Microsoft has announced that the Windows Subsystem for Linux is now available as a stand-alone app in the Microsoft Store for Windows 11 users. in other words, WSL is no longer bundled with the operating system but can be downloaded right from the Microsoft Store as long as you run the latest Windows version from show more ...
Microsoft. In case you’re wondering why this is such a big deal, it all comes down to how the Windows Subsystem for Linux is updated in the first place. Once available as a Microsoft Store app, WSL ... (read more)
Windows 11 is currently up for grabs for the first waves of production devices, and just like it typically happens when Microsoft releases a new operating system or a feature update, compatibility issues keep showing up as more users install it. This time, for example, Brother printers encounter various issues on show more ...
devices running Windows 11 when trying to detect the connection via a USB cable, changing the settings, or connecting more than a single printer via USB. The company says that users should just change the connection method as a workaround until a full fix is released, though, at this point, there’s no ETA as to when this could be shipped. “If you cannot use your Brother machine when you connect it to your Windows 11 computer with a USB cable, we recommend temporarily using a different connection type, such as wired or wireless, if available,” Brother says in a
Microsoft launched Windows 11 earlier this month, and the company says the best way to experience the power of the new operating system is to buy a new PC that has been fully developed with this release in mind. In other words, new hardware optimized for Windows 11 is the best choice in this regard, though according show more ...
to a report from IDC, the PC market itself is still struggling with component shortage. The market research firm says the traditional PC market reached 86.7 million units in the third quarter of the year, and while this represents an increase of 3.9 percent from the same quarter a year ago, the tight supply remains a big problem for most companies out there. “Bottlenecked supply chains and ongoing logistic challenges led the U.S. PC market into its first quarter of annual shipment decline since the beginning of the pandemic,” said Neha Mahajan, senior research analyst, Devices and Di... (read more)
One of my trebhums has big legs and can reach out of the way platforms. Another has hardened skin and can turn mushrooms into water. My currently chosen protagonist can also attract weird flies with some spikes on his head. I plan to deal with this puzzle before dropping that one for a more useful mutation, possibly show more ...
one that allows me to actually attack some creatures that have so far only hunted me. The Eternal Cylinder was created by ACE Team and published by Good Shepherd Entertainment, on the PC via the Epic Game Store as well as on the PlayStation 4 and the Xbox One. The game mixes a unique take on creature development with survival and exploration mechanics. The protagonists of the story are individuals from a species called trebhum but the most prominent character is the large piece of geometry from the game’s title. The massive cylinder moves through the world and seems to destroy everything it touches. The trebhums need to move and innovate to survive. Alo... (read more)
Microsoft has announced a new update for the Microsoft Translator app, as the company has added no less than 12 new languages and dialects, bringing the total count to over 100. The new update includes Bashkir, Dhivehi, Georgian, Kyrgyz, Macedonian, Mongolian (Cyrillic), Mongolian (Traditional), Tatar, Tibetan, show more ...
Turkmen, Uyghur and Uzbek (Latin), with Microsoft explaining that according to its own estimates, there are over 84.6 million people using these languages and dialects. The Redmond-based software giant used this opportunity to explain how it managed to reach this important milestone, emphasizing that Azure Cognitive Services are playing an important role into making its pre-trained AI models as efficient as possible. “In addition to language, Azure Cognitive Services include AI models for speech, vision and decision-making tasks. These models enable organizations to leverage capabilities, such as a Computer Vision technology known as Optical Character Recog... (read more)
At this point, Samsung is selling several of its flagships with either the in-house built Exynos or the Qualcomm Snapdragon, and in the last few years, this approach has caused quite a lot of criticism from customers across the world. And this is because devices equipped with Snapdragon chips offered substantially show more ...
improved performance, though they came with very limited availability, which mostly came down to the United States and China. Everybody else just got the Exynos version of the Samsung high-end models, and given the Snapdragon difference, it meant most people just had to stick with the slower devices. All-in on Exynos This is projected to change beginning with 2022, as Samsung is reportedly working around the clock on improving the Exynos chips in a way that would align their performance with the one of Qualcomm chips. Of course, this is something that each and every one of us will discover once the new Exynos generation goes live, but ... (read more)
Apple has announced its second hardware event of the fall, this time called Unleashed and projected to take place on October 18 at 10.00 a.m. PT. The online venue will be hosted at the Steve Jobs Theater on the Apple Park campus in Cupertino, and it’s expected to witness the debut of new MacBooks. The company took show more ...
the wraps off the new iPhone 13 generation and the Apple Watch Series 7 last month, so naturally, the next devices to receive a refresh are part of the Mac lineup. While the Cupertino-based tech giant has obviously remained fully tight-lipped on the lineup of devices to see the daylight at the show, it’s not a secret that Apple has been working on updated versions of MacBook Pro models with 14-inch and 16-inch displays. The new MacBooks Of course, people familiar with the matter have suggested Apple is working on all kinds of improvements for its devices, including a more modern design – this is something that obviously makes sense, es... (read more)
Our Behavioral Detection Engine and Exploit Prevention technologies recently detected the exploitation of a vulnerability in the Win32k kernel driver, leading to an investigation of the entire cybercriminal operation behind the exploitation. We reported the vulnerability (CVE-2021-40449) to Microsoft, and the company show more ...
patched it in a regular update released on October 12. Therefore, as usual after Patch Tuesday, we recommend updating Microsoft Windows as soon as possible. What CVE-2021-40449 was used for CVE-2021-40449 is a use-after-free vulnerability in the NtGdiResetDC function of the Win32k driver. A detailed technical description is available in our Securelist post, but, in short, the vulnerability can lead to leakage of kernel module addresses in the computer’s memory. Cybercriminals then use the leak to elevate the privileges of another malicious process. Through privilege escalation, attackers were able to download and launch MysterySnail, a Remote Access Trojan (RAT) that gives attackers access to the victim’s system. What MysterySnail does The Trojan begins by gathering information about the infected system and sends it to the C&C server. Then, through MysterySnail, the attackers can issue various commands. For example, they can create, read, or delete a specific file; create or delete a process; get a directory list; or open a proxy channel and send data through it. MysterySnail’s other features include the ability to view the list of connected drives, to monitor the connection of external drives in the background, and more. The Trojan can also launch the cmd.exe interactive shell (by copying the cmd.exe file to a temporary folder under a different name). Attacks through CVE-2021-40449 The exploit for this vulnerability covers a string of operating systems in the Microsoft Windows family: Vista, 7, 8, 8.1, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Windows 10 (build 14393), Server 2016 (build 14393), 10 (build 17763), and Server 2019 (build 17763). According to our experts, the exploit exists specifically to escalate privileges on server versions of the OS. After detecting the threat, our experts established that the exploit and the MysterySnail malware it loads into the system have seen wide use in espionage operations against IT companies, diplomatic organizations, and companies working for the defense industry. Thanks to the Kaspersky Threat Attribution Engine, our experts were able to find similarities in the code and functionality of MysterySnail and malware used by the IronHusky group. Moreover, a Chinese-language APT group used some of the MysterySnail’s C&C server addresses in 2012. For more information about the attack, including a detailed description of the exploit and indicators of compromise, see our Securelist post. How to stay safe Start by installing the latest patches from Microsoft, and avoid being hit by future zero-day vulnerabilities by installing robust security solutions that proactively detect and stop exploitation of vulnerabilities on all computers with Internet access. Behavioral Detection Engine and Exploit Prevention technologies, such as those in Kaspersky Endpoint Security for Business, detected CVE-2021-40449.
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has show more ...
released updates for iOS and iPadOS to address a flaw that is being actively attacked. Firstly, Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. Lawrence Abrams of Bleeping Computer writes that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher Saar Amar published a technical writeup and proof-of-concept exploit that was derived from reverse engineering Apple’s patch. Abrams said the list of impacted Apple devices is quite extensive, affecting older and newer models. If you own an iPad or iPhone — or any other Apple device — please make sure it’s up to date with the latest security patches. Three of the weaknesses Microsoft addressed today tackle vulnerabilities rated “critical,” meaning that malware or miscreants could exploit them to gain complete, remote control over vulnerable systems — with little or no help from targets. One of the critical bugs concerns Microsoft Word, and two others are remote code execution flaws in Windows Hyper-V, the virtualization component built into Windows. CVE-2021-38672 affects Windows 11 and Windows Server 2022; CVE-2021-40461 impacts both Windows 11 and Windows 10 systems, as well as Server versions. But as usual, some of the more concerning security weaknesses addressed this month earned Microsoft’s slightly less dire “important” designation, which applies to a vulnerability “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.” The flaw that’s under active assault — CVE-2021-40449 — is an important “elevation of privilege” vulnerability, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system. CVE-2021-36970 is an important spoofing vulnerability in Microsoft’s Windows Print Spooler. The flaw was discovered by the same researchers credited with the discovery of one of two vulnerabilities that became known as PrintNightmare — the widespread exploitation of a critical Print Spooler flaw that forced Microsoft to issue an emergency security update back in July. Microsoft assesses CVE-2021-36970 as “exploitation more likely.” “While no details have been shared publicly about the flaw, this is definitely one to watch for, as we saw a constant stream of Print Spooler-related vulnerabilities patched over the summer while ransomware groups began incorporating PrintNightmare into their affiliate playbook,” said Satnam Narang, staff research engineer at Tenable. “We strongly encourage organizations to apply these patches as soon as possible.” CVE-2021-26427 is another important bug in Microsoft Exchange Server, which has been under siege lately from attackers. In March, threat actors pounced on four separate zero-day flaws in Exchange that allowed them to siphon email from and install backdoors at hundreds of thousands of organizations. This month’s Exchange bug earned a CVSS score of 9.0 (10 is the most dangerous). Kevin Breen of Immersive Labs points out that Microsoft has marked this flaw as less likely to be exploited, probably because an attacker would already need access to your network before using the vulnerability. “Email servers will always be prime targets, simply due to the amount of data contained in emails and the range of possible ways attackers could use them for malicious purposes. While it’s not right at the top of my list of priorities to patch, it’s certainly one to be wary of.” Also today, Adobe issued security updates for a range of products, including Adobe Reader and Acrobat, Adobe Commerce, and Adobe Connect. For a complete rundown of all patches released today and indexed by severity, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center, and the Patch Tuesday data put together by Morphus Labs. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com frequently has the lowdown on any patches that are causing problems for Windows users. On that note, before you update please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files. So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.
Even if an attacker is armed with a perfect duplicate of a system’s model, any attempt to introduce falsified data will be immediately detected and rejected by the system itself.
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source.
This vulnerability, tracked as CVE-2021-30883, is a critical memory corruption bug in the IOMobileFrameBuffer allowing an application to execute commands on vulnerable devices with kernel privileges.
Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker running a powerful botnet consisting of over 100,000 devices that was used to carry out DDoS and spam attacks.
A bug in the library's pseudo-random number generator allowed for the generation of duplicate RSA keys, enabling users to access other GitHub accounts secured with the same SSH key.
While IT leaders believe they have strong security practices in place, the continual search for additional network security capabilities suggests that the confidence may be tentative, as per a survey.
The United States Department of Justice has announced a leak of information pertaining to the design of the nuclear-powered Virginia-class submarine, and the arrest of the alleged leakers.
Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps DDoS attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack in 2020.
Often, victims only realise that they've been compromised when files, servers and other systems have been encrypted and they're presented with a ransom note demanding a payment in cryptocurrency.
Android mobile phones are undertaking significant data sharing without offering opt-outs for users, according to a new report by researchers at Trinity College Dublin and the University of Edinburgh.
A new national cyber strategy will be launched by year-end, the NCSC's chief executive has promised – while calling out spyware vendor NSO Group as a "red flag" for the UK infosec community.
Fox-IT researchers said the group typically breaches company networks via vulnerabilities in web-facing software, with several intrusions linked to the exploitation of the Telerik ASP.NET framework.
The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.
In a statement released on October 7, the New Mexico-based hospital said that it had launched an investigation after identifying unauthorized access to its network on September 8, 2020.
The rise in the use of so-called “stalkerware” prompted an industrywide response in recent years to combat the spread of phone monitoring apps. Now, Google has also taken steps to curb the threat.
Quest Diagnostics has informed the SEC about a ransomware attack in August that hit ReproSource, a fertility clinic owned by the company. ReproSource began notifying the victims on September 24.
The activity cluster was temporarily dubbed DEV-0343 by researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU), who have tracked it since late July.
An analysis by Comparitech of 186 successful ransomware attacks against businesses in the United States in 2020 has shown that the companies lost almost US$21 billion due to attack-induced downtime.
Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.
Transparency, Consent, and Control (TCC) is a system for requiring user consent to access certain data, via prompts confirming that the user is okay with an app accessing that data.
Researchers at Tenable discovered critical and high-severity vulnerabilities in video surveillance systems made by Exacq Technologies, which is owned by building technology giant Johnson Controls.
Forcepoint said it has reached a deal to acquire cloud security startup Bitglass. The deal is expected to close later this year. The financial terms of the deal were not disclosed.
Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies.
Olympus, a medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021.
A cyberespionage operation by MalKamak, an Iran-based hacker group, is targeting aerospace and telecom firms based in the Middle East, Russia, the U.S., and Europe. MalKamak, which uses ShellClient RAT, has targeted only a small number of targets since its alleged inception in 2018. Security teams are suggested to keep a track of this APT group to stay safe.
Trend Micro sheds light on the ZuRu malware campaign that collects private data from a victim’s machine. Further analysis of the fake iTerm2 app’s Apple Distribution certificate led to the discovery of more trojanized apps on VirusTotal. Stay vigilant while downloading software online from untrusted sites.
A new ESPecter bootkit was uncovered that performs cyberespionage and compromises system partitions. There are signs in the malware's components that revealed that the attackers could be Chinese-speaking. For protection, experts suggest ensuring security patches quickly.
Blackberry revealed three phishing schemes by APT41 that were targeting multiple sectors in India using COVID-19-themed phishing baits. Some of the phishing emails included information related to the latest income tax legislation targeting residents not living in India. Security teams need to use shared threat show more ...
intel services and utilize other collective resources to withstand and fight against such threat groups.
This Metasploit module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the payload is sent for execution, and the plugin uninstalled. You must have an admin account to exploit this vulnerability. Successfully tested against versions 3.6.3, 3.8.0, 3.9.0, 3.10.0, and 3.11.2.
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Moodle versions 3.11.2, 3.10.0, and 3.8.0.
Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add show more ...
someone with manager privileges on the system (not just the class). After adding a system manager, a loginas feature is used to access their account. Next the system is reconfigured to allow for all users to install an addon/plugin. Then a malicious theme is uploaded and creates an RCE. If all of that is a success, we revert permissions for managers to system default and remove our malicious theme. Manual cleanup to remove students from the class is required. This Metasploit module was tested against Moodle version 3.9.
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web show more ...
application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3.
Red Hat Security Advisory 2021-3812-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and out of bounds write vulnerabilities.
Red Hat Security Advisory 2021-3814-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include bypass and out of bounds write vulnerabilities.
Red Hat Security Advisory 2021-3791-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-3811-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2021-3771-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-3770-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-3769-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-3768-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-3767-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2021-3766-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting US, EU, and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East. Microsoft is tracking the hacking crew under the
Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service (DDoS) and spam attacks on behalf of paid customers. The unnamed individual, from the Ivano-Frankivsk region of the country, is also said to have
Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.' The weakness, assigned the identifier CVE-2021-30883, concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an
The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the three flaws is as follows — CVE-2021-41830 / CVE-2021-25633 - Content and Macro Manipulation with
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated
Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service (DDoS) attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure,
A 30-year-old man employed at Bank of America and TD Mark is alleged to have exploited his position to defraud five businesses out of more than $1.1 million in a Business Email Compromise plot. Read more in my article on the Hot for Security blog.
10,000 high-risk users are being provided with free hardware security keys by Google, with the aim of better protecting their accounts from hackers. Read more in my article on the Hot for Security blog.
