We often find built-in Windows defences disabled or misconfigured during assessments. Those same controls can help stop credential theft, boot-level malware, and memory attacks when properly configured.
In our latest blog post, Nicole walks through five Windows security features you should be using, explains what they do, why they matter, and how to check them on your systems.
#windowssecurity #incidentresponse #endpointsecurity #cybersecurity #dfir
ASUS has patched a high-severity local privilege escalation flaw (CVE-2025-59373) in MyASUS that allowed elevation to NT AUTHORITY/SYSTEM via the System Control Interface Service. Patch now shipped through Windows Update with updated versions for x64 and ARM.
#infosec #vulnerability #ASUS #WindowsSecurity #patchmanagement #CVE2025
ClickFix operators are now using fake full-screen âWindows Updateâ pages to push victims into running malicious commands. Combined with steganographic loaders and in-memory execution, these campaigns continue to evolve.
What detection or user-training approach do you think works best today?
Source: https://www.helpnetsecurity.com/2025/11/25/fake-windows-update-screen-clickfix/
Follow @technadu for ongoing threat-intel breakdowns and practical defense insights.
#Infosec #ThreatIntel #ClickFix #EDR #CyberHygiene #MalwareTrends #SecurityOps #WindowsSecurity #InfoStealer
The decades-old Finger protocol is being abused in new ClickFix malware campaigns. Attackers are using Finger to pull remote commands onto Windows systems, leading to Python-based malware or NetSupport RAT infections. Newer variants even check for analysis tools before execution.
Anyone else seeing Finger traffic or legacy protocol misuse recently?
Follow for more updates.
#Malware #ClickFix #InfoSec #ThreatIntel #WindowsSecurity #CyberSecurity #RAT #LegacyProtocols #DefensiveSecurity
Three Windows GDI flaws - including critical CVE-2025-53766 - could allow RCE or data leaks.
Patched across MayâAug 2025 updates.
Stay updated.
https://www.technadu.com/windows-gdi-flaws-expose-systems-to-critical-threats-including-rce-and-data-leaks/612505/
The ULTIMATE Windows Privacy & Security Guide!
Blocking Remote Use of Local Accounts http://dlvr.it/TNzK04 #CyberSecurity #ActiveDirectory #WindowsSecurity #ITSecurity
Qilin ransomware just upped its gameâusing Windowsâ Linux subsystem to sneak past defenses. Could your system be the next target? Dive into how attackers are blurring the lines between OSes to fly under the radar.
#qilinransomware
#wslsecurity
#hybridthreats
#windowssecurity
#linuxransomware
đ¨ EDR-Redir exploit uses Windowsâ Bind & Cloud Filter drivers to redirect or isolate EDR folders from user mode - no kernel privileges required.
Demoed by TwoSevenOneT, it breaks Elastic Defend, Sophos, and even disables Defender via CFAPI corruption.
Minifilter abuse is becoming the new weak link in EDR design.
đŹ Thoughts on how vendors should adapt?
Follow TechNadu for continuous
#ThreatResearch and #EDREvasion updates.
#InfoSec #CyberSecurity #EDR #BYOVD #WindowsSecurity #MalwareAnalysis #RedTeam
Researchers have revealed a DPAPI-based Teams token theft method allowing attackers to decrypt locally stored authentication cookies and impersonate enterprise users.
âď¸ Technical context:
- Target: msedgewebview2.exe process spawned by Teams.
- Stores AES-256-GCM encrypted cookies in a SQLite database.
- Decryption possible by extracting os_crypt.encrypted_key from Local State and unprotecting via DPAPI.
- Enables attackers to read Teams/SharePoint data and send messages as victims.
đŹ SOC/DFIR pros - whatâs the best detection vector here? File I/O from WebView2? Suspicious DPAPI calls?
đ Drop your hunting ideas below, like this post & follow @technadu for continuous threat research coverage.
#MicrosoftTeams #DPAPI #Forensics #DFIR #ThreatIntel #WindowsSecurity #InfoSec #AccessTokens #EDR #SOC #CyberDefense #TechNadu
When a breach occurs, itâs too late to wish youâd configured your logs...
Incident responders can only work with whatâs there. Our latest blog post, written by Nicole, breaks down which logs provide the best chance of understanding what really happened and how to configure them before you need them, so you can get back to business as usual swiftly.
đRead here: https://www.pentestpartners.com/security-blog/the-logs-youll-wish-you-had-configured-if-when-you-are-breached/
#cybersecurity #incidentresponse #digitalforensics #sysmon #windowssecurity #infosec
Heute ist der dritte Tag unserer Schulung, die sich vollständig der Sicherheit von Windows-Infrastrukturen widmet, wie sie heute typischerweise in Unternehmensnetzwerken betrieben werden.
Schwerpunkte der Schulung:
⢠Grundlagen von Verzeichnisdiensten
⢠Vorstellung von Angriffsvektoren mit Demos und Hands-on-Ăbungen
⢠Bedrohungsszenarien in Active Directory-Infrastrukturen
⢠Microsoft-Tiering-Modell zur Absicherung der Infrastruktur
⢠Vorstellung von Entra ID, seiner Funktionsweise und MÜglichkeiten zur Absicherung
⢠MÜglichkeiten zum gemeinsamen Betrieb von Active Directory und Entra ID
Unsere Trainer haben uns einige EindrĂźcke zukommen lassen.
Die nächste Schulung findet voraussichtlich vom 2 bis 4. Dezember 2025 in Mßnchen statt.
Jetzt Platz sichern unter: https://cirosec.de/trainings/hacking-und-haertung-von-windows-infrastrukturen/
#schulung #Training #ITSecurity #CyberSecurity #WindowsSecurity #ActiveDirectory #EnterpriseIT #ITInfrastructure
#HandsOnLearning
A major flaw in Unity could let hackers take control of your favorite gamesâputting millions at risk across multiple platforms. Are your gaming sessions suddenly vulnerable?
#unityvulnerability
#cve202559489
#gamersafety
#cybersecurity
#infosec
#gameengine
#zeroday
#securitypatches
#databreach
#windowssecurity
2025 ADMX templates boost security with app install controls (Windows 11), Excel external link blocking, Office AI settings, and Outlook migration management. Updates include 81+ new policies for SMB, printing, and Defender. #GroupPolicy #WindowsSecurity #ADMX
https://pupuweb.com/how-do-the-latest-2025-admx-templates-improve-security-in-windows-and-office/
Stop the nagging about Cloud-delivered Protection and Automatic Sample Submission on Windows 10 and 11
#How To #Antivirus #CloudProtection #Notifications #Windows11 #WindowsSecurity
https://gtechbooster.com/stop-the-nagging-about-cloud-delivered-protection-and-automatic-sample-submission-on-windows-10-and-11/?fsp_sid=161
Uninstalling System Center Endpoint Protection | https://techygeekshome.info/uninstalling-system-center-endpoint-protection/?fsp_sid=11087 | #Guide #Microsoft #SCCM#EndpointProtectionRemoval #SystemCenterUninstall #CyberSecurity #TechSolutions #MastodonTech #ITSupport #SystemMaintenance #EndpointSecurity #WindowsSecurity #DigitalProtection
https://techygeekshome.info/uninstalling-system-center-endpoint-protection/?fsp_sid=11087
New phishing campaign drops MostereRAT, targeting Windows via fake business inquiries. Attackers use AnyDesk/TightVNC for persistence, disable security tools, and secure C2 with mTLS. Fortinet & BeyondTrust warn of long-term control risks.
Full analysis: https://www.technadu.com/mostererat-phishing-campaign-leverages-anydesk-tightvnc-targeting-windows-systems/608718/
Silver Fox APT uses a signed Windows driver to drop ValleyRAT (HIGH severity). No CVE, but stealthy persistence and bypass of signature enforcement threaten EU orgs. Audit drivers, enhance EDR, hunt for ValleyRAT TTPs. https://radar.offseq.com/threat/silver-fox-apt-exploits-signed-windows-driver-to-d-351bd566 #OffSeq #ThreatIntel #WindowsSecurity
Microsoft announced critical patches for two Windows security flaws (CVE-2025-55229 & CVE-2025-55230), but the updates are missing. Confused? Here's what you need to do to stay safe until the official fix is released. #WindowsSecurity #CyberSec #InfoSec #CVE
https://pupuweb.com/what-windows-certificate-spoofing-flaws-cve-2025-55229-mdt-cve-2025-55230/
Hackers are abusing legitimate but vulnerable Windows drivers to sneak past security toolsâa tactic called BYOVD. Make sure your team blocks risky drivers, uses Microsoftâs blocklist, & enables memory integrity. #Cybersecurity #WindowsSecurity #BYOVD
đ https://zurl.co/ZdQQN
