GitHub has introduced push protection by default to prevent secrets from leaking. CISA has issued a warning against using compromised Ivanti VPN gateways even after performing factory resets. The latest ‘Moment 5’ update for Windows 11 has been released, bringing new features. Microsoft has addressed an issue where Outlook clients were not syncing over Exchange ActiveSync. A news farm has been found impersonating over 60 major outlets including BBC, CNN, CNBC, and The Guardian. Hackers have targeted the FCC and cryptocurrency firms in sophisticated Okta phishing attacks. A Windows Kernel bug that was fixed last month had been exploited as a zero-day since August.
Users can now get $30 off a PowerShell training bundle to make Windows their assistant. Instructions on enabling Kernel-mode Hardware-enforced Stack Protection in Windows 11 are available. Guides on using the Windows Registry Editor, backing up and restoring the Windows Registry, opening a Windows 11 Command Prompt as Administrator, starting Windows in Safe Mode, removing malware, and revealing hidden files in Windows are provided. Steps to remove various adware, browser extensions, search redirects, and ransomware are also outlined.
Microsoft recently patched a high-severity Windows Kernel privilege escalation vulnerability, tracked as CVE-2024-21338, that had been actively exploited as a zero-day since August. The flaw was discovered by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver. The vulnerability affects multiple versions of Windows 10 and 11, as well as Windows Server 2019 and 2022. Successful exploitation allows attackers to gain SYSTEM privileges without user interaction. The company patched the flaw on February 13, confirming that it had been exploited in the wild.
Avast revealed that North Korean hackers Lazarus had been exploiting the vulnerability to gain kernel-level access and disable security tools. They established a kernel read/write primitive to manipulate kernel objects and evade security software. A new FudModule rootkit version with improved stealth and functionality was deployed in the attacks. Additionally, a previously unknown remote access trojan (RAT) was discovered, which will be discussed in a BlackHat Asia presentation. Windows users are urged to install the February 2024 Patch Tuesday updates promptly to protect against CVE-2024-21338 attacks.
Microsoft has also addressed a critical Exchange bug exploited as a zero-day and released unofficial patches for a new Windows Event Log zero-day flaw. They have introduced ‘Sudo for Windows’ feature in Windows 11 and resolved an issue with Copilot blocking upgrades. CISA has warned of malware attacks exploiting a Microsoft Streaming bug. An Edge update causing ‘Out of Memory’ crashes has been pulled by Microsoft. Users are encouraged to register on the platform and review the guidelines to ensure compliance with the terms of use, privacy policy, ethics statement, and affiliate disclosure.
