Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patching problems: The “return” of a Windows Themes spoofing vulnerability Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s operating system, 0patch researchers have discovered. Black Basta operators phish employees via Microsoft Teams Black Basta ransomware affiliates are still trying to trick … More → The post Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams appeared first on Help Net Security.
CyberCureME - Cyber Security Marketplace’s Post
More Relevant Posts
-
New Windows 11 recovery tool to let admins remotely fix unbootable devices Microsoft is working on a new Windows "Quick Machine Recovery" feature that will allow IT administrators to use Windows Update "targeted fixes" to remotely fix systems rendered unbootable. This new feature is part of a new Windows Resiliency Initiative launched in response to a widespread July 2024 outage caused by a buggy CrowdStrike Falcon update that rendered hundreds of thousands of Windows devices unbootable, impacting airlines, hospitals, and emergency services worldwide. Those affected said their Windows hosts got stuck in a boot loop or showed the Blue Screen of Death (BSOD) after installing the latest CrowdStrike Falcon Sensor update. To ensure that its customers are ready in the event of a similar incident, Microsoft has developed a new Quick Machine Recovery feature that doesn't require hands-on access to fix Windows boot issues. "This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC," said David Weston, the company's Vice President for Enterprise and OS Security, today. "This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past." Microsoft says it will roll out the Quick Machine Recovery feature to the Windows 11 Insider Program community in early 2025. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations
New Windows 11 recovery tool to let admins remotely fix unbootable devices
bleepingcomputer.com
To view or add a comment, sign in
-
#CrowdStrike ⚡️ How Vulnerable Are You in IT? When it comes to cybersecurity, the deeper you go, the riskier it gets. This was glaringly evident when a recent CrowdStrike update caused widespread chaos by crashing Windows systems worldwide. But how did this happen, and why are Windows systems particularly vulnerable to such catastrophic failures? The Depths of Vulnerability Microsoft grants cybersecurity companies deep access to the kernel of the Windows operating system. This allows tools like CrowdStrike’s Falcon sensor to operate at a very low level, offering robust protection by monitoring and intercepting system events in real-time. However, this deep access comes with significant risks. When something goes wrong at this level, it can lead to critical system failures, such as the infamous Blue Screen of Death (BSOD). The MacOS Approach In contrast, macOS has tightened the reins, preventing developers from accessing such low-level system functions directly. Instead, Apple provides specific APIs that limit what developers can do, enhancing system stability and security. This means that on macOS, such widespread crashes are far less likely, as developers cannot create drivers that interact with the system in ways that could cause major disruptions. The #Windows Wild West On Windows, the situation is different. Developers can create drivers that interact directly with the system, granting them powerful capabilities but also posing significant risks. This flexibility is a double-edged sword, making Windows a fertile ground for innovation but also for potential system instability. The CrowdStrike Incident CrowdStrike’s Falcon sensors rely on configuration data stored in binary files. These sensors must be updated frequently to respond to new threats, such as the distinct patterns of a ransomware attack. However, a recent update to these sensors introduced a logic error in one of these configuration files, leading to widespread BSOD errors. This caused massive disruptions as affected systems failed to boot, paralyzing businesses and services across the globe The Aftermath and Resolution Restoring affected systems required manual intervention, such as booting into Safe Mode or using the Windows Recovery Environment to delete the problematic files. A labor-intensive and time-consuming process, demonstrating the significant impact of such deep-level access gone wrong The #Linux and #macOS Advantage Interestingly, Linux and macOS users were unaffected by this issue. Linux systems do not rely on the same level of proprietary, kernel-level interactions as Windows, and macOS’s stricter access controls prevented similar vulnerabilities. This highlights the robustness of these operating systems in avoiding such widespread failures. Conclusion The CrowdStrike incident serves as a stark reminder of vulnerabilities inherent in deep system access. In a world where a single update can bring down millions of systems, how vulnerable are you in IT?
To view or add a comment, sign in
-
Windows PCs all around the world are crashing, and it's getting uglier fast. It's all due to an issue with CrowdStrike's Falcon Sensor software, and it's spreading in unpredictable ways. But what is CrowdStrike? What's a "blue screen of death"? And how worried should Windows PC owners be? Here's what you need to know. What is CrowdStrike, and what is Falcon Sensor? CrowdStrike is a cybersecurity company, and Falcon Sensor is software designed to prevent computer systems from cyber attacks. Earlier this morning, on July 19, the company warned its users that Windows systems are "experiencing a bugcheck/blue screen error related to the Falcon Sensor," and said that its engineering teams are "actively working to resolve this issue." Apparently, an update to the Falcon software is what caused the issue; the company rolled back the update but numerous machines are still affected. Both Microsoft and CrowdStrike have now acknowledged the issue, which is only present on Windows machines, while Mac and Linux computers aren't affected. What's a blue screen of death? If you've been so fortunate to never see a blue screen of death, it is a type of critical error on Windows PCs which essentially halts whatever the computer's been doing and displays an error report on a blue screen. What is CrowdStrike's relationship with Microsoft? CrowdStrike doesn't really have a direct relationship with Microsoft. It is, however, a hugely popular cybersecurity company, especially for large businesses and institutions, due to its reputation of being able to stop cyberattacks in their tracks, and that means it runs on a lot of Windows machines. It is also available for Mac and Linux computers, though the current issue is only related to Windows computers. A report from IDC dated February 2023 placed CrowdStrike at the number one spot when it comes to endpoint security, with a 17.7% market share. Microsoft's own endpoint security solutions are a close second with a 16.4% market share. @laninfotech @glenbenjamin #laninfotech #becybersmart #becyberfit #besafe LAN Infotech, LLC
Microsoft outage: What is CrowdStrike and why users are getting Windows blue screens
mashable.com
To view or add a comment, sign in
-
On December 10, 2024, Microsoft disclosed a critical vulnerability in its Windows Remote Desktop Services, tracked as CVE-2024-49115. This security flaw allows attackers to execute remote code on affected systems, posing a severe threat to confidentiality, integrity, and availability. The vulnerability has been classified as critical, with a CVSS score of 8.1. #Windows #RDP #vulnerabilities #security
Windows Remote Desktop Services Vulnerability Let Attackers Execute Remote Code
https://cybersecuritynews.com
To view or add a comment, sign in
-
🆕 Interesting Read - #Microsoft is introducing a future #cybersecurity enhancement to help protect administrator users on Windows— Administrator protection, a new platform security feature in #Windows11. Administrator protection aims to protect users while still allowing them to perform necessary functions with #JustInTime elevation of administrator privileges. #Infosec #securityawareness #cyberaware https://lnkd.in/esdzsRTe
Administrator protection on Windows 11 | Microsoft Community Hub
techcommunity.microsoft.com
To view or add a comment, sign in
-
#WorkspaceONE now seamlessly integrates with Microsoft Entra ID and Google’s Context-Aware Access, enhancing security for macOS environments. 🤝 See how this enables enforcement of policies based on enrollment status and boosts #security and identity management with Google Cloud’s conditional policies. 🔒 https://bit.ly/3xOHVOQ
Conditional access with Workspace ONE integrates seamlessly with Microsoft Entra ID and Google’s BeyondCorp
blogs.vmware.com
To view or add a comment, sign in
-
Using utilman.exe (the Ease of Access utility) to bypass Windows login is a common security exploitation method. It leverages the fact that this utility can be accessed even from the login screen. Here’s a step-by-step understanding of how it works, the risks involved, and possible mitigations. How the utilman.exe Exploit Works: 1. Purpose of utilman.exe: • It’s a Windows system utility designed to provide accessibility options (like Narrator, Magnifier, On-Screen Keyboard) on the login screen. • You can invoke it by clicking the “Ease of Access” button or pressing Windows + U from the login screen. 2. Exploit Mechanism: Attackers replace utilman.exe with another executable (usually cmd.exe or another tool) that grants a command prompt or admin-level access. Steps: • Boot into Recovery or Safe Mode using a bootable USB/installation media. • Locate utilman.exe: C:\Windows\System32\utilman.exe • Rename the original utilman.exe: rename utilman.exe utilman_backup.exe • Copy cmd.exe as utilman.exe: copy cmd.exe utilman.exe • Reboot the system. 3. Bypassing Login: • On the login screen, click the “Ease of Access” button or press Windows + U. • Instead of launching accessibility tools, a command prompt with SYSTEM privileges opens. • From the command prompt, the attacker can: • Create a new admin user: net user newadmin password /add net localgroup administrators newadmin /add • Reset the password of an existing user: net user username newpassword 4. Login with the new/existing credentials without needing the original password. Risks and Mitigations: 1. Risks: • Allows attackers to bypass password protections. • Grants full access to the system, which can compromise sensitive data. • Can be executed with physical access or improperly secured remote access (e.g., through poorly managed RDP). 2. Mitigations: • Enable BitLocker encryption: Prevents unauthorized modification of system files from recovery environments. • Disable or restrict boot options: Configure BIOS/UEFI to disable booting from USB or external drives. • Password-protect Safe Mode and Recovery Mode. • Set local group policies to restrict access to utilman.exe and related files. • Monitor user accounts for unauthorized creation or changes. Using this method is illegal without proper authorization, and it’s classified as a security vulnerability. System administrators should ensure their machines are properly secured to prevent this kind of attack.
To view or add a comment, sign in
-
Atlassian Sourcetree For Mac & Windows Flaw Let Attackers Execute Remote Code A critical security vulnerability has been discovered in Atlassian’s popular version control client, Sourcetree, affecting both Mac and Windows versions. The flaw, identified as CVE-2024-21697, allows unauthenticated attackers to execute arbitrary code remotely, posing a significant risk to users. The vulnerability, which carries a high severity rating with a CVSS score of 8.8, was introduced in Sourcetree for Mac version 4.2.8 and Sourcetree for Windows version 3.4.19. This remote code execution (RCE) flaw has the potential to compromise the confidentiality, integrity, and availability of affected systems. Security researchers have warned that successful exploitation of this vulnerability could grant attackers complete control over the targeted systems. Atlassian, the company behind Sourcetree, has responded swiftly to the security threat. They have released patches to address the vulnerability and are strongly urging all users to update their software immediately. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations
Atlassian Sourcetree For Mac & Windows Flaw Let Attackers Execute Remote Code
https://cybersecuritynews.com
To view or add a comment, sign in
-
Microsoft's upcoming new Administrator Protection feature in Windows 11 is intended to enhance security by restricting administrator privileges. Instead of always-on elevated access, it creates temporary, isolated admin accounts for specific tasks, disappearing once complete. This "just-in-time" approach thwarts attackers seeking to exploit privilege escalation vulnerabilities and utilize techniques like "living-off-the-land" to maintain persistent access. This change significantly limits the window of opportunity for malicious actors to leverage admin rights for lateral movement and other attacks, bolstering overall system security and improving monitoring capabilities for privileged account activity.
New Windows Feature Limits Admin Privileges
darkreading.com
To view or add a comment, sign in
-
On today Microsoft outage issue i would like to share the article which helps you with understanding the details about the issue, what the issue exactly is and how to get it resolves. “ Microsoft outage: What is CrowdStrike and why users are getting Windows blue screens” - Windows PCs all around the world are crashing, and it's getting uglier fast. The issue is due to a issue with CrowdStrike's Falcon Sensor software, and it's spreading in unpredictable ways. But what is CrowdStrike? What's a "blue screen of death"? And how worried should Windows PC owners be? Here's what you need to know. 1. What is CrowdStrike, and what is Falcon Sensor? CrowdStrike is a cybersecurity company, and Falcon Sensor is software designed to prevent computer systems from cyber attacks. Earlier this morning, on July 19, the company warned its users that Windows systems are "experiencing a bugcheck/blue screen error related to the Falcon Sensor," and said that its engineering teams are "actively working to resolve this issue." Apparently, an update to the Falcon software is what caused the issue; the company rolled back the update but numerous machines are still affected. Both Microsoft and CrowdStrike have now acknowledged the issue, which is only present on Windows machines, while Mac and Linux computers aren't affected. 2. What's a blue screen of death? If you've been so fortunate to never see a blue screen of death, it is a type of critical error on Windows PCS which essentially halts whatever the computer's been doing and displays an error report on a blue screen. 3. What is CrowdStrike's relationship with Microsoft? CrowdStrike doesn't really have a direct relationship with Microsoft. It is, however, a hugely popular cybersecurity company, especially for large businesses and institutions, due to its reputation of being able to stop cyberattacks in their tracks, and that means it runs on a lot of Windows machines. It is also available for Mac and Linux computers, though the current issue is only related to Windows computers. A report from IDC dated February 2023 placed CrowdStrike at the number one spot when it comes to endpoint security, with a 17.7% market share. Microsoft's own endpoint security solutions are a close second with a 16.4% market share. 4. How to resolve this? If you're eager to try to fix the issue yourself, here's a workaround: 1) "Boot Windows into Safe Mode or the Windows Recovery Environment 2) "Navigate to the C: (Windows|System32\drivers\CrowdStrike directory 3) "Locate the file matching 'C-0000029*sys', and delete it. 4) "Boot the host normally." 5. How long will the Microsoft outage last? As per CrowdStrike CEO George Kurtz, actually fixing it is not always trivial. This is not a simple update which can easily be deployed to all systems over-the-air, as many of the affected systems crash right after booting up, meaning they're in an endless boot loop. This, in turn, means that the fix must be applied manually.
To view or add a comment, sign in
8,572 followers