windows – Security

If you’re a fan of Volatility, you’ll love CrowdStrike’s SuperMem

October 23, 2021 by Andrea Fortuna

Andrea Fortuna

CrowdStrike released SuperMem, a great tool for automated Windows memory analysis. SuperMem allows analysts to perform quick triage with Volatility 3, but also a full triage with Volatility 2, 3/EVTXtract/memdumping and other resource gathering tools, or a comprehensive triage with all of the above + dumping all loaded DLLs, processes…

10 Best Antivirus For A Basic Laptop [Must Read]

September 23, 2021 by Daniel Segun

Daniel Segun

Do you own a basic laptop? In this post, we will show you the best antivirus for a basic laptop. It is essential that you have an antivirus installed for security purposes. Besides, basic laptops are targeted by hackers every day which results in them being at risk of malware…

Microsoft warns of a Windows zero-day security hole that is being actively exploited

September 9, 2021 by Graham Cluley

Graham Cluley

In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. Read more in my article on the Tripwire State of Security blog.

Interesting Privilege Escalation Vulnerability

August 26, 2021August 26, 2021 by Bruce Schneier

Bruce Schneier

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability,…

Smashing Security podcast #238: Fashion captain, fraud family, and DEF CON. D’oh!

July 29, 2021 by Graham Cluley

Graham Cluley

Pygmy hippopotamus bugs, DEF CON's data slip-up, and phishing fraudsters have their collars felt. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Paul Ducklin.

How “Process Ghosting“ works

June 18, 2021 by Andrea Fortuna

Andrea Fortuna

The Elastic Security team recently revealed a new technique for malware obfuscation and evasion called Process Ghosting, that allows tampering of in-memory mappings of executable files on Microsoft Windows. The technique [1] is the evolution of already known attack methods such us as Process Doppelgänging and Process Herpaderping, and could…

Microsoft Patch Tuesday, April 2021 Edition

April 13, 2021 by BrianKrebs

BrianKrebs

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over…

“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users

March 18, 2021 by Dan Goodin

Dan Goodin

Enlarge (credit: Getty Images) A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Using novel exploitation and obfuscation techniques, a mastery of a wide range…

Chinese Hackers Stole an NSA Windows Exploit in 2014

March 4, 2021February 25, 2021 by Bruce Schneier

Bruce Schneier

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline: The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed…

Twelve-Year-Old Vulnerability Found in Windows Defender

February 24, 2021February 18, 2021 by Bruce Schneier

Bruce Schneier

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender —…

Windows registry Transaction Logs in forensic analysis

February 6, 2021 by Andrea Fortuna

Andrea Fortuna

During forensic anaysis, Windows registry data can be useful to discover malicious activity and to determine if and what data may have been stolen from a network. Many different types of data are present in the registry that can provide evidence of program execution, application settings, malware persistence, and other…

Microsoft patches anti-virus bug that allowed boobytrapped files to run malicious code when scanned

January 13, 2021 by Graham Cluley

Graham Cluley

Microsoft has patched a security vulnerability that was - ironically - exploiting usage of the company's own Windows security product, Microsoft Defender Antivirus.

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

January 7, 2021 by Lindsey O'Donnell

Lindsey O'Donnell

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands

January 5, 2021 by Lindsey O'Donnell

Lindsey O'Donnell

At least 6,500 cryptocurrency users have been infected by new, 'extremely intrusive' malware that's spread via trojanized macOS, Windows and Linux apps.

Microsoft hints at coming “sweeping visual rejuvenation” of Windows 10

January 4, 2021 by Jim Salter

Jim Salter

Enlarge / This screenshot of the Photos and Calculator apps comes from a video Microsoft product chief Panos Panay dropped on Instagram to demonstrate new UI concepts in March 2020. (credit: Microsoft) We've been hearing rumors for a while now about a significant visual refresh planned for Windows 10 in…

1 2 3 … 8 Next »