Pierluigi Paganini
May 04, 2018
The problems with the mitigations for the Meltdown flaw continue a security researcher has demonstrated that the Meltdown patch in Windows 10 can be bypassed. The Windows Internals expert Alex Ionescu discovered that a Meltdown patch issued for Windows 10 is affected by a severe vulnerability that could be exploited to bypass it. “Calling NtCallEnclave returned back […]
Pierluigi Paganini
May 03, 2018
Microsoft released an out of band update to address a critical remote code execution vulnerability in the Windows Host Compute Service Shim library (hcsshim). Microsoft announced that it has issued a security update to address a critical remote code execution vulnerability in the Windows Host Compute Service Shim library (hcsshim). The Windows Host Compute Service […]
Pierluigi Paganini
April 28, 2018
Bitdefender researcher Marius Tivadar has developed a dodgy NTFS file system image that could trigger a blue-screen-of-death when a mount is attempted on Windows 7 and 10 systems. The Bitdefender expert Marius Tivadar has discovered a vulnerability tied the way Microsoft handles of NTFS filesystem images, he also published a proof-of-concept code on GitHub that could be used to […]
Pierluigi Paganini
March 28, 2018
A security researcher discovered that some of the Windows updates released by Microsoft to mitigate the Meltdown flaw introduce a severe bug. Meltdown and Spectre security updates made the headlines again, according to the security researcher Ulf Frisk some of them issued for Windows introduce a severe flaw. The Meltdown and Spectre security updates released by Microsoft in January and […]
Pierluigi Paganini
March 13, 2018
Security experts at firm Preempt Security discovered a critical vulnerability in Credential Security Support Provider protocol (CredSSP) that affects all versions of Windows to date. The flaw, tracked as CVE-2018-0886, could be used by a remote attacker to exploit RDP (Remote Desktop Protocol) and Windows Remote Management (WinRM) to steal data and run malicious code. The vulnerability is […]
Pierluigi Paganini
March 03, 2018
Microsoft announced this week the release of the microcode updates to address the Spectre vulnerability. Last week Intel released microcode to address the CVE-2017-5715Spectre vulnerability for many of its chips, let’s this time the security updates will not cause further problems. The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also […]
Pierluigi Paganini
February 14, 2018
Good news for administrators of Windows systems, Microsoft has added a Meltdown-and-Spectre detector to its telemetry analysis tool Windows Analytics. Microsoft has added a Meltdown-and-Spectre detector to its telemetry analysis tool Windows Analytics. The Meltdown-and-Spectre detector was available since Tuesday when Microsoft announced the new capabilities implemented in the free Windows Analytics service. The new capabilities allow […]
Pierluigi Paganini
December 07, 2017
Experts devised a new attack technique dubbed Process Doppelgänging, that could be implemented by vxers to bypass most antivirus solutions. A group of security researchers from Ensilo discovered a new malware evasion technique, dubbed Process Doppelgänging, that could be implemented by vxers to bypass most antivirus solutions and security software. The technique is a fileless code […]
Pierluigi Paganini
November 15, 2017
Powerdown the PowerShell Attacks : Harnessing the power of logs to monitor the PowerShell activities Lately, I have been working on analyzing the PowerShell attacks in my clients’ environment. Based on the analysis and research, I have come up with a few indicators that will help to detect the potential PowerShell attacks in your environment […]
Pierluigi Paganini
October 28, 2017
Microsoft fixed a vulnerability that could allow hackers to steal Windows login credentials without any user interaction. Microsoft fixed a serious vulnerability that could allow attackers to steal Windows NTLM password hashes without any user interaction. The tech giant patched the issues only for recent versions Windows (Windows 10 and Server 2016), to trigger the flaw […]
