DLL hijacking – WindowsTechs.com

New DLL Search Order Hijacking Technique Targets WinSxS Folder

Posted on January 2, 2024 by Ionut Arghire

Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder.
The post New DLL Search Order Hijacking Technique Targets WinSxS Folder appeared first on SecurityWeek.
Continue reading New DLL Search Order Hijacking Technique Targets WinSxS Folder→

Common TTPs of attacks against industrial organizations

Posted on August 10, 2023 by Kirill Kruglov, Vyacheslav Kopeytsev, Artem Snegirev

In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Continue reading Common TTPs of attacks against industrial organizations→

Minas – on the way to complexity

Posted on May 17, 2023 by Ilya Borisov, Vasily Berdnikov

Kaspersky analysis of a complicated multi-stage attack dubbed Minas that features a number of detection evasion and persistence techniques and results in a cryptocurrency miner infection. Continue reading Minas – on the way to complexity→

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Posted on December 19, 2022 by Vitaly Morgunov, Dmitry Kondratyev, Alexander Kolesnikov, Alexey Kulaev

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell. Continue reading CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange→

Overlay Malware Targets Windows Users with a DLL Hijack Twist

Posted on October 19, 2020 by Tom Spring

Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software. Continue reading Overlay Malware Targets Windows Users with a DLL Hijack Twist→

Oh, what a boot-iful mornin’

Posted on June 23, 2020 by Alexander Eremin

In mid-April, our threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the World Bank in connection with the coronavirus pandemic” (in Russian) with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. Continue reading Oh, what a boot-iful mornin’→

Banking Trojan Metamorfo Hijacks Trusted Apps to Run Malware

Posted on June 4, 2020 by Bogdan Botezatu

Bitdefender researchers Janos Gergo SZELES and Ruben Andrei CONDOR have documented a new Metamorfo campaign that uses legitimate software components to compromise computers. Metamorfo is a family of banker Trojans that has been active since mid-2018. I… Continue reading Banking Trojan Metamorfo Hijacks Trusted Apps to Run Malware→

KBOT: sometimes they come back

Posted on February 10, 2020 by Anna Malina

We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT. Continue reading KBOT: sometimes they come back→

HP Touchpoint Analytics Opens PCs to Code Execution Attack

Posted on October 10, 2019 by Lindsey O'Donnell

The vulnerability stems from an issue with DLL loading in Open Source Hardware, used by tens of millions of computers, researchers say. Continue reading HP Touchpoint Analytics Opens PCs to Code Execution Attack→

Scranos Revisited – Rethinking persistence to keep established network alive

Posted on June 25, 2019 by Bogdan Botezatu

In April, Bitdefender broke the news of an emerging botnet dubbed Scranos. Originating from China, it has spread across Europe and the United States, snaring Windows and Android devices with advertising fraud and social network manipulation. Our origin… Continue reading Scranos Revisited – Rethinking persistence to keep established network alive→