FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayThe Hacker News

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

By Ravie Lakshmanan
A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.Β  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via theΒ Log4Shell vulnerabilityΒ against an unpatched VMware Horizon Server. "Once initial

Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access

By Ravie Lakshmanan
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to aΒ new warningΒ from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

By Ravie Lakshmanan
Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise theΒ security baselineΒ to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

By Ravie Lakshmanan
Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education

Researchers Warn of Raspberry Robin's Worm Targeting Windows Users

By Ravie Lakshmanan
Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities.Β  Describing it as a "persistent" and "spreading" threat, CybereasonΒ saidΒ it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing
❌