A post-intrusion technique developed by researchers at CyberArk Labs called BoundHooking allows attackers to exploit a feature in all Intel chips introduced since Skylake. The attack technique allows for the execution of code from any process without detection by antivirus software or other security measures, researchers said.
According to CyberArk, a BoundHooking attack exploits the Intel feature called Memory Protection Extension (MPX) to hook function calls that pass between software components. That allows for an adversary to manipulate and spy on a wide range of Windows applications.Read more
Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.
The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it in separate interviews. Microsoft declined to discuss the incident. The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system.Read more
A researcher is warning that a programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime, including potentially malicious files. However, Microsoft does not view the issue as a security threat.
According to Omri Misgav, security researcher at enSilo, the bug affects all Windows operating systems from Windows 2000 to Windows 10. Specifically, the flaw pertains to a security mechanism called PsSetLoadImageNotifyRoutine, which provides notifications when PE image files are loaded in runtime to virtual memory space.Read more
Hackers are calling MPs and trying to trick them into revealing their personal parliamentary details. Politicians and aides have been warned that hackers are posing as parliamentary officials asking for their passwords.
The warning comes after Parliament suffered its biggest ever cyber attack as hackers launched a "sustained and determined" attempt to break into emails. Parliament was forced to lock MPs out of their accounts. Parliamentary officials have said that hackers are still attempting to gain access. The message sent to MPs and staff warned: "This afternoon we've heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.Read more
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft warned on Tuesday.
What are Azure AD and Azure AD Connect? Microsoft Azure AD (Active Directory) is often used by enterprises to provide employees and business partners single sign-on access to cloud SaaS Applications (e.g. Office365, DropBox, etc.). It can also be integrated with an organization’s existing Windows Server Active Directory, so that they can use existing on-premises identity solutions to manage access to cloud based SaaS applications.Read more
The major premise justifying Windows 10 S, the new variant of Windows 10 that can only install and run applications from the Windows Store, is that by enforcing such a restriction, Windows 10 S can offer greater robustness and consistency than regular Windows.
For example, apps from the Windows Store can't include unwanted malicious software within their installers, eliminating the bundled spyware that has been a regular part of the Windows software ecosystem. If Windows 10 S can indeed provide much stronger protection against bad actors then its restrictions represent a reasonable trade-off.Read more
A portion of Microsoft’s Windows 10 source code has leaked online. Files related to Microsoft’s USB, storage, and Wi-Fi drivers in Windows 10 were posted to Beta Archive.
Beta Archive is a site that tracks Windows releases, and asks members to donate money or contribute something Windows-related if they access a free private FTP full of archived Windows builds. The leaked code was published to Beta Archive’s FTP, and is part of Microsoft's Shared Source Kit. “Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners,” reveals a Microsoft spokesperson.Read more
Microsoft-owned Skype is suffering widespread borkage that has left many unable to access the service. Problems first began on Monday, with Skype admitting that its users had been plagued by connectivity problems. "We are aware of an incident where users will either lose connectivity to the application and may be unable to send or receive messages," it said.
"Some users will be unable to see a black bar that indicates them that a group call is ongoing, and longer delays in adding users to their buddy list." Despite claiming at around 1.45am UK time that the connectivity issues had been resolved, problems are continuing into Tuesday.Read more
Russian security software maker Kaspersky Lab has filed antitrust complaints against Microsoft with the European Commission and the German federal cartel office, it said in a statement on Tuesday.
Kaspersky Lab said Microsoft was abusing its dominance in the PC operating system market, creating obstacles for independent software security vendors by distributing its own Defender anti-virus software with the ubiquitous Windows operating system. Microsoft built the anti virus software into Windows, saying this protected users but Kaspersky said it was anti-competitive. Microsoft said in a statement on Tuesday that it had not violated any laws.Read more
A newly discovered malware infection is masquerading in the form of a Microsoft PowerPoint file which downloads the infection as soon as users hover over a link. The file is sent as an attachment through email to victims.
The attachment may sometimes even contain zip files, which when extracted show the PowerPoint files. While PowerPoint files are written as PPTX, this file that comes attached in the mail reads as PPSX. The file format is identical to PowerPoint files but they enter the PowerPoint presentation view directly when opened. On opening a blank page, there is a message written in bright blue font saying, "Loading Please Wait" which is the malicious link.Read more