Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install “undeletable” malware and access the victim’s private data by circumventing Transparency, Consent, and Control (TCC) security checks. […]
Related Posts
![Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKMmsWxG-iiKSMtt4ml4JrmYmFKnKqX7IXYieNLcJxWMaNeYM8hoQI9GsfnCNwXRg0Pamr_tPRp4G8EplBXVQoeWrx2PG-HBARn4EqybK8Q4k-Srse6rFe1T35Fs5Vt5UOi4DqYCaamwo4r4nfL6_1v1Ie0YwkQ1L5IV-xDpTIt2yW9Eifl6Z-5Ac_qAO8/s72-c/putty.png)
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
[[{“value”:”The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.
The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Hackers Abuse Windows Search Functionality To Deploy Malware
Hackers Abuse Windows Search Functionality To Deploy Malware
Hackers use Windows Search’s vulnerability to penetrate different layers and rooms in the client’s systems and execute unauthorized code by using bugs in the search functionality itself.
This enables them to increase their privileges, disseminate viruses and malware, and steal confidential data by manipulating search queries or linking routines.
Cybersecurity researchers at Trustwave SpiderLabs recently identified hackers who have been actively using the Windows Search functionality to deploy malware.
Hackers Abuse Windows Search
This complex malware campaign uses the HTML Windows search to spread malware.
The attack is initiated through an email with a zipped archive that embeds a malicious HTML file, which looks like any other normal document used daily as its disguise strategy.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.
It reduces file sizes for faster transmission, allows evasion from scanners that overlook zipped contents, and presents another layer to compromise basic security measures.
However, it’s small in scale, and the campaign reveals the extent to which threat actors have studied system vulnerabilities and user behavior.
Clever code tricks use a malicious HTML attachment that exploits the Windows search functionality.
Trustwave said that the tag instantly redirects the browser to an exploit URL when opened, which helps prevent user intervention.
Alternatively, it contains a clickable link that could entice users to initiate the attack manually if the automatic redirection fails.
This is just one more approach by which these threat actors have shown their deep knowledge about how browsers work and what they can do with users by making them trust their malware payload.
Crafted search queries prompt Windows Explorer to execute such a search and abuse the search protocol by redirecting the browser using malicious HTML.
It checks for files that have “INVOICE” written on them but simultaneously focuses only on files within a remote malicious server tunneled through Cloudflare’s service.
The display name parameter gives the impression of legitimacy by renaming the search as “Downloads”.
By incorporating WebDAV, remote malicious files become visible as if they were local resources, making it difficult for users to identify malicious intent.
This group has, therefore, embarked on sophisticated exploitation of Windows search functionality and web protocols to facilitate their malware payload delivery with the maximum credibility possible.
The Windows search URI protocol will be abused to attack and prevent by removing the associated registry entries through commands given.
Updates have been made by Trustwave to identify the malicious HTML attachment, which is meant to enable scripts that exploit the search functionality.
This social engineering attack does not use any automation but rather disguises malicious activities as everyday jobs, such as opening attachments, consequently taking advantage of users’ trust in typical interfaces.
Continuous user education and proactive security measures are essential as deceptive techniques change to counter this kind of threat in an ever-changing scenario.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post Hackers Abuse Windows Search Functionality To Deploy Malware appeared first on Cyber Security News.
![New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdejbX7plP646CRiTAFjJ1Ip8hTXnWD18x3PY2B9bVK1Q9Nbj8swU-0fJ-hUDzn2Xeq7kq7FeEuDVDstLSo_mLAYtQkmu43Leiur7Dv0nmDlpfURd5O0rBSSotFiTCw7JzVybqJXwhGzt39X-6z9o-KZCe6tqWh55H28qi0e7aEz0s7pa_YoipllAxvi0/s72-c/Safer.jpg)
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose mission is to build technology to defend children from sexual abuse. Research shared in the Emerging Online Trends in Child Sexual Abuse 2023 report, indicates that minors are increasingly taking and sharing sexual images of themselves. This activity may occur consensually or Read More
The Hacker News | #1 Trusted Cybersecurity News Site