Ransomware group LockBit has claimed responsibility for the June hack of cybersecurity firm Entrust. Hackers have already begun to publish data stolen from the company on their “leak site”.

Let me remind you that we also wrote that Grouping LockBit Announced the Hacking of the Information Security Company Mandiant, and also that LockBit Ransomware Uses Windows Defender to Download Cobalt Strike.

The Entrust hack became known back in June 2022. Then Bleeping Computer reported that the company suffered from te ransomware attack, during which data was stolen from its systems. Representatives of Entrust confirmed to reporters the fact of hacking, but did not provide any details of [...]

The security advisories that MITER specialists publish for various CVEs contained links to remote administration consoles for a number of affected devices. Users accidentally noticed an error that has existed since April.

Journalists from Bleeping Computer report that a reader reported the problem to them, who was very surprised to find several references to vulnerable systems listed in the “references” section in the CVE bulletin.

Typically, this section provides links to primary sources (report, blog post, PoC demo) that explain the vulnerability. Sometimes security bulletins do include links confirming the existence of a vulnerability, but usually they lead to [...]

The media reports that Microsoft Defender for Log4j problems is showing false warnings about some kind of “sensor hack” associated with the recently deployed Microsoft 365 Defender scanner for Log4j processes.

According to Bleeping Computer, such warnings mostly appear on Windows Server 2016 systems and says: “Microsoft Defender for Endpoint has detected possible sensor tampering with memory.” These warnings apply to the OpenHandleCollector.exe process.

Microsoft representatives have already told outraged administrators that there is really nothing to worry about, as these are false positives. It is known that at the present time the [...]

Microsoft confirmed the existence of a new bug affecting Windows Serve-based devices due to which Microsoft Defender for Endpoint doesn’t start. The problem prevents the launch of a security solution from Kaspersky.

Endpoint Security Platform (formerly known as Microsoft Defender Advanced Threat Protection or Defender ATP) may not launch on devices with Windows Server Core installed. The issue is known to only affect devices with KB5007206 on Windows Server 2019 and KB5007205 on Windows Server 2022.

“After installing KB5007205 (or later updates), Microsoft Defender for Endpoint may not start on devices with Windows Server Core installed.”reported in company.

It is [...]

The researchers, with the support of information security companies, managed to teach a special algorithm to guess 4-digit PIN-codes from bank cards when a victim works with an ATM. The attack works in 41% of cases, even if the person covers the keyboard with his hand while typing.

Bleeping Computer says that to fine-tune the algorithm, reseacyers will need a copy of the keyboard of the target ATM, since it is necessary to take into account the specific dimensions and spacing of the keys. On such a layout, using machine learning and a video of people entering PIN codes, the algorithm learns to recognize different keystrokes and assign certain probabilities to different sets of [...]

Researchers report that a Fortinet VPN credential list of nearly 500,000 usernames and passwords is being distributed on hacker forums.

These credentials were allegedly copied from vulnerable devices last summer. The attackers say that the vulnerability used to collect information has already been fixed, but many of the credentials are still valid.

Bleeping Computer writes that the list of credentials was released free of charge by hacker Orange, who is the administrator of the recently launched hack forum RAMP and a former operator of Babuk.

Previously, due to disagreements between members of the hack group Bubuk, Orange separated from the team to found RAMP, [...]

Autodesk representatives notified the US Securities and Exchange Commission that they also suffered from large-scale supply chain attack and hack of SolarWinds.

It turned out that one of the company’s servers was infected with Sunburst malware.

We identified a compromised SolarWinds server and took immediate steps to contain and eliminate the threat. While we believe that Autodesk’s customer operations and products were not affected by this attack, other similar attacks could have a significant negative impact on our systems and operations.the company said in a statement.

An Autodesk spokesman told Bleeping Computer that the attackers did not deploy any malware on [...]

The latest update to Microsoft Defender Antivirus for Windows 10 allows using it to download viruses, malware, and other files to Windows computer. [dropcap]Security[/dropcap] researcher Muhammad Askar discovered this ability to download malware.

The Microsoft Defender Command Line Tool update now includes a new command line argument -DownloadFile. The directive allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using a dedicated command.

“Well, you can download a file from the internet using Windows Defender itself. In this example, I was able to download Cobalt Strike beacon [...]

Bleeping Computer reporters noticed that recently Windows 10 and Windows Defender consider the hosts file (C:\Windows\system32\driver\etc\hosts) to be malicious if it contains settings that block telemetry collection.

According to the publication, since the end of July, the modified hosts file has been identified as posing a threat “SettingsModifier: Win32/HostsFileHijack“. If the user clicks on “More” after receiving such a warning, nothing is explained to him, only he is told that the file exhibits “potentially unwanted behavior.”

If the user agrees to eliminate the “threat”, the system will clear the hosts file and [...]