22 Nov, 2024

Windows Smart App Control, SmartScreen bypass exploited since 2018

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. Smart App Control is a reputation-based security feature that uses Microsoft’s app intelligence services for safety predictions and Windows’ code integrity features to identify and block untrusted (unsigned) […]

3 mins read

CISA warns of VMware ESXi bug exploited in ransomware attacks

CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. Broadcom subsidiary VMware fixed this flaw (CVE-2024-37085) discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user […]

2 mins read

New Specula tool uses Outlook for remote code execution in Windows

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017. “In […]

3 mins read

NVIDIA Begins Sampling Its Next-Gen AI Powerhouse, Blackwell, All Over The World, Mass Production On-Track

NVIDIA will begin sampling the first Blackwell AI accelerators across the globe this week as the firm demonstrates unparalleled performance with its next-gen architecture. NVIDIA CEO Jensen Huang Provides Update On Blackwell At The SIGGRAPH, Sampling Starts This Week, Also Reveals Several New “AI Bits” It was a delight to see NVIDIA’s CEO Jensen Huang […]

3 mins read

Proofpoint settings exploited to send millions of phishing emails daily

A massive phishing campaign dubbed “EchoSpoofing” exploited now-fixed, weak permissions in Proofpoint’s email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. The campaign started in January 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14 […]

4 mins read

How to Make Windows 11 Look and Feel Like Windows 10

Nearly three years after it came out and a year before Windows 10 reaches its end of life, Windows 11 still accounts for only 29% of PC operating system installs, with its predecessor accounting for 66%. One reason: a lot of people don’t like the subtle changes in Windows 11’s user interface, from its bloated Start menu to its […]

17 mins read

Windows 11 taskbar has a hidden “End Task” feature, how to turn it on

Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar, but it’s turned off by default. How It Works When the “End Task” feature is enabled, you can right-click on an app icon in the taskbar and see an “End Task” option. When you select this option, […]

1 min read

July Windows Server updates break Remote Desktop connections

Microsoft has confirmed that July’s security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. “Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. […]

2 mins read

Google Criticized for Abandoning Cookie Phase-Out

Google has been criticized for its decision to abandon plans to phase out third-party cookies in the Chrome browser, with privacy experts accusing the firm of prioritizing advertising revenue over user privacy. On July 22, Anthony Chavez, VP of the Privacy Sandbox initiative at Google, revealed the tech giant will no longer be deprecating third-party […]

4 mins read