Linux Systems Are Becoming Bigger Targets
When it comes to security, there are some low-lying threats that can cause big problems. One important example is malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. And, as the Linux footprint continues to expand, so, too, will attacks against it. Researchers from FortiGuard Labs noted…
17 Malware Frameworks Target Air-Gapped Systems for Espionage
The list was created over the course of 15 years, but the last four of the frameworks emerged last year, proof of an increased interest by threat actors to target isolated systems. Only malware components working together to create an offline, covert communication channel between air-gapped networks and a threat actor were taken into consideration…
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day…
NTLM relay attacks explained, and why PetitPotam is the most dangerous
Microsoft Active Directory (AD), which handles identity management, reportedly holds 90% to 95% market share among fortune 500 companies. Given such broad adoption, it is no surprise that it is so heavily targeted by malicious actors and researchers alike. Among the most cited types of attacks against AD are legacy protocols. One such protocol that…
Microsoft’s PrintNightmare continues, shrugs off Patch Tuesday fixes
I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be a whole host of people in Redmond having nightmares about the Windows Print Spooler service by now. PrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network…
Microsoft Patch Tuesday: Windows Flaw Under Active Attack
The zero-day flaw, documented as CVE-2021-36948, is rated “important” with a CVSS base score of 7.8. Microsoft described the vulnerability as a local privilege escalation bug, a suggestion that it is part of a larger software exploit chain. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows…
How to prepare your Windows network for a ransomware attack
Recently I spoke with Ryan Chapman of the SANS Institute, author of the upcoming SANS course FOR528: Ransomware for Incident Responders, on how to better prepare for ransomware. That preparation comes in two forms: planning how you would respond to a successful ransomware attack and overcoming barriers to hardening your network against them. Planning for…
Mac Malware Used in Attacks Targeting Industrial Organizations in Middle East
Dubbed WildPressure, the campaign started in May 2019 and for more than a year it involved only a Windows version of a malware named Milum. Earlier this year, however, the campaign’s operators started using new versions of the Trojan, to target macOS systems as well. In addition to the initially observed C++ iteration of the…
Purple Fox Malware Squirms Like a Worm on Windows
The malware campaign, dubbed Purple Fox, has been active since at least 2018 and the discovery of the new worm-like infection vector is yet another sign that consumer-grade malware continues to reap profits for cybercriminals. According to Guardicore researcher Amit Serper, the Purple Fox operators primarily used exploit kits and phishing emails to build botnets…
Google Discloses Details of Remote Code Execution Vulnerability in Windows
The flaw, tracked as CVE-2021-24093, was patched by Microsoft on February 9 with its Patch Tuesday updates. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft. A CVSS score of 8.8 has been assigned to the vulnerability, but Microsoft has rated it critical for…
