vulnerabilities Archives

Winsage

December 27, 2024

Microsoft warns Windows 11 install media bug blocks future security updates

Microsoft has issued a caution regarding the installation of Windows 11 version 24H2 using physical media, specifically if the media contains security updates from October 8 to November 12, 2024. In such cases, the operating system may not accept future security updates. This issue does not affect systems receiving updates through Windows Update or the Microsoft Update Catalog, nor does it impact installations using the December 2024 security update. Microsoft recommends creating new installation media that includes the December 2024 security update to ensure future updates can be received. Users who have already installed version 24H2 with the October or November updates should apply the December 2024 security update to restore their system's ability to accept future updates. Microsoft is working on a permanent solution to this issue. Users have also reported challenges with the Disk Cleanup tool and speaker volume spikes since the launch of version 24H2. Maintaining an updated version of Windows 11 is essential for security, stability, and performance, as updates address vulnerabilities and fix bugs.

Winsage

December 27, 2024

Sophos report reveals growing misuse of trusted Windows tools

Sophos has reported a 51% increase in the exploitation of "living off the land" binaries (LOLBins) since 2021, with an 83% rise over the past three years. In an analysis of nearly 200 incident response cases in the first half of 2024, 187 distinct Microsoft LOLBins were identified, with remote desktop protocol (RDP) being the most targeted, appearing in 89% of incidents. Compromised credentials are the leading cause of cyberattacks, responsible for 39% of incidents, despite a decrease from 56% in 2023. The LockBit ransomware group remains the most prevalent threat, accounting for 21% of infections. Additionally, 21% of compromised Active Directory servers were found to be operating beyond Microsoft’s mainstream support, making them more vulnerable. Sophos emphasizes the importance of proactive monitoring and regular system updates to mitigate these risks.

Tech Optimizer

December 27, 2024

Data protection advancements expected to shape 2025 security

Andrew Eva, the Global CIO of Assured Data Protection, predicts that by 2025, there will be a seamless integration of backup systems with ransomware detection, antivirus technologies, and intrusion detection systems. He highlights a collaboration between Rubrik and Google to provide enterprise customers with insights into known exploits for better early detection of malicious codes. Disaster recovery systems will take on a more frontline role in cyber threat management, utilizing machine learning to identify potential viruses. Ransomware is expected to remain the top cyber threat, prompting organizations to prioritize disaster recovery and backup solutions. Concerns about data security in relation to artificial intelligence will lead organizations to seek assurances regarding data protection from managed service providers (MSPs). The criteria for cyber insurance are tightening, making MSPs essential for businesses to meet these requirements. There is also an anticipated surge in demand for Backup-as-a-Service (BaaS), especially in healthcare, driven by resource constraints and a shift towards operational expenditures.

Winsage

December 27, 2024

Windows 11 KB5048685 Update causes Wi-Fi and Start Menu to stop working

The KB5048685 Update for Windows 11 23H2, released on December 10, has caused issues for users, including freezing of the Start Menu and Wi-Fi connectivity problems. The Start Menu may become unresponsive, displaying a white backdrop in dark mode, affecting users of both Windows 11 22H2 and 23H2. A workaround involves modifying the Windows Registry. Additionally, some users with AMD processors have reported installation failures with error code 0x80070002. Solutions suggested include checking the Windows Update service and using recovery options in settings. Personal experiences with the update vary, with some users not encountering issues, while others have faced significant problems.

Winsage

December 26, 2024

New Sophisticated Attack Weaponizes Windows Defender to Bypass EDR

A new attack technique exploits Windows Defender Application Control (WDAC) to disable Endpoint Detection and Response (EDR) sensors on Windows systems. Attackers with administrative privileges can create and deploy custom WDAC policies that prevent EDR sensors from loading during system boot, leaving networks vulnerable. The attack involves three phases: crafting a malicious WDAC policy, rebooting the machine to enforce the policy, and disabling the EDR upon reboot. A proof-of-concept tool called "Krueger" has been developed for this purpose. Mitigation strategies include enforcing WDAC policies via Group Policy Objects (GPOs), applying the principle of least privilege, and implementing secure administrative practices.

AppWizard

December 25, 2024

Android users who use Amazon are placed on red alert and told to delete app now

A recent alert from McAfee has raised concerns for Android users regarding a health application called BMI CalculationVsn available on Amazon's Appstore. This app, which appears to be a simple Body Mass Index calculator, is capable of recording on-screen activity, accessing private SMS messages, and scanning devices for sensitive information. McAfee discovered that the app secretly steals the package names of installed apps and incoming SMS messages. Following this discovery, McAfee alerted Amazon, which removed the app from its platform. Users who have downloaded the app are advised to uninstall it immediately. McAfee emphasizes the importance of vigilance in digital security, recommending that Android users install reliable antivirus software and carefully review permission requests from apps. Users should also be aware of unusual app behavior, such as decreased device performance, rapid battery drain, and unexpected spikes in data usage, which may indicate malicious activity.

Winsage

December 25, 2024

3 reasons you get more viruses on Windows than on Mac or Linux

The majority of malware is spread through social engineering, targeting users with limited computer security knowledge, particularly among Windows users. Windows has a larger user base, with approximately 1.6 billion devices and over 70% market share, making it a prime target for malware. In contrast, Macs account for about 15% of the market and benefit from robust security protocols, while Linux holds around 5% and its users generally possess higher technical expertise. Windows allows many applications to run with administrator access by default, which can create vulnerabilities, whereas Mac and Linux require explicit permissions for actions, enhancing security. Apple uses digital signatures and sandboxing to protect against malicious software, while Windows' security features are often limited to Pro and Enterprise editions. User behavior and knowledge significantly influence the likelihood of encountering malware, regardless of the operating system used.

Winsage

December 24, 2024

Why I no longer recommend this Windows-like Linux distro

The evaluation of the Wubuntu operating system revealed a positive initial experience, but after a week, a pop-up requesting a product key for PowerTools made the desktop inaccessible without purchase. The developer claimed the user was on the Pro version and provided a license key to resolve the issue, leading to further investigation into Wubuntu's origins. It was discovered that Wubuntu is rumored to be a rebranding of LinuxFX, which has a questionable reputation. Discussions on Reddit highlighted vulnerabilities in Wubuntu's licensing system and potential data breaches. The developer clarified that Wubuntu is an Ubuntu variant with Windows themes, differing from LinuxFX's unique theme and applications. However, links between Wubuntu and the LinuxFX Redsand Theme on Sourceforge raised concerns about its reliability. The situation calls for skepticism due to persistent licensing issues and unclear associations with LinuxFX. Mainstream distributions like Ubuntu, Fedora, and Linux Mint are recommended as trustworthy options, while Zorin OS is suggested for users seeking a Windows-like experience without compromising trustworthiness.

Winsage

December 24, 2024

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe released out-of-band security updates to address a critical vulnerability in ColdFusion, identified as CVE-2024-53961, which is a path traversal weakness affecting ColdFusion versions 2023 and 2021. This flaw could allow attackers to read arbitrary files on compromised servers. Adobe categorized the flaw with a "Priority 1" severity rating and urged administrators to apply the emergency security patches—ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12—within 72 hours. The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the risks associated with path traversal vulnerabilities and previously mandated federal agencies to secure their Adobe ColdFusion servers against other critical vulnerabilities by August 10, 2023. CISA also noted that hackers had been exploiting another ColdFusion vulnerability targeting outdated government servers since June 2023.

Winsage

December 21, 2024

Windows 11 Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has addressed a significant security vulnerability in Windows 11 (version 23H2), identified as CVE-2024-30085, which allowed local attackers to gain SYSTEM-level privileges. The flaw was discovered by security researcher Alex Birnberg during the TyphoonPWN 2024 competition, where he demonstrated the vulnerability, earning third place. The issue lies in the Cloud Files Mini Filter Driver (cldflt.sys), which fails to properly validate user-supplied data during the parsing of reparse points, allowing attackers to overwrite memory and execute code with elevated privileges. To exploit this vulnerability, an attacker must first run low-privileged code on the system. Microsoft has released a patch for this vulnerability, and users are advised to update their systems to ensure security.