WINDOWS Archives - Cybersecurity News Everyday

Critical Cisco Smart Licensing Utility flaws now exploited in attacks

Summary: Attackers are now targeting unpatched Cisco Smart Licensing Utility (CSLU) instances due to a vulnerability that exposes a backdoor admin account. Cisco released a patch for this flaw (CVE-2024-20439) in September, along with another critical vulnerability (CVE-2024-20440) that allows attackers to access sensitive log files.…

Cyber Security News

VSCode extensions found downloading early-stage ransomware

March 21, 2025 BleepingComputer

Summary: Two malicious extensions on the VSCode Marketplace were discovered deploying in-development ransomware, highlighting significant flaws in Microsoft’s review process. The extensions, which were available for download for months before being removed, executed a PowerShell script that encrypted files in a specific folder and demanded a cryptocurrency ransom.…

Cyber Security News

Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

March 21, 2025 CybersecurityNews

Summary: Veeam has issued security updates to fix a critical vulnerability in its Backup & Replication software that allows remote code execution by authenticated domain users. The weakness, identified as CVE-2025-23120, has a CVSS score of 9.9 and affects versions up to 12.3.0.310, necessitating an upgrade to version 12.3.1 to mitigate risks.…

Cyber Security News

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

March 21, 2025 CybersecurityNews

Summary: A new stealer malware called Arcane is being distributed through YouTube videos promoting game cheats, targeting Russian-speaking users. This malware gathers a wide range of sensitive information from various applications, including VPNs, messaging apps, and gaming clients. It utilizes various techniques, including a batch file that activates PowerShell to initiate its malicious activities, while also evading security measures like Windows SmartScreen.…

Threat Research

VanHelsing Ransomware

March 20, 2025 Cyfirma

The CYFIRMA Research and Advisory Team has discovered the VanHelsing Ransomware, which targets Windows systems and uses advanced encryption methods, making it challenging to detect and remove. It employs double extortion tactics, threatening to leak sensitive data, and stresses the importance of proactive cybersecurity measures and incident response strategies.…

Cyber Security News

The NYPD is sending more drones to 911 calls, but privacy advocates don’t like the view

March 20, 2025 CybersecurityNews

Summary: New York City’s police department has significantly expanded its use of drones, branded as “first responders” to enhance public safety. However, this has raised serious concerns regarding privacy, surveillance, and civil liberties, as the drones are capable of extensive monitoring and their footage can be retained for legal purposes.…

Threat Research

SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset

March 20, 2025 Picussecurity

SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…

Cyber Security News

PoC Exploit Released for Windows Explorer Vulnerability Exposing NTLM Hashes

March 20, 2025 Cyware

Summary: A security vulnerability identified as CVE-2025-24071 enables NTLM hash leakage from Windows systems when extracting maliciously crafted .library-ms files from RAR/ZIP archives. This flaw, which has a CVSS score of 7.5, arises from Windows Explorer’s automatic handling of these files, leading to unintentional NTLM authentication handshakes with attacker-controlled SMB servers.…

Interesting Stuff

CVE-2025-21333 Windows heap-based buffer overflow analysis

March 20, 2025March 20, 2025 Infosecwriteups

CVE-2025–21333 is a heap-based buffer overflow vulnerability in the Windows 11 kernel-mode driver vkrnlintvsp.sys, actively exploited by threat actors. Microsoft released a patch (KB5050021) on January 14, 2024. The vulnerability can lead to privilege escalation and arbitrary read/write access in kernel space. The article details the vulnerability analysis, exploitation techniques, and recommendations for detection.…

Threat Research

Resurgence of a Fake Captcha Malware Campaign

March 20, 2025March 20, 2025 Securonix

The article discusses a recent investigation by Trustwave SpiderLabs that uncovered a campaign leveraging fake CAPTCHA verifications to execute malicious PowerShell scripts, leading to the deployment of infostealers like Lumma and Vidar. The multi-stage attack involves deceptive prompts to execute commands, downloading HTA files, decrypting payloads, and executing infostealers.…

Threat Research

A Deep Dive into Strela Stealer and How It Targets European Countries

March 20, 2025March 20, 2025 Securonix

The Strela Stealer is a targeted infostealer malware that primarily focuses on extracting email credentials from users of Mozilla Thunderbird and Microsoft Outlook in select European countries. Delivered through phishing campaigns, it employs sophisticated social engineering techniques to trick victims into executing its payload. The malware’s infrastructure is linked to Russian hosting services, and it utilizes complex obfuscation methods to evade detection.…

Threat Research

GrassCall Campaign: The Hackers Behind Job Recruitment Cyber Scams

March 20, 2025March 20, 2025 Securonix

The “GrassCall” malware campaign is an advanced social engineering attack targeting job seekers in the cryptocurrency and Web3 sectors, orchestrated by the Russian cybercriminal organization “Crazy Evil.” Utilizing fake job interviews, the attackers compromise systems to steal cryptocurrency assets, resulting in hundreds of victims. Affected: cryptocurrency sector, job seekers

Keypoints :

The GrassCall malware campaign is led by the Russian-speaking cyber-criminal organization “Crazy Evil.”…

Threat Research

Fake Cloudflare Verification Results in LummaStealer Trojan Infections

March 20, 2025 Sucuri

This article describes an ongoing malware campaign utilizing malicious WordPress plugins to spread the LummaStealer trojan. The malware trick users into running harmful PowerShell commands, thus collecting sensitive data from infected PCs. The campaign exploits fake human verification prompts primarily targeting Windows users. Affected: WordPress websites, Windows operating system users

Keypoints :

LummaStealer is an infostealer malware designed to collect sensitive data.…

Threat Research

Emulating the Sophisticated Chinese Adversary Salt Typhoon

March 20, 2025 AttackIQ

Salt Typhoon, a Chinese APT group active since 2019, targets critical sectors, including Telecommunications and Government entities across multiple regions. Known for its advanced cyberespionage tactics, the group utilizes various tools and techniques to maintain access while evading detection. This includes exploiting Microsoft Exchange vulnerabilities and employing a range of persistence and privilege escalation techniques.…

Cyber Attack

Kali Linux 2025.1a released with 1 new tool, annual theme refresh

March 20, 2025 BleepingComputer

Summary: Kali Linux has launched version 2025.1a, introducing a new tool, desktop updates, and a refreshed theme. This version emphasizes visual upgrades, including new wallpapers and improvements to the user interface. Additionally, the release includes updates to the Kernel and introduces new keyboard shortcuts for enhanced navigation.…

Cyber Security News

FIN7’s New Stealth Weapon, Anubis Backdoor, Emerges in the Wild

March 20, 2025 Cyware

Summary: PRODAFT has identified a new Python-based backdoor called AnubisBackdoor, associated with the FIN7 group, which allows for complete control over infected computers. The malware is adept at evading traditional security defenses, remaining undetected by most antivirus solutions. Delivered via malspam campaigns and compromised SharePoint instances, AnubisBackdoor demonstrates adaptability in its execution methods, posing a significant threat to enterprise environments.…

Youtube

🚨 Microsoft Kills Remote Desktop! Now What?

March 20, 2025 admin

Summary: The video discusses Microsoft’s announcement to discontinue support for the remote desktop app on May 27th, which will be replaced by a new Windows app. This change will block connections to Windows 365 and Dev Box via the existing remote desktop app, and the video addresses concerns regarding the limitations and issues of the new app.…

Cyber Attack

New Arcane infostealer infects YouTube, Discord users via game cheats

March 20, 2025 BleepingComputer

Summary: A newly discovered information-stealing malware named Arcane is targeting a wide range of user data, including VPN credentials, gaming clients, and messaging apps. Originating from a campaign launched in November 2024, it has a distinct infection chain, often using YouTube promotions for game cheats to lure in victims.…

Cyber Security News

Microsoft fixes Windows update bug that uninstalled Copilot

March 20, 2025 BleepingComputer

Summary: Microsoft has resolved a bug related to the March 2025 cumulative updates that inadvertently uninstalled the Copilot digital assistant from some Windows 10 and 11 systems. Users were advised to reinstall the app from the Microsoft Store if they wished to have it back immediately.…

Cyber Security News

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

March 20, 2025 CybersecurityNews

Summary: A severe security vulnerability in PHP (CVE-2024-4577) is being exploited by threat actors to deploy cryptocurrency miners and remote access trojans, with a significant rise in attacks noted across several countries. The flaw particularly affects Windows-based systems operating in CGI mode, allowing remote code execution.…

Tag: WINDOWS