When most people think of malware, they think of binaries that are downloaded to a drive and executed. However, that is only part of the malware world. The other side does not actually download the malicious binary directly to the drive and often injects it directly into memory though the use of scripts. The name fileless is a bit of a misnomer as there are always files to be found in different stages of the attack, it is more to the point that much of the malicious work is doe through injection of code into legitimate processes without the need to write much of it to disk.

Yesterday we reported that insider builds of Microsoft’s Windows 11 were displaying ads for other Microsoft services inside File Explorer. Like most people, we felt this was not a good thing and the news went around the internet at a pace typical of things that are bad. In response to this Microsoft release a statement saying, “This was an experimental banner that was not intended to be published externally and was turned off,” Basically the marketing equivalent of a 5-year-old saying they got the cookie for you.

Will someone tell Microsoft (again) that to lead in the industry means not just following the competition? They seem to have lost that message again as we are hearing that they will require a Microsoft account to set up and use future versions of Windows 11 Pro. This frustrating need to be attached to the internet and beholden to Microsoft just to use your operating system has always been an odd choice to me, but it is Microsoft and when they can’t figure out what to do, they tend to just copy features (and bad ones at that) from Apple or Google.

WikiLeaks is at it again with their "Vault 7" releases. This time part of the dump features a nice little took kit for continued exploitation of some Linux systems. The tool kit is called OutlawCountry and is, to be perfectly honest, not much more than a remote management, monitoring and exfiltration tool. It is intended to run in the background on a system after a vulnerability has been exploited to allow the payload to be pushed. It looks very similar to a tool that the NSA used for years and has now become the commercial product Kaseya.

These days it is not unheard of for something as simple as a printer to have all sorts of bells and whistles. You can find wireless, remote file access, remote (web) printing and more. These devices also have very advanced controls that are often accessible through a web interface. All of this technology can be had for very little money making advanced printers a common thing in the market. The downside? Well there is also very little security in these products. Walking through a business the other day with my WiFi sniffer on I found multiple, unprotected wireless networks screaming at me to join. Without exception these were all printers connected to the company’s network. All easy prey if I was up to no good.

All good things must come to an end. In April of 2013 we published an article that Apple and their iOS based devices would begin to slide in 2016. It was in response to a survey/analysis claiming that Apple would reclaim the crown from Google by 2016 and dominate through 2018. For some reason the technical and financial press were jumping at the announcement for Windows phone 8.x. The fact that Windows phone held a single digit market share at the time did not seem to matter to them.

Over the course of its development there has been a lot to like about Windows 10. There seems to be a good blend of the traditional Windows desktop with some of the touch-centric features that Microsoft tried to force in Windows 8. You are also getting more than a few performance improvements including DX12. If you have not heard about all of the goodness in DX12 you are in for quite a pleasant surprise. However, despite all of the good there is in Windows 10 there seems to be a group at Microsoft that have still not learned lessons from the past.

Over the weekend there was a lot of talk about how Windows in particular is vulnerable to a flaw that is linked to SMB. This flaw could allow someone to grab user information by forcing a redirect to a malicious server using the SMB protocol. The way it works is pretty simple; if you give someone a URL that begins with the work “file” then Windows (and some other systems) will think that you want to use SMB to connect to a file share. If the server that the link (URL) points to uses even basic authentication then you can try and tempt a user to put in their own credentials and grab them during the exchange.

So, remember that comment Microsoft made about upgrading non-genuine version of Windows 7 and 8.x to Windows 10? Well we finally have some more information on that. Sadly the new information causes more confusion than it clears up. According to Microsoft the non-genuine upgrades will “not be supported by Microsoft or a trusted partner”. This is interesting as we do not know of any pirate that has ever gone to Microsoft or a trusted partner for help with their illegal copy of Windows.

Microsoft is making a bold move with Windows 10 and we are not just talking about a redesign of the OS here. It seems that they would really like people to move from Windows 7 and 8.x to Windows 10. To entice you they are offering free upgrades to anyone with a qualifying system. What makes things even more interesting is that there is talk that the upgrade will even be available to non-genuine versions of Windows. This last bit is very much out of pattern for Microsoft, but we have a pretty good idea of why they are doing it.