Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hier4sysops

Spirals ransomware exploits IIS servers to encrypt networks in under 24 hours

Par : IT News
17 juillet 2026 à 15:50
Spirals ransomware exploits IIS servers to encrypt networks in under 24 hours
The newly discovered Spirals ransomware, written in Rust, utilizes a rapid attack timeline to move from initial breach to full network encryption in less than a day. Attackers gain entry by compromising internet-facing IIS web servers to deploy web shells and establish interactive sessions through the IIS worker process. Once inside, the threat actors escalate privileges by bypassing User Account Control and enabling the Remote Desktop Protocol for persistent access.

Source

Windows Server 2022 mainstream support ends in October 2026

Par : IT News
17 juillet 2026 à 11:18
Windows Server 2022 mainstream support ends in October 2026
Microsoft has issued a formal 90-day reminder that mainstream support for Windows Server 2022 will conclude on October 13, 2026. After this date, the operating system enters an extended support phase that is scheduled to last until October 14, 2031. During this five-year period, the vendor will continue to provide critical security patches at no additional cost to customers.

Source

Windows Server vNext preview: ReFS boot, NVMe-oF initiator, and Quick Machine Recovery

Par : IT Experts
15 juillet 2026 à 22:38
Quick machine recovery diagram (image Microsoft)
Microsoft's Windows Server vNext preview program has introduced three significant features since build 29531, released on February 12, 2026: boot support for the Resilient File System (ReFS), a built-in NVMe-over-Fabrics (NVMe-oF) initiator for high-performance network storage, and Quick Machine Recovery (QMR) for automated recovery from boot failures. Build 29621, released July 13, 2026, adds an early implementation of Trusted Launch for Hyper-V virtual machines. This article covers what each feature does, its requirements, and its current limitations.

Source

Trusted Launch brings enhanced startup security to Hyper-V virtual machines

Par : IT News
15 juillet 2026 à 16:17
Windows Server Insider Build 29621 introduces Trusted Launch for Generation 2 virtual machines to bolster security during the boot process. This feature automatically enables Secure Boot and provisions a virtual Trusted Platform Module (vTPM) to defend against firmware-level attacks. The vTPM state is specifically protected at rest, ensuring that sensitive cryptographic data remains secure even when the virtual machine is not running.

Source

Microsoft issues record 570 security patches driven by AI discovery tools

Par : IT News
15 juillet 2026 à 15:49
Microsoft issues record 570 security patches driven by AI discovery tools
Microsoft’s July 2026 Patch Tuesday has set a new record by addressing 570 vulnerabilities, nearly tripling the volume of previous monthly releases. This massive surge is attributed to the implementation of a new AI-powered vulnerability discovery system designed to scan the Windows codebase for flaws. The release includes 60 critical vulnerabilities, primarily focusing on remote code execution and elevation of privilege issues across Windows, Office, and SharePoint.

Source

LegacyHive exploit targets Windows User Profile Service after July updates

Par : IT News
15 juillet 2026 à 15:49
LegacyHive exploit targets Windows User Profile Service after July updates
A security researcher has released a proof-of-concept exploit named LegacyHive that targets the Windows User Profile Service (ProfSvc). This vulnerability allows for local elevation of privileges by forcing the system-level service to load arbitrary registry hives. The exploit remains functional on all currently supported versions of Windows desktop and server, even after applying the July 2026 Patch Tuesday updates.

Source

Microsoft releases July 2026 security updates for Exchange Server SE and ESU versions

Par : IT News
15 juillet 2026 à 12:20
Microsoft releases July 2026 security updates for Exchange Server SE and ESU versions
Microsoft has launched its July 2026 security updates for Exchange Server, providing critical fixes for the Subscription Edition (SE) and legacy on-premises versions. The release addresses several high-severity vulnerabilities, including a critical spoofing flaw (CVE-2026-55008) with a CVSS score of 9.6 and a remote code execution bug. While the update for Exchange SE is publicly available, updates for Exchange 2016 and 2019 are restricted to organizations enrolled in the Period 2 Extended Security Update (ESU) program.

Source

AI-generated PowerShell script used for aggressive Active Directory enumeration

Par : IT News
13 juillet 2026 à 17:23
AI-generated PowerShell script used for aggressive Active Directory enumeration
A threat actor recently utilized an AI-generated PowerShell script to conduct reconnaissance within a compromised Active Directory environment. The intrusion began after the attacker gained access to a domain-joined Windows Server via Remote Desktop Protocol using previously stolen credentials. Once inside, the intruder staged tools in the ProgramData directory and executed a script designed to map users, groups, and domain controllers.

Source

GigaWiper backdoor merges multiple malware families for disk destruction

Par : IT News
9 juillet 2026 à 19:42
GigaWiper backdoor merges multiple malware families for disk destruction
Microsoft Threat Intelligence has identified GigaWiper, a sophisticated Golang-based backdoor that integrates components from three distinct malware families. This modular implant combines command-and-control capabilities with destructive payloads, including physical disk wiping and fake ransomware routines. By consolidating tools like Crucio and FlockWiper, threat actors can switch between stealthy espionage and immediate system sabotage within a single deployment.

Source

❌
❌