Hackers now use ZIP file concatenation to evade detection

November 10, 2024 at 06:43PM Hackers are exploiting ZIP file concatenation to deliver malware undetected on Windows machines. This method involves merging multiple ZIP archives, camouflaging a trojan within a phishing email. Perception Point recommends security solutions capable of recursive unpacking and cautions against trusting emails with ZIP attachments to enhance protection. ### Meeting Takeaways … Read more

5 Most Common Malware Techniques in 2024

November 7, 2024 at 05:04AM Tactics, techniques, and procedures (TTPs) are essential for cybersecurity, identifying threats more reliably than indicators of compromise. This report details techniques like disabling Windows Event Logging, PowerShell exploitation, and registry manipulation, showcasing real-world examples through ANY.RUN’s sandbox to analyze malware behavior and enhance threat detection capabilities. ### Meeting Takeaways 1. … Read more

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

November 6, 2024 at 04:28PM Hackers are increasingly using the Winos4.0 framework to target Windows users, especially in China, through game-related apps. The malware executes a multi-step infection process, collects system data, and can evade security tools. Fortinet and Trend Micro have noted its potent capabilities, indicating a rise in malicious campaigns. ### Meeting Takeaways … Read more

Windows Themes zero-day bug exposes users to NTLM credential theft

October 30, 2024 at 05:35PM A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials. Acros Security provides a free micropatch to address the issue while Microsoft awaits an official fix. Exploitation requires user interaction, such as copying a malicious theme file. Users are advised to apply the micropatch promptly for protection. ### … Read more

New Windows Themes zero-day gets free, unofficial patches

October 29, 2024 at 04:30PM Free unofficial micropatches are now available for a Windows Themes zero-day vulnerability that allows NTLM credential theft. Discovered by ACROS Security, this issue affects all updated Windows versions. Users can apply these patches through 0patch while awaiting official fixes from Microsoft, which plans to address the problem promptly. ### Meeting … Read more

Windows ‘Downdate’ Attack Reverts Patched PCs to a Vulnerable State

October 28, 2024 at 05:51PM Windows 11 systems, even when fully patched, can be compromised through a technique demonstrated by SafeBreach’s Alon Leviev. His Windows Downdate tool allows attackers with admin access to downgrade critical OS components back to vulnerable versions, exposing systems to potential rootkit installation and exploitation. Microsoft is developing mitigations to address … Read more

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

October 28, 2024 at 01:42AM A new attack method can bypass Microsoft’s Driver Signature Enforcement on up-to-date Windows systems, enabling the loading of unsigned drivers and potential OS downgrades. This technique allows attackers to deploy rootkits, compromising system security. Enabling Virtualization-Based Security with UEFI lock and Mandatory flag can mitigate these vulnerabilities. ### Meeting Takeaways … Read more

New Windows Driver Signature bypass allows kernel rootkit installs

October 26, 2024 at 08:34AM Attackers can exploit Windows Update to downgrade kernel components, bypassing security features and allowing rootkit deployment on patched systems. Researcher Alon Leviev demonstrated this vulnerability and developed a tool called Windows Downdate, highlighting the dangers of downgrade attacks that undermine the meaning of a “fully patched” system. ### Meeting Takeaways: … Read more

Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers

October 24, 2024 at 12:54PM Nvidia has released critical security updates addressing at least eight high-severity vulnerabilities in its GPU drivers for both Windows and Linux platforms. **Meeting Takeaways:** 1. **Urgent Security Updates Released:** Nvidia has rolled out important security updates specifically designed to address vulnerabilities in GPU drivers. 2. **High-Severity Vulnerabilities:** The updates fix … Read more

Fake Google Meet conference errors push infostealing malware

October 17, 2024 at 05:04PM The ClickFix campaign, emerging in May, lures users to fake Google Meet pages leading to malware infections via fraudulent connectivity errors. It has evolved to target firms with phishing tactics and impersonates legitimate tools. Two threat groups, SNE and Scamquerteo, are behind this rise in cyberattacks, exposing various malware risks. … Read more