Windows Archives - Page 2 of 8 - Cyber Security Minute

Public exploit is now available for Cisco AnyConnect VPN client

Issued by: CSO Online

An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known…

Network Security

Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks

Issued by: SecurityWeek

Redmond’s monthly Patch Tuesday updates cover at least 70 documented vulnerabilities affecting the Windows ecosystem, including six critical issues that expose users to dangerous code execution attacks. According to Microsoft, none of the vulnerabilities have been publicly discussed or exploited in the wild. Windows network administrators are being urged to pay special attention to a…

Malware & Threats

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Issued by: Security Affairs

The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem. The vulnerability is actively exploited in attacks. The…

Malware & Threats

New PowerDrop Malware Targeting U.S. Aerospace Industry

Issued by: The Hacker News

An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. “PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption,” according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. “The name is derived from…

Malware & Threats

‘EvilExtractor’ All-in-One Stealer Campaign Targets Windows User Data

Issued by: Dark Reading

A phishing campaign that launched in March and is actively targeting Microsoft operating system users in Europe and the US is making the rounds, using the EvilExtractor tool as its weapon of choice. Research this week from FortiGuard Labs details the EvilExtractor attack chain, explaining that it usually starts with a legitimate-seeming Adobe PDF or…

Malware & Threats

Supply chain blunder puts 3CX telephone app users at risk

Issued by: Naked Security

Internet telephony company 3CX is warning its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to have acquired access to one or more of 3CX’s source code repositories. As you can imagine, given that the company is scrambling not only to figure out what happened,…

Software Security

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Issued by: Naked Security

Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably…

Vulnerabilities

Cyber-Threat Group Targets Critical RCE Vulnerability in ‘Bleed You’ Campaign

Issued by: Dark Reading

The “Bleed You” campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise. The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns,…

Malware & Threats

New ‘Alchimist’ Attack Framework Targets Windows, Linux, macOS

Issued by: Security Week

Dubbed Alchimist and already used in the wild, the attack framework is implemented in GoLang, the same as the Insekt RAT that it implants on compromised systems. The attack framework provides a web interface written in simplified Chinese that allows operators to generate and deploy malicious payloads, establish remote connections, execute code on the compromised…

Malware & Threats

Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors

Issued by: Security Week

The new technique, spotted by Mandiant in April, involves using malicious vSphere Installation Bundles (VIBs). A VIB is a collection of files packaged into a single archive to facilitate distribution — they are similar to a tarball or ZIP archive. VIB packages can be used to create startup tasks, custom firewall rules, or to deploy…