WINDOWS – Cybersecurity News Everyday

Windows BitLocker — Screwed without a Screwdriver — Neodyme

January 21, 2025January 21, 2025 admin

The article discusses a vulnerability known as “bitpixie” that allows attackers to access encrypted files on Windows devices using BitLocker without needing to disassemble the device. This exploit takes advantage of a bug in the Windows Boot Manager and requires only physical access to the device and a network connection.…

Threat Research

Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours – JPCERT/CC Eyes | JPCERT Coordination Center official Blog

January 21, 2025January 21, 2025 admin

Recent reports indicate unauthorized access in Japan, primarily using LinkedIn as an infection vector. The Lazarus attack group has been identified as responsible for these attacks, which have targeted organizations since 2019. Recommendations include restricting the use of social networking services on work devices. Affected: LinkedIn, Bitcoin.DMM.com…

Threat Research

How Malware Detect Virtual Machines ?

January 21, 2025January 21, 2025 iocOne

Virtual machines serve as crucial tools for malware analysis, allowing analysts to safely examine malicious code. However, sophisticated malware employs various techniques to detect virtual environments, prompting the need for enhanced security measures to protect against such threats. Affected: malware analysts, cybersecurity sector

Keypoints :

Virtual machines provide a safe environment for malware analysis.…

Threat Research

Analysis Report on the Latest Phishing Incident by Clickfix: The Tragedy of CAPTCHA Resistance – Security Cow

January 21, 2025January 21, 2025 iocOne

This article analyzes the Clickfix phishing incidents, highlighting the evolution of CAPTCHA bypass techniques and the exploitation of user trust in verification mechanisms. It details how attackers use social engineering to manipulate users into executing malicious commands, leading to data theft. Affected: Windows system users, WordPress websites, online security sector

Keypoints :

Clickfix is a phishing technique that exploits user fatigue with verification processes.…

Cyber Security News

Microsoft fixes Windows Server 2022 bug breaking device boot

January 21, 2025 CybersecurityNews

Summary: Microsoft has addressed a critical bug affecting Windows Server 2022 systems with multiple NUMA nodes that prevented them from starting up. The update includes a servicing stack update to enhance the reliability of the update process. This follows previous fixes for boot issues in Windows Server 2019 and Windows Server 2025, highlighting ongoing efforts to improve system stability.…

Cyber Security News

New PoC Exploit Code Released for Zero-Day Vulnerability in Windows CLFS Driver

January 20, 2025 Cyware

Summary: Security researcher MrAle_98 has disclosed a proof-of-concept exploit for a zero-day vulnerability, CVE-2024-49138, affecting the Windows Common Log File System (CLFS) Driver. This elevation of privilege flaw, with a CVSS score of 7.8, allows attackers to gain SYSTEM privileges on affected devices. Microsoft confirmed that the vulnerability was actively exploited before a patch was released, emphasizing the urgency for users to update their systems.…

Cyber Security News

Microsoft shares temp fix for Outlook crashing when writing emails

January 20, 2025 CybersecurityNews

Summary: Microsoft has acknowledged a crashing issue in classic Outlook that affects users after an update, causing error codes “0xc0000005”. A temporary fix is available by reverting to a previous version until a permanent solution is released on January 28. The company has also been addressing other Outlook-related issues in recent months.…

Youtube

The Most Powerful Malware Analysis Tool You NEED in 2025

January 20, 2025 Youtube

Summary: The video discusses the use of a powerful open-source tool called “It Box” that can be used for malware scanning and analysis. It highlights the features of this tool, including static and dynamic analysis capabilities, the ability to scan running processes, and integrating multiple tools to detect potential threats in malware.…

Trash

Threat Intelligence Report January 14 to January 20 2025

January 20, 2025January 20, 2025 iocOne

The Lynx ransomware, identified as a successor to the INC ransomware family, has been actively targeting various industries in the US and UK since July 2024. Operating under a ransomware-as-a-service model, Lynx employs tactics such as phishing, service termination, and double extortion. The ransomware uses robust encryption methods and has shown a significant overlap with its predecessor, INC.…

Cyber Security News

Missing Link: The Era of Ransomware Begins with a 5.25″ Floppy Disk

January 20, 2025 iocOne

This article discusses the origins and evolution of ransomware, tracing back to the first known instance involving a floppy disk labeled “AIDS Information” sent in 1989. It highlights the impact of ransomware on individuals and organizations, the methods used by cybercriminals, and the ongoing threat posed by such attacks today.…

Threat Research

RansomHub Affiliate leverages Python-based backdoor

January 20, 2025January 20, 2025 Securonix

GuidePoint Security identified a Python-based backdoor used by a threat actor to maintain access to compromised systems and deploy RansomHub encryptors across the network. The malware employs obfuscation techniques and utilizes Remote Desktop Protocol for lateral movement. Key indicators of compromise and a detailed analysis of the deployment process and command-and-control mechanisms are also discussed.…

Trash

Weekly Cybersecurity Roundup: January 13, 2025 – January 19, 2025

January 20, 2025January 20, 2025 iocOne

A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…

Trash

10 Most Historic Cyber Attacks That Changed the Internet World

January 19, 2025January 20, 2025 iocOne

This article discusses the evolution of cyber warfare through historical cyberattacks, emphasizing the importance of cybersecurity in the digital age. It highlights ten significant cyber incidents that have shaped our understanding of digital security, the lessons learned, and the ongoing threats organizations face today. Affected: organizations, government, healthcare, energy, transportation, technology sector

Keypoints :

Cyberattacks are malicious attempts to steal, damage, or disrupt computer systems and data.…

Cyber Security News

Microsoft removes Assassin’s Creed Windows 11 upgrade blocks

January 19, 2025 CybersecurityNews

Summary: Ubisoft has released patches for Assassin’s Creed Valhalla and Origins to address compatibility issues with Windows 11 24H2, which had caused crashes and other gameplay problems. Microsoft had previously blocked upgrades for PCs running these games due to user complaints. With the new updates, players can now enjoy these titles without the previous disruptions.…

Threat Research

Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques

January 19, 2025 Cyble

Cyble Research and Intelligence Labs (CRIL) has uncovered a cyberattack targeting organizations in Germany, utilizing a deceptive LNK file within an archive to execute a malicious payload known as Sliver. The attack employs DLL sideloading and proxying techniques to maintain stealth and control over the infected systems.…

Cyber Security News

AWS Patches Vulnerabilities in WorkSpaces, AppStream 2.0, and DCV Clients

January 18, 2025 Cyware

Summary: Amazon has issued a security advisory for two critical vulnerabilities (CVE-2025-0500 and CVE-2025-0501) affecting its native clients for Amazon WorkSpaces, AppStream 2.0, and DCV, with a CVSSv4 score of 7.7. These vulnerabilities could enable attackers to execute man-in-the-middle (MITM) attacks, potentially granting unauthorized access to remote sessions.…

Threat Research

If you think you blocked NTLMv1 in your org, think again

January 18, 2025January 18, 2025 admin

Silverfort has uncovered a significant misconfiguration in Active Directory Group Policy that allows NTLMv1 authentications to persist despite attempts to disable it. This flaw poses a security risk for organizations using on-prem applications, as attackers can exploit this vulnerability to gain unauthorized access. Affected: Active Directory, NTLMv1

Keypoints :

Silverfort’s research reveals a misconfiguration in Group Policy that allows NTLMv1 authentications to continue.…

Trash

Job Offer or Cyber Trap Fake CrowdStrike Recruiters Deliver Malware

January 18, 2025 iocOne

A recent cybersecurity alert has revealed that fake CrowdStrike recruiters are distributing malware through phishing emails, tricking victims into downloading a malicious executable that installs a cryptocurrency miner. This scam uses a fake recruitment domain to lure job seekers. Affected: CrowdStrike, job seekers, cryptocurrency mining sector

Keypoints :

Fake CrowdStrike recruiters are distributing malware via phishing emails.…

Cyber Security News

Malicious PyPi package steals Discord auth tokens from devs

January 18, 2025 BleepingComputer

Summary: A malicious package named ‘pycord-self’ has been discovered on the Python package index (PyPI), targeting Discord developers to steal authentication tokens and establish a backdoor for remote control. This package masquerades as the legitimate ‘discord.py-self’ library, which has a significant user base. The malicious code enables attackers to hijack accounts and maintain persistent access to victims’ systems.…

Info Data Leak

Cybersecurity News Review – Week 3 (2025)

January 18, 2025January 18, 2025 iocOne

This week’s cybersecurity newsletter highlights critical vulnerabilities in Fortinet and BeyondTrust products, the exploitation of multiple zero-day flaws by Microsoft, and emerging ransomware tactics targeting AWS. Additionally, it discusses a significant data breach at Stiiizy, the impact of healthcare data breaches in the US, and various government responses to cyber threats.…

Tag: WINDOWS