Weird first sentence?
a strain of Windows?? No, I haven't been round the pub... yet! Maybe a strain of Malware? But perhaps you're right!
A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. A macOS variant exists that uses Bash to achieve the same and also targets Safari. The makers of the ChromeLoader software nasty ensure their malware is persistent once on a system and is difficult to find and …
Sounds a lot like you need to run that "game" (that you downloaded from a dodgy web site) as an admin. If so, I hardly think it counts as a hole. I could "inject" malware into crontab on a Linux system if I had the privileges. It's what the damn thing is designed for!
It is fun to see different examples of the mischief that people can get up to once they've taken over your system and it gives us more examples to use to convince our friends that they really shouldn't be running anything as admin if they can possibly avoid it, and certainly not if they've got it from a "helpful" site that meant they didn't have to pay for it. But it is hardly news.
"I thought autorun being on by default was changed in Vista"
I was wonderng the same thing.
I know there was a big problem with USB flashdrives back in the Windows XP days that contained a hidden, read-only partition that held an ISO image like a CD-ROM to autorun portable apps through U3 technology that was being abused.
A hacked (Memorex?) program aloowed you to modify this ISO to inject your own ISO to autorun the exeuctables hidden in your ISO.
"using functionality from an imported Task Scheduler COM API"
I guess you never worked in an organization's IT shop.
Many organizations want to run the same tasks on all their machines. Third party task schedulers facilitate this process. But for it to work Microsoft's Task Scheduler HAS to have an import mechanism.
"Windows" are normally easily opened for the fresh air and insects to fly though the room, maybe we should switch to a new OS called "Stonewall"?
Modern things are designed to be easy to use, that's far more important to the creators than stone wall security. So nothing much is going to change until we create a new OS that is totally secure, maybe it will be hard to add the modern "easy to use" features but I think that safer to use is where we need to head to these days.
The totally secure OS is a myth, because people. Even an embedded, off network system usually have some means of personnel interaction at some level. And it might not be so off network as you thought.
Checks and balances; multiple layers, audit and penetration testing are necessary to stay on top of ones game. Changing personnel and skillsets doing those tasks is also recommended.
This is paranoid, but working on the assumption that everything either is, or will be broken in your tenure is a necessary evil when you actually do have something worth securing to that extent.
In consumer OS land; WIndows, Apple, Android or iOS; basically you're screwed. So don't put material you care about securing on them. (Some variants are better than others - but none by any means ideal).
Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks.
Some have therefore suggested the tool is a liability that should be disabled in the interest of improved security.
But on Wednesday national cybersecurity agencies from the US, UK, and New Zealand decided that's a bit drastic. Instead, the agencies recommend securing PowerShell prudently.
Jeffrey Snover's lengthy and occasionally controversial term at Microsoft is to come to an end this week, as the PowerShell inventor sets off for pastures new after more than two decades at the Windows giant.
The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.
Once the data – including the user's name, the card's numbers and expiration information – is exfiltrated, the malware will send it to command-and-control (C2) servers that are different than the one that the card stealer module uses, according to researchers with cybersecurity vendor Proofpoint's Threat Insight team.
The new card information module is the latest illustration of Emotet's Lazarus-like return. It's been more than a year since Europol and law enforcement from countries including the United States, the UK and Ukraine tore down the Emotet actors' infrastructure in January 2021 and – they hoped – put the malware threat to rest.
Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.
Dubbed Symbiote, the badware instead hijacks the environment variable (LD_PRELOAD) the dynamic linker uses to load a shared object library and soon infects every single running process.
The Intezer/BlackBerry team discovered Symbiote in November 2021, and said it appeared to have been written to target financial institutions in Latin America. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil.
Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyberattacks.
A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.
It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.
Microsoft is extending the Defender brand with a version aimed at families and individuals.
"Defender" has been the company's name of choice for its anti-malware platform for years. Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "the protection already built into Windows Security beyond your PC."
The system comprises a dashboard showing the status of linked devices as well as alerts and suggestions.
The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.
In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.
"Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."
In brief A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents.
Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.
The new capabilities make the ransomware, first detected in November 2021 - and the developer behind it even more dangerous - according to researchers with Palo Alto Networks' Unit 42 threat intelligence group. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.
"While the ransomware functionality is nothing new, during our research, following the lines, we found out the ransomware is most likely developed by a threat actor named x4k," the researchers wrote in a blog post.
Brave CEO Brendan Eich took aim at rival DuckDuckGo on Wednesday by challenging the web search engine's efforts to brush off revelations that its Android, iOS, and macOS browsers gave, to a degree, Microsoft Bing and LinkedIn trackers a pass versus other trackers.
Eich drew attention to one of DuckDuckGo's defenses for exempting Microsoft's Bing and LinkedIn domains, a condition of its search contract with Microsoft: that its browsers blocked third-party cookies anyway.
"For non-search tracker blocking (e.g. in our browser), we block most third-party trackers," explained DuckDuckGo CEO Gabriel Weinberg last month. "Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon."
Biting the hand that feeds IT © 1998–2022