Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Windows 11. Show all posts
Windows 11
attack surface reduction Bitdefender Cyber Attacks Cyber Threats Cybersecurity LOLBins PowerShell Windows 11

Trusted Tools Becoming the New Cybersecurity Threat, Says Bitdefender Report

 

Cybersecurity threats are evolving rapidly, and according to recent findings, attackers are increasingly relying on tools that organizations already trust. In its latest analysis, Bitdefender highlighted that modern cyberattacks often resemble routine administrative activity rather than traditional malware-based intrusions.

In the earlier report titled “Your Biggest Security Risk Isn't Malware — It's What You Already Trust,” Bitdefender explained how commonly used utilities such as PowerShell, WMIC, netsh, Certutil, and MSBuild have become popular among cybercriminals. These tools are regularly used by IT teams for legitimate purposes, making malicious activity harder to detect. The company revealed that legitimate-tool misuse was identified in 84% of 700,000 high-severity incidents analyzed.

To help organizations address this growing concern, Bitdefender introduced a complimentary Internal Attack Surface Assessment program. Designed for companies with 250 or more employees, the 45-day assessment aims to identify risky tools, users, and endpoints that could potentially be exploited by attackers while ensuring normal business operations remain unaffected.

The company noted that a standard Windows 11 installation includes 133 unique living-off-the-land binaries (LOLBins) across 987 instances. In addition, Bitdefender Labs found that PowerShell was active on 73% of endpoints, often running silently through third-party applications. According to the report, this indicates that the issue is less about malware and more about excessive permissions and unrestricted tool access.

Industry trends also point toward a shift in cybersecurity strategy. Gartner predicts that preemptive cybersecurity measures will account for 50% of IT security spending by 2030, compared to less than 5% in 2024. It also forecasts that 60% of large enterprises will adopt dynamic attack surface reduction technologies by 2030, up from less than 10% in 2025.

The Internal Attack Surface Assessment operates in four phases over approximately 45 days using GravityZone PHASR, Bitdefender’s proactive hardening and attack surface reduction technology.

The process begins with behavioral learning, where PHASR studies activity patterns for each machine-user combination over roughly 30 days. Organizations then receive an Attack Surface Dashboard featuring an exposure score between 0 and 100, along with prioritized findings related to living-off-the-land binaries, remote administration tools, tampering utilities, cryptominers, and piracy software.

An optional reduction phase allows businesses to apply restrictions either manually or through PHASR’s Autopilot feature. Employees can request restored access through a built-in one-click approval system. The final review measures how much the organization’s attack surface has been reduced and identifies any unauthorized applications or shadow IT risks discovered during the process.

Bitdefender stated that some early-access customers managed to reduce their attack surface by more than 30% within the first month, while one organization reportedly achieved nearly 70% reduction after restricting LOLBins and remote administration tools.

The assessment is intended to benefit multiple stakeholders within an organization. CISOs receive measurable exposure data suitable for board-level reporting, while SOC teams and IT administrators can potentially reduce investigation workloads by eliminating unnecessary suspicious activity. Business leaders may also benefit from documented security improvements that align with regulatory, auditing, and cyber-insurance expectations.

Bitdefender concluded that security risks are no longer solely external threats but often exist within existing systems and trusted tools already present in enterprise environments
Read more »
Windows 11
ChromeOS Cloud based services Cyber Security Google Microsoft Operating system Windows 11

Google Promotes ChromeOS Flex as Free Upgrade Option for Millions of Unsupported Windows 10 PCs

 





More than 500 million devices currently running Windows 10 are approaching a critical turning point, as many of them are not eligible for an upgrade to Windows 11 due to hardware limitations. This has raised growing concerns about long-term security risks once support deadlines pass. In response, Google is actively promoting an alternative, positioning its ChromeOS Flex platform as a free way to modernize aging systems.

Google states that older laptops and desktops can be converted into faster, more secure, and easier-to-manage devices by installing ChromeOS Flex. The system is cloud-based and designed to extend the usability of existing hardware without requiring users to purchase new machines. Although ChromeOS Flex has been available for some time, Google has now made adoption simpler by introducing a physical USB installation kit. Developed in partnership with Back Market, the kit allows users to install the operating system more easily. It is priced at approximately $3 or €3, is reusable, and is supported by recycling-focused efforts such as Closing the Loop to reduce electronic waste.

The timing of this push is closely linked to Microsoft’s decision to end mainstream support for Windows 10 in October 2025. That shift has forced users into a difficult position: invest in new hardware or continue using an operating system that will no longer receive full security updates. While Microsoft does offer an Extended Security Updates (ESU) program, it is only a temporary solution. For individual users, coverage extends for roughly one additional year, while enterprise customers may receive longer support under specific licensing agreements.

The transition to Windows 11 has also been slower than expected. Adoption challenges, largely driven by strict hardware requirements, have resulted in an unusually large number of users remaining on Windows 10 even after its official lifecycle milestone. This contrasts with Microsoft’s earlier expectations of a smoother migration similar to the shift from Windows 7 to Windows 10, which had seen broader and faster adoption.

Google is also emphasizing environmental considerations as part of its messaging. The company highlights that manufacturing a new laptop contributes significantly to its overall carbon footprint. By extending the lifespan of existing devices, ChromeOS Flex helps reduce landfill waste and avoids emissions associated with producing new hardware. Google further claims that ChromeOS-based systems consume around 19% less energy on average compared to similar platforms.

Despite this, switching away from Windows remains a debated decision. Many users rely on the Windows ecosystem for software compatibility, workflows, and familiarity. However, for devices that cannot support Windows 11, alternatives such as ChromeOS Flex present a practical workaround. Even in cases where users purchase new computers, older machines can still be repurposed using such operating systems, for example within households.

At the same time, Microsoft is continuing to strengthen its Windows 11 ecosystem. Devices already running Windows 11 are being automatically updated to newer versions to maintain consistent security coverage. The company is using artificial intelligence to determine when systems are ready for upgrades and applying updates accordingly. While a similar approach could theoretically be applied to Windows 10 devices that meet upgrade requirements, this has not yet been implemented. It remains uncertain whether this could change as future deadlines approach.

Recent developments have also drawn attention to user hesitation around Windows 11. Reports indicated that a recent update disrupted a key Start menu function, even as official communication suggested there were no outstanding issues. Subsequent updates and documentation now indicate that previously known bugs have been resolved, with Microsoft steadily addressing issues since the platform’s release in late 2024.

Additional reporting suggests that all known issues in the current Windows 11 version have been marked as resolved in official tracking systems. This reflects ongoing improvements, though it also underlines the complexity of maintaining stability across large-scale operating system deployments.

For enterprise users, Microsoft is extending support in more flexible ways. Certain legacy versions of Windows 10, including enterprise and IoT editions released in 2016, are eligible for additional security updates. These updates are delivered through ESU programs available via volume licensing or cloud solution providers. However, Microsoft continues to describe this as a temporary measure rather than a permanent extension.

For individual users, the situation is more restrictive. Extended Security Updates are limited in duration, and once they expire, devices will no longer receive security patches, bug fixes, or technical support. However, the continued availability of such programs suggests that support timelines may evolve depending on broader user adoption patterns.

The wider ecosystem is also seeing alternative recommendations. Some industry discussions encourage migration to Linux-based systems, while Google’s ChromeOS Flex represents a more consumer-friendly option. With hundreds of millions of devices affected, the coming months will play a crucial role in determining whether users remain within the Windows ecosystem or begin shifting toward alternative platforms.


Read more »
Windows 11
Cyber Security Digital Vulnerabilities hotpatch Microsoft system updates Windows 11

Microsoft Releases Hotpatch to Fix Windows 11 RRAS Remote Code Flaw



Microsoft has issued an out-of-band (OOB) security update to remediate critical vulnerabilities affecting a specific subset of Windows 11 Enterprise systems that rely on hotpatch updates instead of the conventional monthly Patch Tuesday cumulative updates.

The update, identified as KB5084597, was released to fix multiple security flaws in the Windows Routing and Remote Access Service (RRAS), a built-in administrative tool used for configuring and managing remote connectivity and routing functions within enterprise networks. According to Microsoft’s official advisory, these vulnerabilities could allow remote code execution if a system connects to a malicious or attacker-controlled server through the RRAS management interface.

Microsoft clarified that the risk is limited to narrowly defined scenarios. The exposure primarily impacts Enterprise client devices that are enrolled in the hotpatch update model and are actively used for remote server management. This means that the vulnerability does not broadly affect all Windows users, but rather a specific operational environment where administrative tools interact with external systems.

The vulnerabilities addressed in this update are tracked under three identifiers: CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. These issues were initially resolved as part of Microsoft’s March 2026 Patch Tuesday updates, which were released on March 10. However, the original fixes required system reboots to be fully applied.

Microsoft’s technical description indicates that successful exploitation would require an attacker to already possess authenticated access within a domain. The attacker could then use social engineering techniques to trick a domain-joined user into initiating a connection request to a malicious server via the RRAS snap-in management tool. Once the connection is made, the vulnerability could be triggered, allowing the attacker to execute arbitrary code on the targeted system.

The KB5084597 hotpatch is cumulative in nature, meaning it incorporates all previously released fixes and improvements included in the March 2026 security update package. This ensures that systems receiving the hotpatch are brought up to the same security level as those that installed the full cumulative update.

A key reason for releasing this hotpatch separately is the operational challenge associated with system restarts. Many enterprise environments run mission-critical workloads where even brief downtime can disrupt services, impact business continuity, or affect essential infrastructure. Traditional cumulative updates require a reboot, making them less practical in such contexts.

Hotpatching addresses this challenge by applying security fixes directly into the memory of running processes. This allows vulnerabilities to be mitigated immediately without interrupting system operations. Simultaneously, the update also modifies the relevant files stored on disk so that the fixes remain effective after the next scheduled reboot, maintaining long-term system integrity.

Microsoft also noted that while fixes for these vulnerabilities had been released earlier, the hotpatch update was reissued to ensure more comprehensive protection across all affected deployment scenarios. This suggests that the company identified gaps in earlier coverage or aimed to standardize protection for systems using different update mechanisms.

It is important to note that this hotpatch is not distributed to all devices. It is only available to systems that are enrolled in Microsoft’s hotpatch update program and are managed through Windows Autopatch, a cloud-based service that automates update deployment for enterprise environments. Eligible systems will receive and apply the update automatically, without requiring user intervention or a system restart.

From a broader security standpoint, this development surfaces the increasing complexity of patch management in modern enterprise environments. As organizations adopt high-availability systems that must remain continuously operational, traditional update strategies are evolving to include alternatives such as hotpatching.

At the same time, vulnerabilities in administrative tools like RRAS demonstrate how trusted system components can become entry points for attackers when combined with social engineering and authenticated access. Even though exploitation requires specific conditions, the potential impact remains substantial due to the elevated privileges typically associated with administrative tools.

Security experts generally emphasize that organizations must go beyond simply applying patches. Continuous monitoring, strict access control policies, and user awareness training are essential to reducing the likelihood of such attack scenarios. Additionally, maintaining visibility into how administrative tools are used within a network can help detect unusual behavior before it leads to compromise.

Overall, Microsoft’s release of this hotpatch reflects both the urgency of addressing critical vulnerabilities and the need to adapt security practices to environments where uptime is as important as protection.

Read more »
Windows 11 reset
Bitlocker BitLocker encryption BitLocker recovery key Cyber Security Data Loss Microsoft account Windows 11 Windows 11 reset

Windows 11’s Auto-Enabled BitLocker Locks User Out of Terabytes of Data — Here’s What Happened

 

Microsoft first introduced BitLocker drive encryption with Windows Vista back in 2007, though it was initially limited to the Enterprise and Ultimate editions. Over the years, it evolved into a core security feature of Windows. With Windows 11, Microsoft went a step further — BitLocker now activates automatically when users sign in with a Microsoft account during the setup process (OOBE). While this auto-encryption aims to secure user data, it has also caused some serious unintended consequences.

That’s exactly what happened to one unfortunate Reddit user, u/Toast_Soup (referred to as “Soup”), who ended up losing access to their data after a Windows reinstall.

Soup noticed their PC was lagging and decided to perform a clean installation of Windows. Their system had six drives — including the boot drive and two large backup drives (D: and E:), each with around 3TB of data. But once the reinstall was complete, those two drives appeared to have vanished. They were locked by BitLocker encryption, despite Soup never manually turning the feature on.

Unaware that Windows 11 automatically encrypts drives linked to a Microsoft account, Soup didn’t have the necessary BitLocker recovery keys — keys they didn’t even know existed. Without them, the data became permanently inaccessible. Even professional data recovery software couldn’t help, since BitLocker’s encryption is designed to prevent unauthorized access.

Desperate, Soup reinstalled Windows again, only to face the same encryption prompt — this time for the boot drive. Thankfully, they noted down the new recovery key and regained access to Windows. Unfortunately, their D: and E: drives remained permanently locked. When Reddit users suggested checking Microsoft account settings, Soup confirmed that only the key for the main C: drive was listed there.

What makes this situation worse is that BitLocker doesn’t just risk unexpected data lockouts — it can also impact system performance. Previous testing has shown that the software-based version of BitLocker can reduce SSD read/write speeds by up to 45%, as the CPU must continuously encrypt and decrypt data. This slowdown could explain the lag Soup noticed before resetting their system.

It’s worth noting that hardware-based encryption (known as OPAL) performs much better but isn’t what Windows 11 enables automatically. Some users in the Reddit thread also mentioned that even small system changes — like altering boot order — can unexpectedly trigger BitLocker on Windows 11 Home, even with a local account.

Windows 10 doesn’t exhibit the same automatic encryption behavior, nor does upgrading from Windows 10 to 11. Unfortunately, in Soup’s case, there’s little left to do other than wipe the drives and start over.

To avoid similar disasters, users should check BitLocker settings immediately after setup, disable automatic encryption if desired, and securely back up recovery keys. Always maintain external backups of crucial data — because once BitLocker takes over without your knowledge, recovery may not be possible.
Read more »
Windows 11
CCleaner Microsoft PC Cleaner App Technology Windows 11

Microsoft Introduces PC Cleaner App to Boost PC Performance

 


In a move to enhance user experience, Microsoft has predicated its PC Cleaner app, now conveniently available on the Microsoft Store for both Windows 10 and Windows 11 users. Similar to popular third-party tools like CCleaner, this application aims to declutter system folders, potentially boosting your computer's performance.

Developed and tested since 2022 under the name PC Manager, originally intended for the Chinese market, the app is now accessible in more regions, including the United States. While it might not be visible on all Windows 11 devices just yet, an official Microsoft PC Cleaner page assures users that it is on its way.

The PC Cleaner offers various features through a new floating toolbar. Users can expect tools like PC Boost, focusing on eliminating unnecessary processes and temporary files. The Smart Boost option efficiently handles spikes in RAM usage and large temporary files exceeding 1 GB. Another feature, Deep Cleanup, targets older Windows update files, recycle bin items, web cache, and application caches, giving users the flexibility to choose what to keep or remove.

The Process tool provides a comprehensive view of all running processes, allowing users to end any process within PC Cleaner without the need for Task Manager. The Startup feature empowers users to manage applications launching at startup, optimising system boot times. Large Files tool deftly locates sizable files on any drive, streamlining the process compared to manual searches through File Explorer.

Additional tools include Taskbar Repair to revert it to its original state and Restore Default Apps, which restores default app preferences. Notably, Microsoft seems to use the latter feature to encourage users to explore Microsoft apps, such as Edge.

Microsoft has been critical of third-party system cleaner apps in the past, expressing concerns about potential harm to crucial system files. Despite labelling apps like CCleaner as potentially unwanted programs (PUPs), they are still available for download from the Microsoft Store. However, with PC Cleaner, Microsoft assures users that the application, designed in-house, won't delete necessary system files, presenting a safer alternative to third-party options.

Offering a host of useful tools for free, PC Cleaner aligns with Microsoft's commitment to providing quality applications for Windows users. The app, matching your Windows theme, is set to be a secure and reliable choice straight from the Microsoft Store. While third-party apps like CCleaner have faced security concerns in the past, PC Cleaner's direct association with Microsoft provides users with a trustworthy solution. The app is free to use, and an official Microsoft page for PC Cleaner suggests a direct download link will be available soon for those who can't find it on the Microsoft Store yet.

To simplify this, Microsoft's introduction of PC Cleaner signifies a positive step toward providing users with a reliable, in-house solution for system optimisation. With its user-friendly features and assurance of not deleting crucial system files, PC Cleaner aims to facilitate the ins and outs of PC performance for Windows users.


Read more »
Windows 11
Data Breach Email Breach Microsoft Outlook Privacy Windows 11

Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge

 



Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ProtonMail, a competitor to Outlook, discovered that user data collected includes emails, contacts, browsing history, and potentially location data. They even labeled Outlook for Windows as "a surveillance tool for targeted advertising." Users are automatically opted in to share their data with hundreds of third parties, mainly for advertising. Opting out involves a manual process for each of the 772 companies, making it cumbersome for users. This discovery raises concerns about user privacy, especially for those who use Outlook for daily communication and work-related tasks.

Microsoft is no stranger to data privacy issues, and recent reports indicate that Outlook for Windows might be playing a part in it. Last year, concerns were raised about Windows 11 collecting and sending data even before users connected to the internet. This time, ProtonMail, a direct competitor of Microsoft's email services, has shed light on data collection practices by Outlook for Windows, labelling it as "a surveillance tool for targeted advertising."

However, it's crucial to consider ProtonMail's position as a privacy-focused service competing with Microsoft. Their motive to criticise Outlook for Windows should be taken into account, as they aim to highlight the superiority of their own privacy and security features.

Outlook for Windows being a free app raises questions about how Microsoft supports it. Some argue that user data is used to support the app and introduce new features. While users can opt out of data sharing, the process is not as straightforward as it could be, requiring a per-advertiser toggle click rather than a simple 'reject all' button.

Actions to take

If the data-sharing concerns have you on edge, opting out is possible. Navigate to the 'General' section in your Outlook for Windows settings and find 'Advertising Preferences.' Here, a list of companies with toggles set to 'enable' will be displayed. While there's no universal 'reject all' button, each advertiser allows you to learn more about their privacy policies and opt out.

Creating a new Outlook email account may present an easier option, as the 'reject all' option appeared during testing. However, for existing accounts, manually deselecting advertisers is the route to take.

This scenario prompts us to reconsider the trade-off between free apps and data sharing. While Microsoft appears to make turning off data sharing relatively straightforward, it emphasizes the importance of scrutinizing user agreements and disclaimers for free apps, particularly those from Microsoft.

Protect Your Data

In an era where data privacy is paramount, understanding how apps utilise your information is crucial. As you use free apps like Outlook for Windows, take the time to review and adjust your settings to protect your data. Being proactive ensures that you are in control of what information is shared and with whom. Stay informed, stay secure.


Read more »
Windows 11
Cyber Security DLL Search Order Hijacking Exploitation Malicious Code Privilege Escalation Security Bypass Security Joes Threat actors Windows 10 Windows 11

New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections

 

Security researchers have outlined a fresh variant of a dynamic link library (DLL) search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and Windows 11.

The new method, disclosed in a report by cybersecurity firm Security Joes and exclusively shared with The Hacker News, exploits executables commonly present in the trusted WinSxS folder, utilizing the classic DLL search order hijacking technique. By doing so, adversaries can avoid the need for elevated privileges when attempting to run malicious code on a compromised system, introducing potentially vulnerable binaries into the attack chain.

DLL search order hijacking involves manipulating the search order used to load DLLs, allowing the execution of malicious payloads for purposes such as defense evasion, persistence, and privilege escalation. This technique targets applications that do not specify the full path to required libraries, relying on a predefined search order to locate DLLs on disk.

Threat actors exploit this behavior by relocating legitimate system binaries into non-standard directories that contain malicious DLLs, named after legitimate ones. This tricks the system into loading the attack code-containing library instead of the authentic one.

The unique aspect introduced by Security Joes focuses on files within the trusted "C:\Windows\WinSxS" folder. WinSxS, short for Windows side-by-side, is a crucial Windows component used for OS customization and updates to ensure compatibility and integrity.

According to Ido Naor, co-founder and CEO of Security Joes, the discovery diverges from traditional cyber attack methods, providing a more subtle and stealthy exploitation technique. The strategy involves identifying vulnerable binaries in the WinSxS folder and combining them with DLL search order hijacking methods. This entails strategically placing a custom DLL with the same name as a legitimate DLL into an actor-controlled directory, triggering code execution when executing a vulnerable file in the WinSxS folder.

Security Joes emphasized the potential for additional binaries in the WinSxS folder susceptible to this DLL search order hijacking, urging organizations to take precautions. They recommended examining parent-child relationships between processes, particularly focusing on trusted binaries, and closely monitoring activities performed by binaries in the WinSxS folder, including network communications and file operations.
Read more »
Windows 11
Data Safety malware Safe Boot UEFI Bootkit User Security Windows 11

Fully patched Windows 11 Systems are Susceptible to the BlackLotus Bootkit

 

ESET's analysis of the malware has shown that the BlackLotus bootkit may circumvent security safeguards on fully updated Windows 11 PCs and permanently infect them. 

BlackLotus is a brand-new threat actor that first appeared on darknet forums in October 2022. For $5,000, it gives advanced persistent threat (APT) actors like cybercriminals access to capabilities that were once only available to nation-states. 

The main danger posed by UEFI bootkits is well-known. By controlling the operating system's boot process, they can disable security safeguards and introduce kernel- or user-mode payloads while the machine is booting up, acting covertly and with elevated privileges. 

ESET, which discovered BlackLotus for the first time in late 2022, has so far located six installers, allowing it to thoroughly examine the threat's execution chain and pinpoint the malware's primary capabilities.

BlackLotus has a wide range of evasion capabilities, including anti-debugging, anti-virtualization, and code obfuscation, as evidenced by early reports. It can also disable security measures like BitLocker, Hypervisor-protected Code Integrity (HVCI), and Windows Defender. 

There is little that can be done to protect systems from attacks, even if the most recent patches have been installed, especially with proof-of-concept (PoC) exploit code being publicly available since August 2022, according to ESET, as the bootkit exploits a year-old vulnerability in Windows (tracked as CVE-2022-21894) to disable secure boot. 

"Although the vulnerability was fixed in Microsoft’s January 2022 update, its exploitation is still possible as the affected, validly signed binaries have still not been added to the UEFI revocation list. BlackLotus takes advantage of this, bringing its own copies of legitimate – but vulnerable – binaries to the system in order to exploit the vulnerability,” ESET stated. 

When BlackLotus is run on the machine, it installs a kernel driver to prevent removal, sets up the user-mode component, runs kernel payloads, and removes the bootkit. By safeguarding handles for the bootkit's files on the EFI System Partition and causing a Blue Screen Of Death if these handles are closed, removal is avoided.

Command-and-control (C&C) communication through HTTPS, command execution, and payload delivery are all handled by the user-mode component, an HTTP downloader. Under the context of the winlogon.exe process, the downloader is run by the SYSTEM account. 

BlackLotus installers have been found both offline and online, and a typical attack begins with an installer distributing bootkit files to the ESP, turning off system safeguards, and rebooting the device. 

Following the enrolment of the attackers' Machine Owner Key (MOK) to the MokList variable for persistence, CVE-2022-21894 is exploited to deactivate secure boot. The self-signed UEFI bootkit is used to deliver the kernel driver and user-mode payload on subsequent reboots (the HTTP downloader). 

Additionally, the bootkit was found by ESET to rename the genuine Windows Boot Manager binary before replacing it. When the bootkit is told to remove itself, the renamed binary is used to start the operating system or to bring back the initial boot sequence. 

Although BlackLotus is covert and equipped with a number of anti-removal safeguards, ESET thinks they have uncovered a flaw in the way the HTTP downloader transmits instructions to the kernel driver that would allow users to uninstall the bootkit. 

According to ESET, "in the event that the HTTP downloader wishes to send a command to the kernel driver, it merely creates a named section, writes a command with associated data inside, and waits for the command to be processed by the driver by creating a named event and waiting until the driver triggers (or signals) it." 

The kernel driver can be tricked into completely uninstalling the bootkit by creating the aforementioned named objects and sending the uninstall command. The kernel driver supports install and uninstall commands. The bootkit would still be present on infected devices even though upgrading the UEFI revocation list would lessen the threat posed by BlackLotus. A new Windows installation and the deletion of the attackers' enrolled MOK key would be necessary in order to clear them. 

"The low number of BlackLotus samples we have been able to obtain, both from public sources and our telemetry, leads us to believe that not many threat actors have started using it yet. But until the revocation of the vulnerable bootloaders that BlackLotus depends on happens, we are concerned that things will change rapidly should this bootkit get into the hands of the well-known crimeware groups,” ESET concluded.
Read more »
Windows 11
Data Breach Data Safety Personal Data User Privacy User Security Windows 11

Watch Out for Windows 11, as it Collects Data Even While you are Offline

 

You turned off the privacy sliders in Windows 11 because you don't want to share your data with Microsoft, and you must have thought that was the end of the matter. It turns out that Windows 11 is still gathering a lot of your data, even on a brand-new computer. 

In a recent YouTube video by The PC Security Channel, Neowin reported on how the behaviour of a brand-new Windows 11 laptop and a brand-new Windows XP installation differed in terms of what data, if any, was being shared online. 

The YouTubers were able to find out some intriguing but not unexpected details regarding the kind of telemetry that Windows 11 was sending by using the Wireshark network protocol analyzer. They discovered that Windows 11 was actively sending data to Microsoft and outside servers during boot-up, even before an internet connection was established. For instance, the data was sent to marketing and advertising networks as well as software servers (perhaps for upgrades, antivirus updates, checking for trial versions, etc.).

In stark contrast, the 20-year-old 64-bit version of Windows XP scarcely, if at all, produced a sound. To check for OS updates, Microsoft servers received the sole telemetry that was supplied.

The video shows how drastically background traffic has changed over time, going from almost no outgoing data to a flood of data relating to advertisements, MSN, Bing, and other things. Obviously, this volume of data relates to the expanded features and capabilities of contemporary operating systems. We depend on fast weather reports, news, and the most recent security fixes these days; it's just the way things are.

However, it's vital to remember that this laptop is brand-new. Think about that for a moment, the YouTuber said. The owner of this machine has not even attempted to use the internet, opened a web browser, or entered any information. Without the user's input, the system is acting in this way on its own.

As soon as you begin using the device, the collection expands. Software like ShutUp10 reveals the various metrics that Microsoft collects while using a Windows PC, including information about handwriting, typing, and advertising. 

Nevertheless, you can thankfully manage and restrict the data that your computer transmits. The purpose of services and programmes like Privatezilla and W10Privacy, which let you choose which undesired functionality should be disabled, is to harden your PC.
Read more »
Windows Defender
Chrome Cyber Security Gaming PCs Microsoft Patch Fix Security Updates Windows 11 Windows Defender

Microsoft Announced the End of Support for Windows 7 & 8

Microsoft has published a warning over the imminent end of support for Windows 8.1, which would not receive any updates or patches after January 10th, 2023.

According to the research, over 100 million computers were still running Windows 7 as of 2021, giving their owners little time to update them before they face the security hazards associated with utilizing an antiquated browser and operating system.

Windows 8.1 is still the fourth most popular Microsoft operating system in the world, according to the Statcounter team, with 2.45% of all Windows users having it installed on their computers. Given the fact that it will affect millions of individuals and expose numerous PCs to attack, this end of support is quite concerning. 

PCs running Windows XP, 7, or 8 were more prevalent than those running Windows 11 according to a Lansweeper survey of 27 million Windows devices conducted in October.

For systems running Windows 10 2004 or 20H2, Windows 10 21H1 was a minor feature update that was designed to be simple to install. It contained improvements to Windows Defender Application Guard, Windows Management Instrumentation via Group Policy, and support for several Windows Hello-enabled cameras. 

Along with the release of a new Chrome version, Google also disclosed that it will discontinue support for Windows 7 and Windows 8.1 in early 2023. For users to continue receiving new Chrome updates, their device must be running Windows 10 or later.

It would be wise for anyone running an outdated version of Windows to inspect their computers and make some critical adjustments this week. Microsoft has issued the warning because Windows 8.1 will soon stop receiving security updates and patches after January 10, 2023.

Read more »
Windows 11
Microsoft Microsoft Office Phishing Attacks User Privacy Windows Windows 11

Microsoft : Windows 11's Upgraded Phishing Tools


Microsoft installed phishing defense in Windows 11 Version 22H2 to help reduce the ongoing danger of identity fraud.

A phishing attempt frequently takes the shape of an email that closely resembles the real thing and leads the recipient to a bogus login page. The most convincing phishing attempts closely resemble the logos, language, and layout.

The Windows 11 software system includes improved phishing security that instantly recognises risk when users type their passwords into any app or website. According to a post by Microsoft, Windows can determine whether an app or website is secure and will alert users when it isn't.

Admins can better defend themselves against such exploits by being aware of when a password has been stolen. When Windows 11 defends against one phishing attack, the threat intelligence streams to defend other Windows users using other apps and websites that are also under attack.

Users are also advised to update their passwords. Once activated, it can alert users using Chrome or Microsoft Edge to potentially dangerous websites. The improved phishing protection function integrates with ones system's local PC account, Azure, or Microsoft Active Directory.

Compared to earlier releases, Windows 11 has greater security features. For maximum security, you will want to modify Windows Security in addition to biometrics like Windows Hello's facial recognition.

Enable BitLocker encryption on the system drive as well to safeguard your data. The user may occasionally need to turn Windows Security off and back on for a variety of reasons, even if utilising it is a no-brainer.

If users enter their password into a malicious website in any Chromium browser or in an app that connects to a phishing site, a blocking dialogue warning is presented asking them to change it.

Windows 11 alerts users that storing their password locally, such as in Notepad or any Microsoft 365 software, is risky and prompts them to delete the password from the file.
Read more »
Windows 11
1Password Manager Android Apple MacOS Linux Privacy Windows 11

To Support Passkeys, 1Password has Joined Passage

Passkey functionality, which enables users to securely log in to apps and websites without a password, will be made accessible to 1Password's customers by early 2023, the company announced.

Passkeys, which employ the WebAuthn standard developed by the FIDO Alliance and the World Wide Web Consortium, replace passwords with cryptographic key pairs that enable users to sign into accounts. These key pairs consist of a public key that can be shared and a private key that cannot be shared.

For users of Android devices, installing passwords on an Android phone or tablet is also simple. Passwords are simple to set up on an iPhone or iPad. In addition to extensions for various browsers, there still are versions for Linux, Windows 11, and macOS Ventura. The issue is that these platforms are beginning to ignore the password for the passkey.

Next year, 1Password will add support for passkeys, enabling users to log in without a password. Even for current users, the business has built up an interactive demo so they can see how the feature will operate once it is released.

Passkeys eliminate the requirement for a two-factor authentication code and are more resistant to phishing and compromised credentials than passwords in terms of password brute force attacks like password spraying.

It is accurate that 1Password claims that its version will have a few benefits over its rivals. Because it works with so many different operating systems, 1Password asserts that its passkeys are the only ones that support numerous devices and enable cross-platform synchronization.

The main benefits of passkeys, according to 1Password, are that they come with strong default encryption and do not need to be memorized because they are saved on the device, while the private key is kept private from the website being signed into. Furthermore, the private key cannot be deduced from the public key.

The world of authentication will alter as a result of passwordless technologies. This partnership must make it substantially simpler for businesses to integrate a safe, password-free authentication flow into their products in order for it to grow.


Read more »
Windows 11
Cyber Security Microsoft Versions Windows Windows 10 Windows 11

PowerToys Releases Version 0.64 With File LockSmith and Host File Editor

 

Microsoft has recently released the latest version of the PowerToys toolset, PowerToys 0.64 to the public. The new version will aid Windows users in finding the processes using selected files and unlock the same without the use of a third-party tool. 

PowerToy 0.64 additionally comes with significant enhancements in File Locksmith and Host File Editor. The first program, File Locksmith gives File Explorer a “What’s using the file?” context menu entry. It displays which Windows processes are currently using the file. 

The primary purpose of File LockSmith is to provide users with information that Windows does not provide when activities like delete or move are being executed. In case a file is in use, certain actions may not be performed by the operating system. Windows do not provide certain important information about that to the user, but File LockSmith does so.  

The second program, the Host File tool allows a user to edit the Hosts file in Window11 (or Window10) via an appropriate editor UI, instead of the user having to use Notepad. For example, the Hosts file allows users to block access to certain domains. Having this UI should make it a little less difficult to make changes to it. 

In addition to this, the PowerToy settings now possess a new feature that allows users to export or import the current settings from a file, making it easier to migrate settings across devices as per user requirements. Users now have the option to back up and restore the settings, which is useful in case PowerToy is running on various devices, or simply for backup purposes. 

Moreover, Microsoft has also made enhancements in FancyZones that lets a user set default behaviors for horizontal and vertical screens. The improvements are done, as in some cases monitor IDs tend to get reset, additionally, FancyZones settings do not apply anymore. With the latest enhancements, even if the aforementioned situation occurs, the user layout should at least make some sense based on the orientation of his screen.
Read more »
Windows 11
Cyber Security Microsoft SMB Updates Window bugs. Windows Windows 11

Performance Hit Experienced By File Copying Due to Windows 11 22H2

 


According to reports, Microsoft began rolling out Windows 11 version 22H2 last month, just a few months after announcing it. The experience has not been completely smooth as one might think. 

"22H2 has a performance problem when copying large files from a remote computer to a Windows 11 computer or when copying files on a local drive," explains Ned Pyle, Principal Program Manager at Windows Server engineering.

There have been several reports of users reporting that the update failed with an error code of "0x800f0806". Interestingly enough, one of our Neowin members was able to figure out a workaround for this problem. There are also the usual suspects, like printer problems as a result of a revised printer policy that leads to printers not being detected after the 2022 Update, which can result in a lot of frustration. 

There was another related issue that caused Microsoft to block the whole update on affected devices due to this problem. Afterward, Microsoft issued a warning to IT admins on the issue, stating that provisioning for Windows 11 22H2 is currently broken, as it discovered the existence of this issue.

Additionally, the Redmond-based firm revisited another problem that was resulting in the massive slow-down in the speed at which large files could be copied remotely on 22H2 systems as a result of a power failure. 

There have been reports that speeds are around 40% lower than expected, according to the company. Although users are experiencing more performance issues than before, the situation seems to be getting increasingly problematic.

Earlier this week, Microsoft released KB5017389 preview cumulative update for Windows operating systems. This update included the fixes for this issue as well as a free trial of the update for those who have not yet downloaded it. The support document provides more information regarding this issue and also offers a free trial of the release.

It might take longer than expected for Windows 11 version 22H2 to copy large files with multiple gigabytes (GB) to complete the task as previously thought.

Despite the newly acknowledged issue, Microsoft added that Windows devices that are used in small or personal networks are less likely to be affected by it than those used for business networks.

A workaround is available for this issue, it has also been reported that Microsoft has shared a workaround for customers who are affected by the known issue after updating their devices to Windows 11 22H2.

There are several ways in which impacted users can mitigate the performance hit of file copying over SMB by using file copy tools that do not use a cache manager (buffered I/O) such as any of the freeware applications available on the Internet.

To resolve this issue, Microsoft is currently investigating and working on a solution to address it. As part of a future release, the issue will be addressed in a more detailed way, and this will be included in a more detailed update. 

It has been more than two years since Microsoft released Windows 11 22H2, and they have now added compatibility holds to make sure the upgrade is no longer available on some systems, due to printer problems or blue screens.

As part of this week's announcement, Microsoft confirmed that the Windows 11 2022 Update is also causing provisioning issues, which is causing Windows 11 endpoints to be partially configured and not complete the installation process. 

After entering a new deployment phase on Tuesday, October 4, Windows 11 22H2 is now available to all seekers on qualifying devices, and it has been installed on some of the devices already.
Read more »
Windows 11
Brute-Force Attacks Cyber Security RDP User Security Windows 11

Microsoft Adds Default Account Lockout Policy in Windows 11 to Block RDP Brute-Force Attacks

 

In the latest Windows 11 builds, Microsoft introduced default Account Lockout Policy which will automatically lock user accounts after 10 consecutive failed login attempts for 10 minutes. 

The account brute forcing process involves inputting a massive number of passwords consecutively using automated tools. The new policy blocks such attacks and can be found in Windows 11 Insider Preview Build 22528.1000 and newer. 

"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston, Microsoft's VP for Enterprise and OS Security, stated. "This technique is commonly used in Human Operated Ransomware and other attacks - this control will make brute forcing much harder which is awesome!" 

Brute forcing credentials is a common methodology employed by hackers to infiltrate Windows systems via Remote Desktop Protocol (RDP) when they don't know the account passwords. The use of Remote Desktop Services is so popular among hackers that the FBI said RDP is responsible for nearly 70-80% of all network breaches leading to ransomware assaults. 

The tech giant is gradually blocking all entry vectors employed by ransomware attackers to infiltrate Windows networks and systems. Earlier this year, Microsoft made some security-focused changes including auto-blocking Office macros in downloaded documents and enabling multi-factor authentication (MFA) in Azure AD. The change was temporarily rolled back earlier this month, but it’s back now. 

“We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share,” Kellie Eickmeyer, Principal Program Manager at Microsoft, announced on Wednesday. 

Windows 10 systems also come with an Account Lockout Policy but are not enabled by default, allowing hackers to brute force their way into Windows systems with exploited Remote Desktop Protocol (RDP) services. Admins can enable this policy on Windows 10 in the Group Policy Management Console from Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy. 

This is a major step taken to enhance security since many RDP servers, particularly those used to assist teleworkers access corporate assets, are directly exposed to the Internet, exposing the businesses' network to attacks when poorly configured.
Read more »
Windows 11
Android App App vulnerability Authentication Keys Malicious actor Privacy USB User Privacy Windows 11

Microsoft Launches New Privacy Features for Windows 11

 

Microsoft is developing a new privacy dashboard to patch its vulnerabilities for Windows 11 that will allow users to view which apps and tools have access to sensitive hardware components such as the camera, microphone, location, phone calls, messages, and screenshots. It's included in one of June Windows 11 Preview Builds and now is ready for testing in the Dev Channel for Windows Insiders.

Users will be able to view the newly implemented tool in the Privacy & Security > App Permissions section, where a "Recent activity" option will be available, as per Microsoft. Users will be able to locate the monitored category of information in this section. "Once clicked, it will show every instance of one of the programs installed on a user's machine that has recently accessed sensitive devices and information," says the next step. Even though the list contains information about the most recent time the program accessed the service, clicking on any of the entries yields no additional information.

Several users would be able to proactively protect themselves from ransomware and phishing attacks that are unwittingly deployed by malicious actors due to this additional layer of privacy. Malware or malicious software may obtain access to a user's privacy in some cases via spying on its camera or microphone, or by reading file paths, process IDs, or process names.

If Windows Hello is turned off, your PC will be unable to access your camera. Some apps use the Camera app to capture pictures, by the Camera app's camera access setting. No images will be taken and sent to the app that accessed them unless you manually select the capture button in the Camera app.

Desktop apps can be downloaded from the internet, stored on a USB drive, or installed by your IT administrator. Microsoft has not yet officially launched this new privacy option, according to its Windows Insider Blog. This information comes from Microsoft's Vice President of Enterprise and OS Security, David Weston, in a tweet on Thursday. 

Windows has never had a privacy feature as useful as this, but it appears that Microsoft is working to strengthen the operating system's privacy controls. With Android version 12, Google provided a similar capability, although its execution is far from satisfactory.
Read more »
Windows 11
Cyber Attacks Ransomware attack security threat User Security Windows 11

New Variant of Magniber Ransomware is Targeting Windows 11 Users

 

Security analysts at 360 Security Center have unearthed a new strain of Magniber ransomware targeting Windows 11 systems. Since May 25, the attack volume of Magniber has surged significantly, and its primary transmission package names have also been upgraded, such as: win10-11_system_upgrade_software.msi, covid.warning.readme.xxxxxxxx.msi, etc. 

The ransomware is propagated via several online platforms, cracked software websites, fake pornographic websites, etc. When users visit these phony websites, they are lured to download from third-party network disks. 

According to researchers, the ransomware itself has not changed much, and can target multiple variants of Windows operating systems. The ransomware employs the RSA+AES encryption methodology to encrypt files. The RSA used is as long as 2048 bits, which is currently difficult to crack technically. 

After being encrypted by the ransomware, the file suffix is a random suffix, and each victim will have a separate payment page. If the ransom cannot be paid within the specified time, the link will be invalid. If the victim can pay the ransom within 5 days, he only needs to pay 0.09 Bitcoin, else the ransom will be doubled after 5 days. 

This is the second incident within two months hackers targeted Windows users. Earlier in April, the malicious actors employed fake Windows 10 updates to spread the Magniber ransomware strain. The fake Windows 10 updates were distributed under multiple names such as Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi via platforms such as pirated sites, posing as legitimate cumulative or security updates. 

The malicious campaign started on April 8th, 2022, and has witnessed massive distribution worldwide since then. Meanwhile, it remains unclear how the fake Windows 10 updates are being promoted and distributed from fake warez and crack sites. 

According to security researchers, no safe decryptor exists for ransomware. Additionally, any weaknesses of the malware are also known to reverse its infection as of yet. The ransomware presently targets regular users and students, and not corporate customers. Thus, the users need to remain vigilant, avoid downloading cracked versions, and use legit sites only. 

The ransomware was first spotted in 2017 targeting victims in South Korea. Back in 2021, the ransomware was using the PrintNightmare exploit to Target Windows users, and earlier this year in January, it was distributed via Microsoft Edge and Chrome.
Read more »
Subscribe to: Posts (Atom)