Windows News, Articles and Updates

Chrome 65 update ready, contains 45 security fixes

The Google Chrome team reported it moved Chrome 65 to the stable channel for Windows, Mac and Linux with the latest update containing 45 security fixes, with at least nine rated as "high".

uTorrent apps vulnerable to remote code execution, information disclosure

The developer of uTorrent for Windows and uTorrent Web has been scrambling to issue patched versions of the BitTorrent-based peer-to-peer fire-sharing apps.

Adobe Patch Tuesday patches issues in Acrobat, Reader & Experience manager

Adobe's Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Macintosh to address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Evolving Hancitor downloader found, relying on malicious hosted servers

Despite its relatively small pool of viable targets, the malicious Windows-based downloader Hancitor continues to surface in malspam campaigns that recently have relied heavily on distribution servers.

All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

NSA exploits stolen by hacker Shadow Brokers can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10 - so deploy the MS17-010 security update from Microsoft as soon as possible.

Chrome desktop update remedies 53 bugs, adds Spectre and Meltdown mitigations

Google's latest stable channel update for the Chrome browser on Windows, Mac and Linux desktop machines includes fixes for 53 security issues, including three high-severity vulnerabilities.

New and old Windows vulnerabilities top Alienvault list

Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software Microsoft Office and Windows beat out the much maligned Adobe software.

Cryptocurrency miners target web servers with malware

RubyMiner malware plants XMRig on vulnerable systems. Security researchers have discovered malware aimed at Linux and Windows servers running to mine cryptocurrency.

Cyber-criminals favoured non-malware attacks in 2017: Report

Non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite proliferation of malware available to both the professional and amateur hacker.

Apple release security updates shortly after releasing another KRACK fix

Apple released security updates for its mobiles, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.

Update: TeamViewer releases emergency patch for permissions flaw

TeamViewer has rushed out an emergency patch to fix a security flaw that could allow hackers to take over other machines during an active session.

Bitcoin Gold issues critical advisory after spotting suspicious files

Bitcoin Gold issued a critical alert and expanded the recall window for the Windows Wallet installer after a link on its Download page and the file downloads on its Github release page were found to be serving two suspicious files.

US CERT issues warning on ASLR vulnerability in Windows

US CERT has issued a warning on a vulnerability in Windows' Address Space Layout Randomisation (ASLR) that affects Windows 8, Windows 8.1, and Windows 10 which could allow an attacker to take control of an affected system.

Flaw in Windows DNS client exposed millions of users to hacking

Security researchers have advised the patching of a critical vulnerability in the DNS client used in Windows. The flaw could allow hackers to gain access to a target system.

17-year-old auth protocol riddled with vulnerabilities, needs patching

Two new flaws have been discovered in Windows NTLM security protocols which could result in unauthorised credential use, password cracking and domain compromise.

Flaw in Microsoft Master File Table could allow hackers to BSOD Windows

Flaw in NTFS file system can be activated by a malformed URL, causing a system crash in Windows Vista, 7 and 8.1 but not Windows 10.

ICYMI: MSP APT; MS 0-day; Travel phish: Retraining; Hacktivists hit

In Case You Missed It: Chinese hack MSPs; Windows Server 2003 flaw; Phishing hits travellers; retraining graduates; OpIsrael hacktivists targeted.

Zero-day on Windows Server 2003 could affect up to 600,000 servers

Hackers are said to be rushing to develop exploits as Microsoft says it won't patch flaw in Internet Information Services (IIS) 6.0 on Windows Server 2003.

ICYMI: HMRC/DMARC; Windows Vul; UK-China; IDF hack; Vendor hid attack

In Case You Missed It: HMRC implements DMARC; Windows bug revealed; UK-China cooperation; ViperRat hacks Israeli defence; Supply-chain attack hidden

Microsoft says Cerber ransomware most popular infector of Windows 10

The software giant claims Genasom and Locky took second and third place for attacking Windows 10 Enterprise boxes with about 1000 infections each.

65% of Windows devices run Windows 7, where 600 vulnerabilities reside

This seven-year-old version of the software is leaving enterprises open to 600 security vulnerabilities.

What's behind backdoor #3? Mac version of Mokes malware follows Linux, Windows variants

Kaspersky Lab today released an analysis of a newly discovered version of Mokes - a malicious, cross-platform backdoor with spying functionality - this one targeting Apple's OS X operating system.

New version of L0phtCrack makes cracking Windows passwords easier than ever

L0phtCrack is back, 19 years old and updated for the first time in six years, version 7 is apparently 500 times faster

Operation Ghoul attacks terrorise industrial and engineering orgs

Kaspersky researchers spotted a wave of attacks that has affected more than 130 organisations in at least 30 countries.

Researcher finds Windows flaw that permits fileless UAC bypass

Windows vulnerability would allow hackers to subvert PowerShell to bypass the UAC, leaving no trace of having accessed the system.

Rate of unpatched non-Microsoft programs on the rise in the UK

The percentage of unpatched Windows operating systems was on the decline in the second quarter of 2016, leading to an overall decrease in the number of exploitable Windows vulnerabilities.

53% of organisations around the world still use Windows Server 2003

Over half (53 percent) of companies have at least one instance of Windows Server 2003 still running even though its end of life (EOL) date passed on 14 July 2015.

Windows zero day devalued as supply and demand takes hold, experts speculate

Market forces are beginning to have an effect on zero days, evidenced by a new drop in the price of a significant zero-day.

1.5 billion Windows computers potentially affected by unpatched 0-day exploit

Trustwave has found a zero-day exploit which it said affects all versions of Microsoft's OS Windows, all the way from Windows 2000 up to a fully patched version of Windows 10.