cua cà mau cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau cua cà mau cua tươi sống cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau
Skip to main content

Your PC’s security is being attacked on two new fronts

Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features — one that exploits Windows search and another a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in what researchers have called a “clever” way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.

Recommended Videos

When you open the HTML file, it opens your browser and engages with Windows Explorer’s search feature. Windows Explorer starts looking for anything called “INVOICE,” and then the search is relabeled to “Downloads,” which tricks the user into thinking they are viewing what they “downloaded.” A batch script is involved in this attack that, when activated, wakes up more malicious operations. At the moment, the type of malware the hackers were trying to distribute is now known.

To alleviate the situation, users can try turning off search-ms/search URI protocol handlers by erasing the related registry entries. To stay safe, users can be cautious in the email with the attachment they are getting; they can do things such as verify who the sender is, confirm the legitimacy, distrust attachments with a file extension you normally wouldn’t get, and if the email urges you to take immediate action, label it as a phishing scam.

The second vulnerability is a bit more dangerous. Microsoft is busy patching a security hole in the Windows Wi-Fi driver that allows hackers to run malicious code on a PC only when it is within a public Wi-Fi range. This vulnerability affects all modern versions of Windows Server and Windows. The attacker does not need prior access to your computer to do this. The weakness is characterized in CVE-202430078 and given a maximum severity of “Important.”

What’s also concerning is that the attack can bypass every authentication protocol and doesn’t need previous access rights or any user interaction. This vulnerability reminds us of the dangers of connecting to a public Wi-Fi network and the precautions that need to be taken. The flaw is called an Improper Input Validation security vulnerability, and unfortunately, it’s on all common versions of the Windows operating system.

Users can be affected if they have an unpatched version of Windows 11 or 10 or Windows Server versions from 2008 and on. Microsoft released a fix on June 11 that tackles 49 CVEs in Windows, Office, and their components. Azure Dynamic Business Central and Visual Studio are also included. These concurrent threats underscore the importance of remaining vigilant against cyberattacks and ensuring all software and security patches on your computer are up to date.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
How smart light bulbs could steal your password
GE Cync smart lights review

If it's connected to the internet, it can get hacked -- yes, even some of the best smart bulbs. While smart bulbs make it easy to adjust the lighting and ambiance in your room, they connect to Wi-Fi, which makes them susceptible to attacks. Researchers from the Universita di Catania and the University of London discovered a particular vulnerability in the TP-Link Tapo L530E smart bulb and the accompanying TP-Link Tapo app. It seems that hackers could gain access to your passwords just through the smart bulb.

These days, smart devices are more and more prominent in households across the globe. The TP-Link Tapo L530E is a popular smart bulb, which is what drove the researchers to analyze it and attempt to find flaws within its security. Unfortunately, they found at least four vulnerabilities, all stemming from the fact that the bulb's security measures might be insufficient.

Read more
Ransomware attacks have spiked massively. Here’s how to stay safe
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

No one wants to fall victim to ransomware, but a new report from blockchain security firm Chainalysis claims that ransomware payments could be set for a record-breaking year, with criminals raking in close to half a billion dollars just seven months into 2023.

According to the analysis, ransomware payments this year have totaled $449.1 million so far. That’s $175.8 million more than this time last year, suggesting that hackers have doubled down on this method of extracting money from unfortunate victims.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more