Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor. ESET researchers have discovered a unique and previously undocumented loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. A loader is malicious code (a program) … More Wslink: Unique and undocumented malicious loader that runs as a server

ESET Research discovers ESPecter, a bootkit for cyberespionage

ESET researchers have discovered a previously undocumented real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which ESET has named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. ESPecter is the second discovery of a UEFI bootkit persisting on the ESP … More ESET Research discovers ESPecter, a bootkit for cyberespionage

Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws

The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML. The arrival of the second Tuesday of the month can only mean one thing in cybersecurity terms, Microsoft is rolling out patches for security vulnerabilities in Windows and its other offerings. This time round Microsoft’s … More Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws

Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack

The latest Patch Tuesday brings a new batch of security updates addressing a total of 117 vulnerabilities. The second Tuesday of the month is here, which means that Microsoft has rolled out patches for security vulnerabilities in Windows and its other products as part of its monthly Patch Tuesday bundle. This month’s batch of security updates brings … More Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack

Microsoft issues patch to fix PrintNightmare zero‑day bug

The out-of-band update fixes a remote code execution flaw affecting the Windows Print Spooler service. Microsoft on Wednesday released an emergency update to plug a vulnerability in  the Windows Print Spooler service that is being actively exploited in the wild. Dubbed PrintNightmare, the zero-day security flaw affects all versions of the Microsoft Windows operating system going back … More Microsoft issues patch to fix PrintNightmare zero‑day bug