In the eternal arms race between malware writers and anti-virus vendors, a new front of attack is opening. As security software has responded to the use of MS Office files as a means for malware delivery over email, the attackers have started to shift to the OpenDocument (ODT) file format first popularised by OpenOffice andRead more
Blog
Microsoft’s ATP research team has issued a details analysis of a new malware campaign which is pushing boundaries of the state of the art for Fileless malware. Fileless malware does not leave a noticeable fingerprint on the file-system – it resides only in memory. Nodersok is interesting because of its use of living-off-the-land techniques; itRead more
The September Patch Tuesday release from Microsoft included 18 critical fixes and 79 in total. The fixes include several Remote Code Execution vulnerabilities: RDP client-side remote code execution vulnerabilities Four remote code execution vulnerabilities were fixed in the Remote Desktop Services client. If a user can be tricked into connecting to a malicious RDP serverRead more
Symantec Endpoint Protection for Windows 7 and Server 2008 R2 is blocking Windows updates since August 2019. Back in April 2019 we reported that Microsoft planned to amend the way it digitally signed Windows updates in order to protect against supply chain attacks and ensure only valid, unmodified Microsoft issued patches are installed. This changeRead more
Microsoft announces hacker friendly Azure instance for security research At BlackHat 2019 Microsoft announced the launch for the Azure Security Lab along with a range of bug bounties for Azure vulnerabilities up to $300,000. The ASL is a separate instance of the Azure hosting platform which is available for approved security researchers to attempt to exploitRead more
Microsoft’s July Patch Tuesday updates resolve 77 vulnerabilities in Windows software, including two zero-day vulnerabilities which are being actively exploited and remote code execution vulnerabilities in DHCP Server and MS SQL Server. DHCP Server RCE vulnerability If you have your Microsoft DHCP server configured with a failover server, an attacker can send a specially craftedRead more
The June Patch Tuesday updates from Microsoft included a change to the Bluetooth LE stack which could prevent some of your Bluetooth devices from connecting – and you’ll be glad! When vendors publish specifications, such as the one for Bluetooth LE, it is common practice to include some example code to give adopters an ideaRead more
Nansh0u is a crypto-mining attack which has infected 50,000 MSSQL servers since February 2019 It is notable because its primary attack vector is poor SecOps on the part of victims and not a vulnerability per se First detected by security firm Guardicore, Nansh0u was observed infecting some 700 new servers each day. A study ofRead more
Microsoft included a fix for a serious RDP remote code execution vulnerability known as BlueKeep in the May patch Tuesday update. The vulnerability, which has become known as BlueKeep or CVE-2019-0708, remains unpatched on millions of internet connected systems. It affects all Windows-NT based operating systems ranging from Windows 2000 and Windows XP up toRead more
LightNeuron is a backdoor specifically designed to target Microsoft Exchange mail servers. It permits attackers to read and reroute all email passing through the server and execute commands on the server hidden in incoming email attachments. A recent paper published by ESET describes how the malware functions and the risks it poses. The researcher says:Read more
