https://arstechnica.com/information-technology/2017/02/no-more-superglued-usb-ports-surface-hardware-can-be-locked-down-in-firmware/
Tags: #Microsoft #Windows #hardware #security
Tags: #Microsoft #Windows #hardware #security
Ars Technica
No more superglued USB ports: Surface hardware can be locked down in firmware
Windows Hello biometrics come to regular domain-joined systems in the Creators Update.
https://www.bleepingcomputer.com/news/software/google-expert-ports-windows-defender-to-linux-to-showcase-new-tool/
Tags: #Linux #Windows #efficiency #debug
Tags: #Linux #Windows #efficiency #debug
BleepingComputer
Google Expert Ports Windows Defender to Linux to Showcase New Tool
Tavis Ormandy, the most famous of Google's security experts, has ported Windows Defender DLLs to Linux with the aid of a new tool he released today on GitHub.
https://www.windowscentral.com/windows-insiders-do-not-install-any-new-builds-being-offered-pc-or-mobile-right-now
Tags: #Windows
Tags: #Windows
Windows Central
Windows Insiders: Do not install any new builds being offered on PC or Mobile right now! [Updated]
Microsoft is having some major issues with its Windows Insider Program right now, on all rings affecting many different device types. Do not install any builds offered to you right now.
https://www.theverge.com/2017/7/10/15949096/ubuntu-windows-10-store-linux-distro-sandbox-available-now
Tags: #Windows #Linux
Tags: #Windows #Linux
The Verge
Ubuntu is now available for download on the Windows Store
Microsoft announced at its Build 2017 developer conference earlier this year that Ubuntu would be heading to the Windows Store, and now the popular Linux distro is available to download. Ubuntu —...
https://securelist.com/cowersnail-from-the-creators-of-sambacry/79087
Tags: #security #Windows #malware
Tags: #security #Windows #malware
Securelist
CowerSnail, from the creators of SambaCry
We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible…
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
TL;DR: WSL (Windows Subsystem for Linux) can be a new vehicle for injecting malwares ("Bashwares") and it can be actived even if the user didn't.
Tags: #windows #security #malware #wsl
TL;DR: WSL (Windows Subsystem for Linux) can be a new vehicle for injecting malwares ("Bashwares") and it can be actived even if the user didn't.
Tags: #windows #security #malware #wsl
Check Point Research
Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions - Check Point Research
With a growing number of cyber-attacks and the frequent news headlines on database breaches, spyware and ransomware, quality security products have become a commodity in every business organization. Consequently a lot of thought is being invested in devising…
https://github.com/rapid7/metasploit-framework/pull/9473
NSA's tools for Windows from which WannaCry & Co. generated, got modified to work on every Windows version, from 2000 to 10.
Tags: #windows #security #exploit
NSA's tools for Windows from which WannaCry & Co. generated, got modified to work on every Windows version, from 2000 to 10.
Tags: #windows #security #exploit
GitHub
MS17-010 EternalSynergy / EternalRomance / EternalChampion aux+exploit modules · Pull Request #9473 · rapid7/metasploit-framework
MS17-010 Windows SMB Remote Command and Code Execution modules for all vulnerable targets Windows 2000 through 2016 (and of course the standard home/workstation counterparts).
auxiliary/admin/smb/...
auxiliary/admin/smb/...
https://nakedsecurity.sophos.com/2018/06/28/windows-10-security-can-be-bypassed-by-settings-page-weakness/
Perhaps Microsoft won't ever fix this because "it's not a bug, it's a feature". Through this, you can execute cmd and Powershell commands.
Tags: #windows #security
Perhaps Microsoft won't ever fix this because "it's not a bug, it's a feature". Through this, you can execute cmd and Powershell commands.
Tags: #windows #security
Naked Security
Windows 10 security can be bypassed by Settings page weakness
The file type used by Windows 10’s settings page can be used to trick Windows into running files it’s supposed to block.