New attacks use Windows security bypass zero-day to drop malware

Windows attack

New phishing attacks use a Home windows zero-day vulnerability to drop the Qbot malware devoid of exhibiting Mark of the Web stability warnings.

When documents are downloaded from an untrusted distant location, this kind of as the Internet or an email attachment, Home windows increase a particular attribute to the file called the Mark of the World-wide-web.

This Mark of the World-wide-web (MoTW) is an alternate info stream that has facts about the file, these kinds of as the URL stability zone the file originates from, its referrer, and its obtain URL.

When a person tries to open up a file with a MoTW attribute, Home windows will display screen a safety warning asking if they are sure they want to open the file.

“Even though information from the Web can be practical, this file style can potentially damage your computer system. If you do not have faith in the source, do not open this application,” reads the warning from Windows.

Windows Mark of the Web security warning
Home windows Mark of the World-wide-web stability warning
Source: BleepingComputer

Past month, the HP threat intelligence team claimed that a phishing attack was distributing the Magniber ransomware applying JavaScript data files.

These JavaScript files are not the very same as those applied on web sites but are standalone files with the ‘.JS’ extension that are executed using the Home windows Script Host (wscript.exe).

Right after examining the information, Will Dormann, a senior vulnerability analyst at ANALYGENCE, uncovered that the threat actors have been working with a new Home windows

Read more
5 Ways to Boost Data Security on the Cloud

Cloud is a powerful device, but often it tricky to sustain details stability on the cloud. Which is for the reason that it is also a strong concentrate on.

Cloud security is an important issue, and it’s not just constrained to substantial firms. Tiny organizations can also be focused by hackers, who often go after compact targets in hopes that they won’t have the methods required to struggle back from them. In this article are 5 guidelines on how you can keep your information harmless on the cloud:

Protected Your Firewall 

You can secure your firewall by blocking ports and products and services, employing procedures, monitoring website traffic, and blocking suspicious requests. 

1 way to safeguard against attacks is to block obtain to the cloud servers from external networks. This indicates you need to block all incoming website traffic on TCP port 22 (SSH) and TCP port 443 (HTTPS). You also will need to block outgoing visitors on these ports. Nonetheless, if you require to use them for legit reasons, then there are techniques all over this limitation. 

on a computer

For example, you can use a VPN connection which makes it possible for you to securely join to the world-wide-web by means of an encrypted tunnel without exposing your community or systems specifically to the net. You can also set up SSH tunnels which are like digital non-public networks (VPNs) but dedicated just for SSH connections from your local device into the cloud server.

An additional solution is a internet application

Read more
Qualys previews TotalCloud FlexScan for multicloud security management

Vulnerability management seller Qualys this week introduced the demo availability of its TotalCloud with FlexScan featuring, an agentless, cloud-native vulnerability detection and response platform built for use in multicloud and hybrid environments.

The program is intended to present a holistic overview of an organization’s cloud-based mostly workloads and identify recognised vulnerabilities. The method also scans workloads to look at irrespective of whether they’ve opened network ports, and monitors a host of other factors to give a specific image of a business’ overall vulnerability standing, monitoring publicly uncovered VMs (virtual equipment), databases, user accounts and exploitable vulnerabilities in general public-dealing with property.

The enterprise explained that a lot of of TotalCloud’s capabilities are built to be no-code, allowing customers to use a GUI (graphical consumer interface) to carry out advanced operational jobs this sort of as quarantining assets and placing inform parameters, which would ordinarily require coding and be a great deal a lot more time-consuming.

TotalCloud, Qualys extra, is also designed as a devsecops software for builders, letting them to recognize and accurate security flaws at every action of the development approach.

TotalCloud attributes agentless style

One particular of TotalCloud’s major selling points is its agentless style, indicating that no software package has to operate on the monitored property, with the notion becoming that the software package will not have an effect on the workloads it is checking, according to IDC group vice president for safety and belief Frank Dickson.

“Agentless stability is a superb innovation to handle imperfective

Read more