New Emotet delivery method spotted during downward detection trend

Credit to Author: David Ruiz| Date: Wed, 28 Oct 2020 21:29:47 +0000

Emotet got a superficial facelift this week, hiding itself within a fake request asking users to update Microsoft Word to take advantage of new features.

Categories:

Tags:

(Read more…)

The post New Emotet delivery method spotted during downward detection trend appeared first on Malwarebytes Labs.

Read more

Microsoft Patch Alert: October 2020

Credit to Author: Woody Leonhard| Date: Thu, 22 Oct 2020 04:32:00 -0700

October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here

Read more

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday

Credit to Author: Greg Lambert| Date: Mon, 19 Oct 2020 04:09:00 -0700

This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final “change” for this release was a relatively minor update to Visual Studio – leading to no change in our recommendations in this benign update.)

To read this article in full, please click here

(Insider Story)

Read more

Microsoft Patch Alert: September 2020

Credit to Author: Woody Leonhard| Date: Mon, 28 Sep 2020 11:42:00 -0700

What September’s patching frenzy lacked in fireworks, it more than compensated for in volume – and belligerence. Server 2016 hiccups on Security Options. Win10 version 2004 surprises – Lenovo still hasn’t fixed its Blue Screen-inducing Biometric Security setting; the TRIM function still tries to trim spinning hard disks; for some, Start goes wonky, Action Center disappears, and there’s the usual litany of odd, one-off bug reports.

As of early today, we’re still waiting for the Win10 version 2004 “optional, non-security, C/D/E Week” patch, but all of the other expected September patches are in.

Defrag woes in Win10 version 2004 largely fixed, but TRIM still nips

As I’ve mentioned many times, Windows 10 version 2004 shipped with a bug that causes the Windows Optimizer Drives defrag tool to skip updating the completion date on defrag runs. As a result, defrags occur much more frequently than necessary. Microsoft has known about the bug since January – months before 2004 shipped — but didn’t bother to acknowledge it until a fix appeared this month.

To read this article in full, please click here

(Insider Story)

Read more

Microsoft puts Application Guard for Office into public preview

Credit to Author: Gregg Keizer| Date: Wed, 09 Sep 2020 13:34:00 -0700

Microsoft has launched a public preview of “Microsoft Defender Application Guard for Office,” a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can’t reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operation – something that existing documentation omitted when the public preview was launched late last month.

“Microsoft Office will open files from potentially unsafe locations in Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization,” John Barbare wrote in a post to a Microsoft blog. “When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit, print, and save the files without having to re-open files outside of the container.”

To read this article in full, please click here

Read more

Microsoft Patch Alert: August 2020

Credit to Author: Woody Leonhard| Date: Mon, 31 Aug 2020 17:23:00 -0700

With Windows 10 2004 gradually creeping (I use the term intentionally) onto more machines, faults and foibles are coming out of the woodwork. It looks like a fix for the long-lamented version 2004 defrag bugs is on the way, but we aren’t there yet. Lenovo isn’t too happy with the August version 2004 cumulative update. It’s still too early to move to 2004, in my opinion — and those problems ensure I’ll keep 2004 off my machines for a while.

Meanwhile, Microsoft extended the end of support date for Win10 version 1803 — a move that’ll interest exactly nobody except for admins with aging Win10 machines. Windows 8.1 patchers got left out in the Remote Access cold for a week. The .NET security updates have an odd, acknowledged bug with a manual registry workaround.

To read this article in full, please click here

Read more

A week in security (August 3 – 9)

Credit to Author: Malwarebytes Labs| Date: Mon, 10 Aug 2020 15:30:00 +0000

A roundup of cybersecurity news from August 3 – 9, including a look at business email compromises, a new data privacy bill, and the Inter skimming attack.

Categories:

Tags:

(Read more…)

The post A week in security (August 3 – 9) appeared first on Malwarebytes Labs.

Read more

Microsoft Patch Alert: July 2020

Credit to Author: Woody Leonhard| Date: Thu, 30 Jul 2020 11:49:00 -0700

July tends to be a leisurely month in Windows and Office patch land, and this one’s no exception.

We had a bit of a thrill July 15 when Outlook stopped working on millions of PCs all over the world, but Microsoft fixed the bug four hours later by updating its servers.

Folks who pay for Windows 7 Extended Security Updates felt rightfully miffed when the new .NET Framework 4.8 patch, KB 4565636, refused to install. Microsoft took nine days to fix the bug and re-ship the patch.

To read this article in full, please click here

Read more