-
A sophisticated cybercriminal group known as Lunar Spider successfully compromised a Windows machine through a single malicious click, establishing a foothold that allowed them to harvest credentials and maintain persistent access for nearly two months…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Windows heap management demonstrates how improper handling of record-size fields enables arbitrary memory read and write operations. Suraj Malhotra shared a detailed exploitation technique leveraging the Low Fragmentation Heap (LFH) mechanism to achieve code execution on Windows systems. Windows Heap Exploitation Vulnerability The Windows NT Heap operates through FrontEnd and BackEnd […] The post Windows Heap Exploitation Vulnerability With Record’s Size Field Leads to Arbitrary R/W appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise. Attackers leveraged native Windows utilities to dump and exfiltrate NTDS.dit, bypassing standard defenses. The adversary in this case obtained DOMAIN ADMIN privileges via a […] The post Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors recently infiltrated a corporate environment, dumped the AD database file NTDS.dit, and nearly achieved full domain control. AD acts as the backbone of Windows domains, storing account data, group policies, and password hashes. Compromise…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Trend Micro have discovered a new and dangerous variant of LockBit ransomware that targets Windows, Linux, and VMware ESXi systems, utilizing advanced obfuscation techniques and sophisticated cross-platform capabilities. Ad…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since mid-July, affiliates of the service have been distributing a ZIP…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms. By polling world-writable directories such as %TEMP%, %APPDATA%, and %USERPROFILE%\Downloads, the tool intercepts installer‐dropped payloads before they execute with elevated privileges, enabling full SYSTEM […] The post SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Hacker House have released SetupHijack, a proof-of-concept tool that exploits race conditions and insecure file handling in Windows installers and updaters. The utility demonstrates how attackers can hijack privileged setup proc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a recently observed campaign emerging from Israel, threat actors have revived the use of Windows shortcut (.LNK) files to deliver a potent Remote Access Trojan (RAT). These seemingly innocuous shortcut files exploit Living-off-the-Land Binaries (LOL…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are leveraging the legacy Windows error‐reporting utility WerFaultSecure.exe to extract the memory region of the Local Security Authority Subsystem Service (LSASS.EXE) and harvest cached credentials from fully patched Windows 11 24H2 systems. After gaining initial access to a host, adversaries frequently seek to dump LSASS memory to escalate privileges and move laterally across […] The post Hackers Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From LSASS on Windows 11 24H2 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
