A specialist from SafeBreach has figured out how to turn the popular EDR (endpoint detection and response) and Microsoft, SentinelOne, TrendMicro, Avast and AVG antiviruses into wipers. To do this, the expert used the data deletion functionality built into security products.

Or Yair of SafeBreach writes that attackers can exploit the security solutions already in the target system for their destructive attacks.

Let me remind you that we also said about Critical Bug in VMware Products, and also that PoC Exploit for Critical Vulnerability in Fortinet Products Appeared.

Or Yair

This will make attacks stealthier, and hackers won’t have [...]

Due to a bug in an update, Microsoft Defender incorrectly identified Google Chrome, Microsoft Edge, Discord, Spotify, and other Electron apps as a Win32/Hive.ZY threat every time they ran on Windows.

Let me remind you that we also said that Microsoft Defender Scanner for Log4j Problems finds non-existent bugs, and also that LockBit Ransomware Uses Windows Defender to Download Cobalt Strike.

The problem of false positives manifested itself last weekend, after the release of signature update 1.373.1508.0. This update includes two new threats, including the already mentioned Win32/Hive.ZY. Microsoft writes that this is a universal identifier for suspicious behavior, which will [...]

Eclypsium experts have discovered that a number of third-party UEFI bootloaders can be used to bypass UEFI Secure Boot protection, allowing attackers to execute malicious code before the operating system boots.

Let me remind you that we also said that Zloader Trojan Disables Microsoft Defender on Victims’ Systems.

The researchers remind that Secure Boot is part of the UEFI specification and is designed to protect the OS boot process so that only trusted code signed with a special certificate is executed within it.

Experts write that three Microsoft-approved UEFI bootloaders at once had vulnerabilities that allowed them to bypass Secure Boot and execute unsigned [...]

LockBit 3.0 ransomware operators abuse the Windows Defender command line tool to download Cobalt Strike beacons on compromised machines and avoid detection.

It is worth recalling that Cobalt Strike is a legitimate commercial tool designed for pentesters and the red team and focused on exploitation and post-exploitation.

Unfortunately, it has long been loved by hackers ranging from government APT groups to ransomware operators. Although Cobalt Strike is quite expensive and inaccessible to ordinary users, attackers still find ways to use it (for example, rely on old, pirated and hacked versions).

Let me remind you that we also reported that Zloader Trojan Disables [...]

Microsoft Defender for Endpoint now comes with a new troubleshooting mode to help Windows administrators test Microsoft Defender Antivirus performance and run compatibility scripts without blocking intrusion protection.

The new antivirus mode is in early access and allows administrators to disable or change tamper protection settings when diagnosing applications or troubleshooting. The feature is only available for enterprises and is disabled by default. The service requires access to Microsoft 365 Defender.

Let me remind you that we also wrote that Windows Defender creates thousands of files in Windows 10 due to a bug, and also that Microsoft Defender for Endpoint and [...]

Due to the continuing global shortage of chips, Canon is in a rather curious situation and is sending out instructions to customers on how to bypass the protection of their own cartridges.

It is difficult for a company to obtain the necessary components for their ink cartridges that validate their legitimacy for their printers.

Therefore, Canon printers often do not recognize genuine cartridges and consider them to be counterfeit, and the company has to explain to customers how they can bypass its own security system.

Semiconductor shortage leads to Canon selling toner cartridges without chips which usually identify them as genuine, so Canon now instructs customers on how [...]

The media reports that Microsoft Defender for Log4j problems is showing false warnings about some kind of “sensor hack” associated with the recently deployed Microsoft 365 Defender scanner for Log4j processes.

According to Bleeping Computer, such warnings mostly appear on Windows Server 2016 systems and says: “Microsoft Defender for Endpoint has detected possible sensor tampering with memory.” These warnings apply to the OpenHandleCollector.exe process.

Microsoft representatives have already told outraged administrators that there is really nothing to worry about, as these are false positives. It is known that at the present time the [...]

Microsoft has launched a special portal through which users and information security researchers can report malicious and suspicious drivers.

The new Vulnerable and Malicious Driver Reporting Center is essentially a web form that allows users to download a copy of a suspicious driver, which will then be analysed by Microsoft’s automated scanner.

The fact is that in recent years, malicious drivers are increasingly used by major APTs and other cybercriminals. Most often, cybercriminals abuse vulnerabilities in old and unpatched drivers, or even deliberately downgrade and install older drivers into the system (for example, to gain administrator rights on a compromised [...]

Microsoft confirmed the existence of a new bug affecting Windows Serve-based devices due to which Microsoft Defender for Endpoint doesn’t start. The problem prevents the launch of a security solution from Kaspersky.

Endpoint Security Platform (formerly known as Microsoft Defender Advanced Threat Protection or Defender ATP) may not launch on devices with Windows Server Core installed. The issue is known to only affect devices with KB5007206 on Windows Server 2019 and KB5007205 on Windows Server 2022.

“After installing KB5007205 (or later updates), Microsoft Defender for Endpoint may not start on devices with Windows Server Core installed.”reported in company.

It is [...]

Microsoft cybersecurity specialist shared some interesting statistics: most cybercriminals prefer to brute-force passwords no longer than 7 characters, and only a small percentage of attacks target long passwords containing special characters.

The researcher collected statistics for this analysis from numerous honeypot servers, which he manages on duty, studying the trends among attackers:

I analyzed the credentials used in over 25,000,000 brute-force attacks on SSH. In 77% of cases, brute force was directed to passwords from 1 to 7 characters. A password longer than 10 characters was encountered only in 6% of cases.Ross Bevington, a Microsoft expert, told the company.

The [...]