-31166. The flaw could be exploited by an unauthenticated attacker by sending a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. This stack is […]

Leave a Comment

Information security: What is Pass the Hash Attack and how to mitigate the attack

A Pass the Hash (PTH) attack is a technique whereby an attacker captures a password hash as opposed to the password itself (characters) thereby gaining access (authentication) to the networked systems. This technique is used to steal credentials and enable lateral movement within a network. In a Windows environment, the challenge-response model used by NTLM security is abused to enable a malicious […]

Leave a Comment

Expert released PoC exploit code for Windows CVE-2021-31166

Leave a Comment

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent. According to the expert, the vulnerability only impacts consumer accounts. The vulnerability is related to the possibility to launch a bruteforce attack to guess the seven-digit security code that is sent […]

Leave a Comment

Why enterprises need rugged devices with integrated endpoint management systems

Paired longevity solutions in hardware and software There is a solution to both these issues – durability and security. Rugged devices are designed specifically for your hardworking enterprise operations. They integrate seamlessly into UEM and MDM platforms, can be trained to only engage with secure networks, and can be geofenced to turn themselves into expensive […]

Leave a Comment

Windows and Linux servers targeted by new WatchDog botnet for almost two years

Due to the recent rise in cryptocurrency trading prices, most online systems these days are often under the assault of crypto-mining botnets seeking to gain a foothold on unsecured systems and make a profit for their criminal overlords. The latest of these threats is a botnet named WatchDog. Discovered by Unit 42, a threat intelligence division […]

Leave a Comment

Patch now to stop hackers blindly crashing your Windows computers

There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code execution is where otherwise innocent-looking data that’s sent in from outside your network can trigger a bug and take over your computer. Bugs that make it possible for booby-trapped chunks […]

Leave a Comment