A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked … [Read more...] about Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
windows
Protecting Android, Windows, and Linux devices against being tracked via the Find My network
AirTags are a popular tracking device used by anyone from forgetful key owners to those with malicious intent, such as jealous spouses and car thieves. Using AirTags for spying is simple: a tag is discreetly placed on the target to allow their movements to be conveniently monitored using Apple Find My. We’ve even added protection from AirTag-based tracking to our products for … [Read more...] about Protecting Android, Windows, and Linux devices against being tracked via the Find My network
Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows
In early 2025, the Chinese chatbot, DeepSeek, burst onto the AI scene. It provoked much comment and controversy across the globe: we could hardly fail to spot the similarity of its logo to our own, comparisons with ChatGPT were abundant, and in Italy, South Korea, Australia, and other countries, DeepSeek was blocked altogether. The hype was — and remains — intense, including … [Read more...] about Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows
LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that's capable of infecting both Windows and Apple systems with an aim to harvest data. It was first … [Read more...] about LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
Collecting Windows telemetry with Elastic: An introduction to the ETW Filebeat input
From this output, we can see that the provider Microsoft-Windows-DNSServer offers several keywords for filtering specific event types, such as QUERY_RECEIVED, RESPONSE_SUCCESS, RESPONSE_FAILURE, and others — each represented by a unique hex code. Additionally, it provides levels (Error, Warning, Informational) that specify the severity of events that can be captured.The … [Read more...] about Collecting Windows telemetry with Elastic: An introduction to the ETW Filebeat input
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
Oct 13, 2024Ravie Lakshmanan The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for … [Read more...] about OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
Aug 23, 2024Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant … [Read more...] about New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
Aug 05, 2024Ravie LakshmananThreat Intelligence / Vulnerability Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in … [Read more...] about Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
Technical Details: Falcon Update for Windows Hosts
What Happened? On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems. The … [Read more...] about Technical Details: Falcon Update for Windows Hosts
Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide
Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not … [Read more...] about Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide