Netflix's May lineup is heavy on comedy—headlined by a six-part live event from John Mulaney—coinciding with the 2024 Netflix Is A Joke Fest that runs from May 2–12 in Los Angeles. John Mulaney Presents: Everybody’s In L.A will air in installments beginning on May 3 and wrapping up on May 10. Also streaming live are Katt Williams: Woke Foke (May 4) and Roast of Tom Brady (May 5) with an award show special featuring Kevin Hart (Mark Twain Prize Award: Kevin Hart, May 11). Other comedy specials dropping in May are from Udom Taephanich (Deaw Special: Soft Super Power, May 1) and Rachel Feinstein (Big Guy, May 21).

The true crime documentary slate includes The Final: Attack on Wembley (May 8), chronicling the violence that took place at the Euro 2020 final held in July 2021 when ticketless fans stormed the stadium; Cooking Up Murder: Uncovering the Story of César Román (May 10), a docuseries about a murder case involving a Spanish chef; and Ashley Madison: Sex, Lies & Scandal (May 15) about the data hack of the infamous dating site. Later in the month, three-part docuseries Dancing for the Devil: The 7M TikTok Cult (May 29) covers the TikTok dancers trapped in a cult fronted by management company 7M.

Other May highlights include part one of season 3 of Bridgerton (May 16) and Unfrosted (May 3), a comedy film directed by and starring Jerry Seinfeld (along with Melissa McCarthy, Jim Gaffigan, Hugh Grant, and Amy Schumer) that loosely tells the Pop-Tarts creation story.

Here’s everything else coming to (and leaving) Netflix in May.

What’s coming to Netflix in May 2024

Available soon

• Buying London—Netflix Series

• The Life You Wanted—Netflix Series

• Monster—Netflix Film

Available May 1

• Deaw Special: Super Soft Power—Netflix Comedy

• Down The Rabbit Hole—Netflix Film

• Frankly Speaking—Netflix Series

• Heeramandi: The Diamond Bazaar—Netflix Series

• Airport

• Airport '77

• Airport 1975

• The Best Man Holiday

• Blended

• Blue Mountain State: Season 1

• Blue Mountain State: Season 2

• Blue Mountain State: Season 3

• Blue Mountain State: The Rise of Thadland

• Eat Pray Love

• The Edge of Seventeen

• The Equalizer

• The Gentlemen

• Hellboy (2019)

• Hulk

• Jumanji (1995)

• Liar Liar

• Madagascar: Escape 2 Africa

• The Matrix Resurrections

• Mortal Kombat (2021)

• Mr. & Mrs. Smith

• The Nutty Professor

• The Nutty Professor II: The Klumps

• Outlander: Season 6

• Patriots Day

• Public Enemies

• Ride Along

• Shrek

• Shrek Forever After

• Starship Troopers

• Traffic

• The Wedding Planner

• White House Down

• Woody Woodpecker

• The Young Victoria

Available May 2

• A Man in Full—Netflix Series

• Beautiful Rebel—Netflix Film

• Lola

• Secrets of the Neanderthals—Netflix Documentary

• T・P BON—Netflix Anime

Available May 3

• 2 Hearts

• John Mulaney Presents: Everybody’s In L.A—Netflix Comedy Special (Live Event)

• Postcards—Netflix Series

• Selling the OC: Season 3—Netflix Series

• The Unbroken Voice: Season 2—Netflix Series

• Unfrosted—Netflix Film

Available May 4

• The Atypical Family—Netflix Series

• Katt Williams: Woke Foke—Netflix Comedy Special (Live Event)

Available May 5

• The Peanut Butter Falcon

• Roast of Tom Brady—Netflix Comedy Special (Live Event)

Available May 6

• 30 for 30: Broke

• 30 for 30: Deion's Double Play

• 30 for 30: The Two Escobars

• Reba: Seasons 1-6

Available May 7

• Super Rich in Korea—Netflix Series

Available May 8

• The Final: Attack on Wembley—Netflix Documentary

• War Dogs

Available May 9

• Bodkin—Netflix Series

• The Guardian of the Monarchs—Netflix Documentary

• John Mulaney Presents: Everybody’s In L.A

• Mother of The Bride—Netflix Film

• Sing Street

• Thank You, Next—Netflix Series

Available May 10

• Blood of Zeus: Season 2

• Cooking Up Murder: Uncovering the Story of César Román—Netflix Documentary

• Living with Leopards—Netflix Documentary

• Pokémon Horizons: The Series Part 2—Netflix Family

• The Ultimatum: South Africa—Netflix Series

Available May 11

• Mark Twain Prize Award: Kevin Hart—Netflix Comedy Special

Available May 13

• Archer: Seasons 1-13

• Princess Power: Season 3—Netflix Family

Available May 14

• Married at First Sight: Season 15

Available May 15

• Ashley Madison: Sex, Lies & Scandal—Netflix Documentary

• The Clovehitch Killer

Available May 16

• Bridgerton: Season 3 Part 1—Netflix Series

• Dumb and Dumber To

• Maestro in Blue: Season 2—Netflix Series

• Upgrade

Available May 17

• The 8 Show—Netflix Series

• Power—Netflix Documentary

• Thelma the Unicorn—Netflix Family

Available May 19

• A Simple Favor

• Golden Kamuy—Netflix Film

Available May 20

• The Parisian Agency: Exclusive Properties: Season 4—Netflix Series

Available May 21

• Rachel Feinstein: Big Guy—Netflix Comedy

• Wildfire: Seasons 1-4

Available May 22

• Act Your Age: Season 1

• Toughest Forces on Earth

Available May 23

• El vendedor de ilusiones: El caso Generación Zoe—Netflix Documentary

• Franco Escamilla: Ladies' Man—Netflix Comedy

• Garouden: The Way of the Lone Wolf—Netflix Anime

• In Good Hands 2—Netflix Film

• Tires—Netflix Series

Available May 24

• Atlas—Netflix Film

• Butterfly in the Sky: The Story of Reading Rainbow

• Jurassic World: Chaos Theory—Netflix Family

• Mulligan: Part 2—Netflix Series

• My Oni Girl—Netflix Film

Available May 28

• Burnt

Available May 29

• Bionic—Netflix Film

• Colors of Evil: Red—Netflix Film

• Dancing for the Devil: The 7M TikTok Cult—Netflix Documentary

• Patrick Melrose

Available May 30

• Eric—Netflix Series

• Geek Girl—Netflix Series

Available May 31

• A Part of You—Netflix Film

• Chola Chabuca

• How to Ruin Love: The Proposal—Netflix Series

• Raising Voices—Netflix Series

• Tòkunbọ̀—Netflix Film

What’s leaving Netflix in May 2024

Leaving May 1

• Bennett's War

• Magic Mike's Last Dance

Leaving May 2

• Survive the Night

Leaving May 3

• Arctic Dogs

Leaving May 8

• Uncut Gems

Leaving May 9

• Puss in Boots: The Last Wish

Leaving May 10

• St. Vincent

Leaving May 11

• Where the Crawdads Sing

• Sam Smith: Love Goes - Live at Abbey Road Studios

Leaving May 14

• Fifty Shades of Black

Leaving May 19

• Rosario Tijeras (Mexico): Seasons 1-3

Leaving May 22

• The Boxtrolls

Leaving May 26

• Mako Mermaids: An H2O Adventure: Seasons 3-4

Leaving May 31

• 2012

• Boyz n the Hood

• Burlesque

• The Choice

• The Disaster Artist

• Forever My Girl

• The Great Gatsby

• Happy Gilmore

• The Hunger Games

• The Hunger Games: Catching Fire

• The Hunger Games: Mockingjay - Part 1

• The Hunger Games: Mockingjay - Part 2

• The Impossible

• Insidious

• L.A. Confidential

• Lakeview Terrace

• The Mick: Seasons 1-2

• Noah

• Oh, Ramona!

• The Other Guys

• Silent Hill

• Skyscraper

• Split

• Think Like a Man

• Think Like a Man Too

• You've Got Mail

from LifeHacker https://ift.tt/6MyDvdO

Not everyone was born to camp. I participate due to peer pressure from friends and a dog, who are all enthusiasts of the great outdoors. Whether you relish the great outdoors or just tolerate it, there’s so much smart gear to improve the experience. While bringing smart tech on a camping trip might feel counter intuitive, the right tech can make nature more accessible, safer and even more comfortable. 

A smart tent

Even those who brave the Pacific Coast Trail bring tech along with them (according to the hikers I follow on TikTok, which is as close as I’m getting it). That tech needs power, and your tent is a passive way to collect it. While there have been a lot of concept products, very few seem to have made it to market for consumers. A Green Origin has two for sale (below) that have a flexible solar panel that’s made to attach to the tent itself. The Dragon V1 Solar Tent has been successfully funded on Kickstarter and should ship soon. It, too, has a solar panel, but it’s integrated into the tent itself.  In the future, even these flexible panels will likely be obsolete; fabric with energy-harvesting technology woven into the fabric itself will be used for tents as well as clothing.

• 2-3 People Rechargeable Solar Power Tent ($380.00)

• 5~6 people High Quality Solar Power Tent ($1,499.00)

Smart coolers

Coolers used to be a race against time managing refrigerated and frozen food with ice cubes. Now, many coolers carry on-board power, meaning they can keep the cooler at a temp that ensures safe food handling, and no more ice management. In some cases, these coolers can also act as chargers or speakers, or allow you to manage the cooler via an app. Being able to designate each section as a fridge or freezer means you can use the power you need, and keep food at the right temperature. 

• Anker EverFrost 50 Powered Cooler ($949.00)

• Bodega cooler 48quart(45l) Car Fridge App Control ($299.99)

• Iceco Jp30 Portable Refrigerator Fridge Freezer, 30 Liters ($399)

Iceco JP30 Portable Refrigerator

$499.00 at Amazon

Shop Now

Shop Now

$499.00 at Amazon

Smarter lights

When you gather with friends at night to cook, eat, or just relax, you'll probably want a little light—and you've got a couple of options. There are lots of solar lanterns on the market, which just need to sit out during the day to recharge. But for a little more ambiance, bring a power bank with you and string up some LED lights, as they require less energy to run than other lights.

• Solar Camping String Lights 16.4Ft with Music Sync ($17.49)

• 22Ft Stowable String Light with APP Control ($15.99)

• Lantern Solar String Lights with Smart App Control ($26.99)

Wifi for the road

Generally, we think of having wifi anywhere we go now and when it’s not available, we fall back to our cellular signal. When you don’t want to blow through your wireless plan, you can rely on a backup device that provides a signal through the 4G network and you pay as you go. 

• GlocalMe Wireless Portable Wifi for Travel ($89.99)

• Journey1 LTE Wifi Hotspot ($159)

• RoamWiFi 4G LTE Mobile Hotspot Router ($143.99)

Power for everything

Going “off grid” has really changed now that there are so many portable power stations that give you a way to charge up while you’re away through a solar panel. 1,000-watt units are enough to power most of the devices you’ll use while away, while still being light enough to move around. 

• Jackery Solar Generator 1000 with 2 100W Solar Panels ($1,649.00)

• Anker SOLIX C1000 Portable Power Station with 400W Solar Panel ($1,498.00)

• Goal Zero Yeti 1000X Portable Power Station with Nomad 100 Solar Panel ($1,159.91)

from LifeHacker https://ift.tt/hLpz1qC

1Kosmos has expanded its offerings for the identity verification and passwordless market with the introduction of a new Credential Service Provider (CSP) managed service based on the privacy-by-design 1Kosmos platform.

The 1Kosmos CSP offering enables government agencies to offer residents who are requesting services an elegant, automated process that simultaneously digitally verifies their identity up to certified NIST Identity Assurance Level 2 (IAL2) and then issues a strong, phishing-resistant, multi-factor authentication (MFA) credential, up to certified NIST Authentication Assurance Level 2 (AAL2).

1Kosmos improves resident access to services; reduces new account fraud by detecting synthetic and stolen identities during enrollment; ensures equitable access, even for thin file individuals; prevents account takeover by eliminating passwords; reduces investment in on-premises technology required to support identity verification, data storage and protection; and shrinks the overall cyber attack surface.

“Virtually every government agency at the federal, state, tribal, and local level is modernizing resident services which all require immutable digital identity verification,” said Hemen Vimadalal, CEO of 1Kosmos. “With the 1Kosmos CSP service, we are providing the government sector with a low friction, intuitive and user-directed way to enroll and verify their identity that meets the highest assurance level standards available today.”

With 1Kosmos, residents can enroll via several methods using their existing physical-world credentials, such as a government issued driver’s license, ID card or passport. These methods include a web interface, mobile app, agent assisted / remote supervised, and in-person proofing. Credentials are validated and cross-referenced in real time, and all data is stored in a decentralized framework and accessed via FIDO2 certified public-private key cryptography.

This supports sharing or federation only upon explicit consent by the user in the form of a tamper-evident, reusable and verified credential and avoids creating data lakes of PII, which are rich targets for cyber attacks.

1Kosmos is working to achieve an Authority to Operate (ATO) under the Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

How the 1Kosmos CSP works

As part of the 1Kosmos platform, the CSP service walks users through an enrollment journey which can include the following steps on their mobile device or through a browser-based UI:

• Email and device verification
• Document scanning and verification for driver’s license, ID, passport, etc.
• Non-biased biometric capture (including LiveID where a user must blink or smile) that protects against presentation and injection attacks (e.g. deepfakes)
• Phone number verification using SIM binding, where a security token (used as proof of identity) is linked to a device trusted by the user and a service provider
• Social security number (optional) and address verification

Once completed, this enrollment process creates a user controlled, privacy-preserving digital wallet that provides a government-grade validated identity for online transactions.

The 1Kosmos CSP also enables a privacy-preserving process whereby users create a secure identity that is independent of any service provider and which allows them to control what personally identifiable information (PII) they wish to share with third parties.

This ensures data privacy and control, since PII is securely stored within their wallet, preventing administrators and remote applications from changing or deleting the information purposefully or inadvertently. Since the data is stored in a private and permissioned distributed ledger, it cannot be compromised by a data breach at any point in the supply chain.

Availability

1Kosmos and the new CSP service are available from 1Kosmos and its business partners worldwide.

from Help Net Security https://ift.tt/ndbHosL

Cyberint has unveiled a series of platform updates aimed at bolstering client protection against external threats.

Cyberint’s recent platform innovations provide several new capabilities that support a range of strategic security initiatives, from regional threat landscape analysis and proactive threat hunting to executive-level risk reporting and continuous threat exposure management.

Cyberint’s Argos platform new modules arrive at a critical time as many companies continue to grapple with cyber-attacks, necessitating advanced solutions to prevent breaches.

“Today’s cybersecurity attackers pivot fast, leaving organizations scrambling to automate controls and deploy security patches to keep up, but such tactics don’t reduce future exposure,” states Gartner analyst Kasey Panetta. “What’s needed is a continuous threat exposure management (CTEM) program that surfaces and actively prioritizes whatever most threatens your business.”

Cyberint’s latest enhancements enable organizations to implement an effective continuous exposure management program. Among the new capabilities released is a suite of knowledgebase modules that provide detailed threat landscape insights that can be tailored to an organization’s region and industry.

There are also dedicated modules for Threat Actor Intelligence, Malware Intelligence, and CVE Intelligence, each offering a library of open, deep, and dark web intelligence to assess risk and proactively configure defenses ahead of probable attacks.

In addition, enhancements to the Attack Surface Monitoring (ASM) module improve continuous exposure management capabilities for ongoing discovery, monitoring, prioritization, and risk mitigation actions. The ASM module provides every environment with a unique exposure score and every asset is assigned a severity level, simplifying the process of measuring and reporting on external cyber risks.

To support proactive threat hunting activities, Cyberint offers the Intel Data Lake module, a deep and dark web search engine that is updated with more than 60 million new intelligence items every month. The Intel Data Lake can be filtered and searched with complex queries. Further, the Forensic Canvas module supports advanced investigations to analyze indicators of compromise (IOCs) and uncover the full extent of malicious infrastructure.

“In today’s threat landscape, organizations face a multitude of challenges, including limited resources, visibility, and scalability. Cyberint recognized these unmet needs early on and capitalized on new growth opportunities to consolidate CTI, DRP, and EASM solutions into a unified framework and provide organizations with a holistic security posture,” said Martin Naydenov, a Senior Industry Analyst at Frost & Sullivan.

“We’re constantly evolving to meet the ever-changing landscape of cyber threats, and our latest product updates are a testament to that commitment,” said Yochai Corem, Cyberint CEO. “Our latest platform capabilities empower organizations to monitor and mitigate their digital exposure with precision, and each new capability is designed to equip businesses with the tools and intelligence needed to stay ahead of emerging threats. With these advancements, we’re not just providing products; we’re providing solutions that enable our clients to navigate the complex cybersecurity landscape with confidence and resilience.”

from Help Net Security https://ift.tt/Y5InNx2

Forcepoint has launched Forcepoint Data Security Posture Management (DSPM), driven by AI to deliver real-time visibility, ease privacy compliance and minimize risks for data stored in multi-clouds and networks, including endpoints.

Forcepoint DSPM harnesses innovative AI-mesh technology to swiftly identify data risks, such as obsolescence, improper access, and misplaced files. This understanding empowers decision-making and safeguards sensitive information by examining data context and content, prioritizing critical data types including intellectual property, personally identifiable information (PII) and medical records.

Going beyond data discovery, Forcepoint DSPM automates security actions and controls using sophisticated workflow orchestration with AI-powered data detection and remediation (DDR) capabilities to prevent inappropriate usage and stop breaches before they can occur. It is part of Forcepoint’s full-lifecycle ‘data security everywhere’ suite of capabilities, combining proactive visibility and controls that adapt continuously to how users access and interact with any data on any device, including BYOD.

“In today’s business landscape, data security isn’t just a necessity—it’s the bedrock of zero trust and innovation,” said Manny Rivelo, CEO of Forcepoint. “Forcepoint is eliminating blind spots with a comprehensive data security solution that not only sheds light on potential threats, it guides and empowers organizations to stay ahead of them, ensuring data integrity and regulatory compliance every step of the way.”

Conventional security tools often struggle to comprehend the contextual significance of business data, leading to potential security gaps. These gaps heighten the risk of breach and exfiltration, making compliance with increasingly stringent mandates more difficult, especially for unknown, “shadow data” stored in multiple cloud services or SaaS applications.

Forcepoint addresses these issues by bringing together innovations such as DSPM with Forcepoint DLP into a unified data security solution. This integration provides enhanced discovery, classification, prioritization and enforcement capabilities.

Using Forcepoint Data Security solutions, growing businesses can enhance productivity through faster and safer data access and sharing for better innovation and collaboration. Mid-sized enterprises can cut costs by leveraging extensive Forcepoint automation that reduces time and resources spent on data security investigations and remediation.

The company’s CEO underscored the rapid adoption and momentum for Forcepoint Data Security solutions among mid-market and commercial customers. “Our unique approach, centered on a cloud-delivered, Data-first SASE architecture, prioritizes data security across all possible touchpoints and devices,” Rivelo said. “Today’s launch isn’t just about security technology—it’s about people. It’s about ensuring that every organization, regardless of size or industry, can operate with confidence in the modern networked world.”

Key features and benefits of Forcepoint DSPM:

Automates highly efficient and rapid discovery and classification of many different sources of data across cloud and network locations with the power of customizable AI-model training, reducing the risk of breaches and ensuring compliance with privacy regulations. Security teams can prioritize policy enforcement and incident response efforts on the most sensitive digital assets.

• Supported data stores include on-premises, Amazon, Microsoft, Google, Confluence and Box.com.

Provides comprehensive data visibility, covering file location, categorization, classification, access permissions, inactive accounts with file access, redundant, obsolete, trivial (ROT) data, and compliance risks. Continuous monitoring helps identify misconfigurations, improper access controls, and other vulnerabilities to reduce the likelihood of compliance or breach incidents.

Enables real-time risk remediation and workflow orchestration for automatically tracking stakeholders of different data and fixing problems quickly. It also will incorporate AI-powered DDR for highly accurate remediation. For example, distinguishing between sensitive data such as a proprietary recipe versus a coincidental list of ingredients.

Enhances data visibility and risk management.

Forcepoint pinpoints the location of confidential data in various locations, including PaaS, IaaS, SaaS and DBaaS, providing access permissions and usage patterns along with out-of-the-box classifiers, templates, and policy controls to prevent data leakage or theft.

Additional solutions such as Forcepoint Risk-Adaptive Protection complements DSPM by facilitating proactive data loss prevention and access control based on risky behaviors.

Forcepoint DSPM, powered by Getvisibility, is immediately available direct from Forcepoint and through the company’s global network of channel partners.

from Help Net Security https://ift.tt/oTKQBjs

Entrust announced a single-vendor enhanced authentication solution that integrates identity verification (IDV) and identity and access management (IAM) to fight deepfakes, phishing, account takeover (ATO) attacks and other threats.

By enhancing Entrust Identity as a Service (IDaaS) platform with Onfido’s AI-powered document and biometric verification, customers will be able to deploy next-level identity authentication before allowing a privileged action or making a high-value transaction. This equips the IDaaS platform with a new layer of hardened security that resists identity fraud and phishing, secures digital interactions, and safeguards sensitive information.

Entrust was recognized in the 2023 Gartner Magic Quadrant for Access Management. In that report, Gartner predicted “By 2027, integration with identity verification for onboarding, credentialing & recovery will be a standard feature of access management tools, potentially reducing account takeover attacks against these processes by 75%.”

“As physical and digital credentials merge, identity has become central to security. AI-driven threats, deepfakes, synthetic identities and ransomware gangs are driving a rising need for confidence in the identities of the people seeking to connect, access, and transact,” said Bhagwat Swaroop, President of Digital Security at Entrust.

“That’s why identity-centric security is essential to making Zero Trust work. Entrust is the only provider that can integrate world-class IDV and IAM to enhance fraud prevention, reduce manual intervention, and improve the user experience,” added Swaroop.

With the combined power of these solutions, organizations can:

• Securely and efficiently authenticate users and validate their identities in real-time to protect against fraud, phishing and other account takeover attacks – last year Onfido saw a 3000% increase in deepfake attempts, speaking to the critical need for identity verification.
• Seamlessly deploy IDV with ID and biometric checks as step-up authentication for employees or customers attempting a privileged action, such as a high value transaction, or being issued a passkey or phishing-resistant token.
• Help prevent lateral movement in the event of a breach by incorporating AI-driven facial biometrics and the IDV process enabled by risk-based adaptive authentication to enforce a higher level of assurance.
• Stay ahead of evolving deepfakes and cheapfakes.

from Help Net Security https://ift.tt/HGX7fvd

For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028).

Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more.

“Microsoft has observed Forest Blizzard using GooseEgg as part of post-compromise activities against targets including Ukrainian, Western European, and North American government, non-governmental, education, and transportation sector organizations,” Microsoft threat analysts have shared on Monday.

Most recently, the group has been spotted leveraging a known Microsoft Outlook vulnerability (CVE-2023-23397) to compromise email accounts of workers at public and private entities in Poland.

US and UK governments believe Forest Blizzard to be linked to Unit 26165 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

How GooseEgg exploits CVE-2022-38028

Microsoft’s analysts say that the hackers have been using GooseEgg “since at least June 2020 and possibly as early as April 2019.” This means that CVE-2022-38028, the vulnerability it exploits, was a zero-day when Microsoft patched it in October 2022.

Despite having been reported by the US National Security Agency, the vulnerability has not been and still is not described by Microsoft as having been exploited. (It is, of course, possible that the discovery of GooseEgg is very recent and Microsoft didn’t know until then that the flaw was being used by attackers.)

In any case, Microsoft explains how the GooseEgg tool – typically deployed with a batch script – invokes the GooseEgg executable and achieves persistence as a scheduled task.

The executable uses commands to trigger the exploit, launch either a malicious DLL or executable with elevated permissions, and test the exploit.

The malware components are installed in a specially crafted subdirectory with an ordinary name (e.g. Microsoft, Comms, Intel, etc.). The binary then copies driver stores to another system directory.

“Next, registry keys are created, effectively generating a custom protocol handler and registering a new CLSID to serve as the COM server for this ‘rogue’ protocol. The exploit replaces the C: drive symbolic link in the object manager to point to the newly created directory,” the analysts explained.

“When the PrintSpooler attempts to load C:\Windows\System32\DriverStore\ FileRepository\pnms009.inf_amd64_a7412a554c9bc1fd\MPDW-Constraints.js, it instead is redirected to the actor-controlled directory containing the copied driver packages.”

The JavaScript file applies a patch to the convertDevModeToPrintTicket function, which “invokes the ‘rogue’ search protocol handler’s CLSID during the call to RpcEndDocPrinter. This results in the auxiliary DLL wayzgoose.dll launching in the context of the PrintSpooler service with SYSTEM permissions.”

Security updates fixing CVE-2022-38028 have been available for a year and a half and organizations should install them, Microsoft advises. If it’s not needed, disabling the Print Spooler service for domain controllers is also a good idea, the company says.

Vulnerabilities in the Windows Print Spooler service are often exploited by attackers, and this is the main reason why Microsoft is working on supplanting it with Windows Protected Print Mode (WPP).

from Help Net Security https://ift.tt/OgX6eAl