RF Wave’s Post

Breaking into Libraries – DLL Hijacking: https://lnkd.in/eqq_C3J3 #cybersecurity #dllhijacking #infosec #informationsecurity #malware #redteam

#SolarWinds has released software updates to address critical vulnerabilities in its Access Rights Manager software The vulnerabilities are tracked as CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470, and when exploited, allows an attacker to execute commands Administrators are advised to patch ASAP #cybersecurity #vulnerabilitymanagement https://lnkd.in/gJaZkRBA

Check out our latest blog on Progress MOVEit Transfer Authentication Bypass Vulnerability (CVE-2024-5806) and Data Exfiltration and our recommendations. https://lnkd.in/g7kuq7sY #cybersecurity #cyberawareness #cyberthreats #cyberdefense #malware #vmware #pickle #threats #exploits #malicious #attacks #gored #mitigate #excobalt #windows #macos #android #botnet #macoS #data #exfiltration #badspace #hackers #scattered #website #wordpress #account #authentication #sectors #cybergang #vulnerability

https://lnkd.in/dWtiuiyA "When it first executes, GhostEngine scans machines for any EDR, or endpoint protection and response, software that may be running. If it finds any, it loads drivers known to contain vulnerabilities that allow attackers to gain access to the kernel, the core of all operating systems that’s heavily restricted to prevent tampering. One of the vulnerable drivers is an anti-rootkit file from Avast named aswArPots.sys. GhostEngine uses it to terminate the EDR security agent. A malicious file named smartscreen.exe then uses a driver from IObit named iobitunlockers.sys to delete the security agent binary." "The infection chain starts with the execution of a malicious binary that masquerades as the legitimate Windows file TiWorker.exe. That file runs a PowerShell script that retrieves an obfuscated script, titled get.png, which downloads additional tools, modules, and configurations from an attacker-controlled server." #malware #ghostengine #xmrig #cryptojacking #endpoints #edr

Makers of insecure software are enablers of the real villains - The Register Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' "Despite a multi-billion-dollar cyber security industry, we still have a multi-trillion-dollar software quality issue leading to a multi-trillion-dollar global crime issue..." - Jen Easterly https://lnkd.in/eymJ7H9g #software #security #developer #programmer #cybersecurity

FIN7 sells improved EDR killer tool: The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver (ProcLaunchMon.sys), in conjunction with updated, Windows-trusted versions of the Process Explorer driver (procexp), the tool is able to effectively DoS some specific implementations of protected processes. “This updated version has been used in ransomware intrusions … More → The post FIN7 sells improved EDR killer tool appeared first on Help Net Security.

A high-severity security #vulnerability in Progress Software's #MOVEit Transfer software could allow #cyberattackers to get around the platform's authentication mechanismsz #cybersecurity

https://lnkd.in/eV5UMypF New Windows vulnerability in CLFS.sys could lead to system instability and denial of service #cyber #cyberrisk #cyberthreat #cyberattacks #cybercrime #cyberinsurance #identitytheft #databreach #datasecurity #dataprotection #datenschutz #ITsecurity #InformationSecurity #Phishing #Malware #NetworkSecurity #SecurityAwareness #Compliance #DataPrivacy #Encryption #IncidentResponse #CyberDefense #ThreatHunting #ZeroTrust #IncidentManagement #PenTesting #SOC #CISO #CyberAwareness #Ransomware #Infosec #SecureCoding #VulnerabilityManagement #GRC #DataGovernance #CyberHygiene

Hackers abuse Wevtutil.exe, a Windows utility that collects and organize windows logs. They exploited this tool to clear their activities on the system. "By default, Windows does not record events that indicate the deletion of non-security logs, such as Application or System. Administrators can mitigate this by enabling Audit Policies to monitor log removal operations." #Windows #Cybersecurity #InfoSec #CyberDefense #SecurityOperations

Critical Rust Vulnerability Let Hackers Inject Commands On Windows Systems https://lnkd.in/e-gXgaU8 #Infosec #Security #Cybersecurity #CeptBiro #Rust #Vulnerability #WindowsSystems