Tag: windows

Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks
News

Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks

A serious security vulnerability in the Rust standard library might be used to launch command injection attacks against Windows users. The vulnerability, identified by the tracking number CVE-2024-24576, has a maximum severity of 10.0 on the CVSS. That being stated, it only affects situations in which Windows batch files are called with untrusted parameters. According to a working group advisory published on April 9, 2024, the Rust standard library does not appropriately escape arguments when calling batch files (with the bat and cmd extensions) on Windows using the Command API. Bypassing the escaping, an attacker with control over the inputs given to the generated process might execute any shell command read more Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to...
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
News

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

Researchers studying security have discovered a novel form of dynamic link library (DLL) search order hijacking that threat actors might employ to get around security measures and execute malicious code on Microsoft Windows 10 and Windows 11 platforms. The cybersecurity company Security Joes stated in a new study that was privately shared with The Hacker News that the strategy "leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL search order hijacking technique." By doing this, adversaries can, as has been seen in the past, insert potentially vulnerable binaries into the attack chain and do away with the requirement for elevated privileges read more New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections. ...
New Go-Based JaskaGO Malware Targeting Windows and macOS Systems
News

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

The most recent danger to compromise both Windows and Apple macOS systems is a new Go-based information-thieving malware known as JaskaGO. The malware was discovered by AT&T Alien Labs, which stated that it is "equipped with an extensive array of commands from its command-and-control (C&C) server." The first macOS-specific artifacts were discovered in July 2023, masquerading as installations for reputable programs like CapCut. Malware variations have taken on the guise of AnyConnect and security tools. JaskaGO installs itself, checks to see if it is running in a virtual machine (VM) environment, and if it is, it likely tries to hide its presence by doing an innocent job like pinging Google read more New Go-Based JaskaGO Malware Targeting Windows and macOS Systemsz. Get...
ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
News

ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

ZenRAT, a brand-new malware strain that spreads via fake Bitwarden password manager installation packages, has surfaced in the open. Enterprise security company Proofpoint stated in a technical analysis that the malware "is specifically targeting Windows users and will redirect people using other hosts to a benign web page." "The malware is a modular remote access trojan (RAT) with information-stealing capabilities." Although it's unclear how traffic is being routed to the domains, ZenRAT is hosted on phony websites that claim to be affiliated with Bitwarden. Such virus has previously been spread by phishing, malicious advertising, or SEO poisoning attempts read more ZenRAT Malware Targeting Windows Users via Fake Password Manager Software. Stay informed with the best cybersecuri...
New Windows 11 feature blocks NTLM-based attacks over SMB
News

New Windows 11 feature blocks NTLM-based attacks over SMB

To stop pass-the-hash, NTLM relay, or password-cracking threats, Microsoft implemented a new security feature to Windows 11 that allows administrators to restrict NTLM over SMB. This will alter the conventional method in which Windows SPNEGO would power Kerberos and NTLM (i.e., LM, NTLM, and NTLMv2) authentication discussions with destination servers. Windows will attempt to negotiate authentication with the remote computer by executing an NTLM challenge response when connecting to a remote SMB share. However, the logged-in user's hashed password will be included in the NTLM challenge answer and can be obtained by the server hosting the SMB share read more New Windows 11 feature blocks NTLM-based attacks over SMB. Stay informed with the best cybersecurity news and raise your cybe...
Hackers Exploit Windows Policy Loophole to Forge Kernel Mode Driver Signatures
News

Hackers Exploit Windows Policy Loophole to Forge Kernel Mode Driver Signatures

Chinese-speaking threat actors have been seen to be using a Microsoft Windows policy vulnerability to spoof signatures on kernel-mode drivers. In a thorough two-part study provided with The Hacker News, Cisco Talos claimed that "actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates." This poses a serious risk because gaining access to the kernel allows for total system access and consequent system compromise. Microsoft announced that it has taken action to block all certificates in order to reduce the hazard after making a responsible disclosure read more Hackers Exploit Windows Policy Loophole to Forge Kernel Mode Driver Signatures. Stay informed with the best ...
Iranian Hackers Sophisticated Malware Targets Windows and macOS Users
News

Iranian Hackers Sophisticated Malware Targets Windows and macOS Users

The spear-phishing attempts that infect Windows and macOS operating systems with malware have been connected to the Iranian nation-state actor known as TA453. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint claimed in a recent research. "When given the chance, TA453 transferred its malware and tried to start a NokNok infection chain with an Apple flavor. Additionally, TA453 used multiple persona impersonations in its never-ending spying mission read more Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awar...
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems
News

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

A zero-day vulnerability in VMware ESXi hosts has been discovered to be used by the Chinese state-sponsored outfit UNC3886 to backdoor Windows and Linux computers. Known as CVE-2023-20867 (CVSS score: 3.9), the VMware Tools authentication bypass vulnerability "enabled the execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," according to Mandiant. In September 2022, the Google-owned threat intelligence company first identified UNC3886 as a cyber espionage actor who had infected systems running read more Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems. Stay one step ahead of cyber threats with ReconBee.com. ...
Exploit for Recent Windows Vulnerability Under Active Exploitation Unveil
News

Exploit for Recent Windows Vulnerability Under Active Exploitation Unveil

Information has become available on a Microsoft Windows security hole that is currently being actively exploited and could be leveraged by a threat actor to escalate their privileges on impacted devices. The vulnerability, identified as CVE-2023-29336, has a severity rating of 7.8 and relates to a flaw that elevates privileges in the Win32k component. In a security advisory released last month as part of Patch Tuesday updates, Microsoft stated that an attacker who was successful in exploiting this vulnerability may obtain read more Exploit for Recent Windows Vulnerability Under Active Exploitation Unveil. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awareness, and the latest cybersecurity news to...
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
Business, Risk, Security

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

The notorious Lazarus Group subcluster BlueNoroff has been seen incorporating fresh strategies into its playbook to get against Windows Mark of the Web (MotW) security measures. In a research released today, Kaspersky revealed that this includes the usage of the virtual hard disc (.VHD extension) and optical disc image (.ISO extension) file formats as a component of a novel infection chain. Security researcher Seongsu Park stated that "BlueNoroff developed multiple phony domains imitating banks and venture capital firms," adding that the new attack technique was noted in its telemetry in September 2022. ABF Capital, Angel Bridge, ANOBAKA, Bank of America, and Mitsubishi UFJ Financial Group, most of which are based in Japan, are among the fake domains that have been discovered to ...