Hope and fear as tourists trickle back to Kashmir town after attack    Spain and Portugal scramble to restore power as officials chase cause of outage    Israel spy chief to step down after row with Netanyahu exposes deepening rifts    Saudi, Omani foreign ministers visit Rub' Al-Khali border crossing    From his own resources... Luminous lessons in leadership and humanity    Commerce Ministry recalls 6,500 Genesis cars due to risk of fire    Royal Institute of Traditional Arts implements Saudi-Chinese cultural exchange program    Localization in Saudi military industries rises to 19.35%    Logistics park for vehicles worth SR300 million to be set up at Dammam port    HONOR KSA expands its presence with new flagship Experience Store in Riyadh HONOR's first flagship store in KSA provides visitors with a premium experience, exciting offers and free services    Prince Sultan University launches first bachelor's program in language and media    Putin announces three-day Russian ceasefire in Ukraine from 8 May    Al-Falih: Eastern Province hosts 700 investment opportunities worth SR330 billion    Rock & Roll Hall of Fame picks Outkast but not Oasis    Duran leads Al Nassr past Yokohama Marinos into AFC Champions League Elite semi-finals    Al Ahli cruise past Buriram into AFC Champions League Elite semi-finals    Saudi orchestra to perform at Sydney Opera House in May    Al Hilal thrash Gwangju to reach AFC Champions League Elite semi-finals    Saudi Theater Commission launches its Work and Learn Project in UK    The season has begun — and one comment shook us all    Pakistani star's Bollywood return excites fans and riles far right    Veteran Bollywood actor Manoj Kumar dies at 87    Bollywood actress vindicated over boyfriend's death after media hounding    Grand Mufti rules against posting prayers and preaching in mosques on social media    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Kaspersky uncovers critical vulnerability in Windows OS
Published in The Saudi Gazette on 20 - 04 - 2019

Kaspersky Lab's automated technologies have detected a previously unknown vulnerability in Microsoft Windows. It was exploited by an unidentified criminal group in an attempt to gain full control over a targeted device. The attack was aimed at the core of the system – its kernel – through a backdoor constructed from an essential element of Windows OS.
Backdoors are an extremely dangerous type of malware, as they allow threat actors to control infected machines discreetly for malicious purposes. Such escalation of privileges from a third party is usually hard to hide from security solutions. However, a backdoor that exploits a previously unknown bug in the system – a zero-day vulnerability – has significantly more chances to fly under the radar. Ordinary security solutions can't recognize the system infection nor can they protect users from the yet-to-be-recognized threat.
Kaspersky Lab's Exploit Prevention technology was able to detect though the attempt to exploit the unknown vulnerability in Microsoft Windows OS. The attack scenario found was the following: once the malicious .exe file was launched, installation of the malware was initiated. The infection exploited a zero-day vulnerability and achieved privileges for successful persistence on the victim's machine. The malware then initiated the launch of a backdoor developed with a legitimate element of Windows, present on all machines running on this OS – a scripting framework called Windows PowerShell. This allowed threat actors to be stealthy and avoid detection, saving them time in writing the code for malicious tools. The malware then downloaded another backdoor from a popular legitimate text storage service, which in turn gave criminals full control over the infected system.
"In this attack, we observed two main trends that we often see in Advanced Persistent Threats (APTs). First, the use of local privilege escalation exploits to successfully persist on the victim's machine. Second, the use of legitimate frameworks like Windows PowerShell for malicious activity on the victim's machine. This combination gives the threat actors the ability to bypass standard security solutions. To detect such techniques, the security solution must use exploit prevention and behavioral detection engines," said Anton Ivanov, a security expert at Kaspersky Lab.
Kaspersky Lab products detected the exploit as:
•HEUR:Exploit.Win32.Generic
•HEUR:Trojan.Win32.Generic
• PDM:Exploit.Win32.Generic
The vulnerability was reported to Microsoft and patched on April 10.
To prevent the installation of backdoors through Windows zero-day vulnerability, Kaspersky Lab recommends taking the following security measures:
• Once the vulnerability is patched and the patch is downloaded, threat actors lose the opportunity to use it. Install Microsoft's patch for the new vulnerability as soon as possible
• If you are concerned about the safety of your whole organization, make sure that all software is updated as soon as a new security patch is released. Use security products with vulnerability assessment and patch management capabilities to make sure these processes run automatically
• Use a proven security solution with behavior-based detection capabilities for protection against unknown threats, such as Kaspersky Endpoint Security
• Make sure your security team has access to the most recent cyber threat intelligence. Private reports on the latest developments in the threat landscape are available to customers of Kaspersky Intelligence Reporting.
For further details, contact: [email protected]
• Last, but not least, ensure your staff is trained in the basics of cybersecurity hygiene — SG


Clic here to read the story from its source.