April 11, 2024 at 06:05PM MITRE will add two sub-techniques to ATT&CK database, exploited by North Korean threat actors. TCC manipulation involves Apple macOS application permissions. “Phantom” DLL hijacking exploits nonexistent DLLs in Windows. These techniques allow hackers to gain privileged access and perform espionage. It’s crucial to keep SIP enabled and monitor DLL loading … Read more
April 11, 2024 at 04:09PM MITRE is adding two new techniques to its ATT&CK database due to exploits by North Korean threat actors. One technique involves TCC manipulation on Apple’s macOS, enabling privileged access for espionage. The other technique, phantom DLL hijacking on Windows, involves exploiting nonexistent DLL files. Both have been used by North … Read more
April 5, 2024 at 06:33AM Bogus Adobe Acrobat Reader installers are distributing a new multi-functional malware called Byakugan. The attack begins with a PDF file in Portuguese prompting the victim to download the Reader application. Clicking the link leads to the installation of the malware, which leverages various techniques to deploy its payload and gather … Read more
April 2, 2024 at 01:54AM Summary: Earth Freybug actors are using dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to avoid being monitored by a new malware called UNAPIMON. The malware prevents child processes from being monitored, enabling malicious activity to go undetected. Security measures such as restricting admin privileges and frequent password … Read more
January 2, 2024 at 10:36AM Security Joes discovered a new DLL search order hijacking technique allowing adversaries to execute malicious code in Windows’ WinSxS folder. The technique abuses applications’ search order, leading to the loading of a malicious DLL before the legitimate library. Attackers can inject unauthorized code into trusted processes, effectively bypassing security tools. … Read more
January 1, 2024 at 09:18AM Security researchers have uncovered a new DLL search order hijacking technique that allows threat actors to execute malicious code on Windows 10 and 11. By leveraging trusted WinSxS folder executables, adversaries can bypass security mechanisms and introduce potentially vulnerable binaries into the attack chain. Security Joes urges organizations to closely … Read more