-
Hackers use VPN provider's code certificate to sign malware
The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider.
- August 19, 2023
- 10:07 AM
0
-
QBot malware abuses Windows WordPad EXE to infect devices
The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software.
- May 27, 2023
- 11:12 AM
2
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Hackers start using double DLL sideloading to evade detection
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.
- May 03, 2023
- 05:21 PM
- 0
-
Old Windows ‘Mock Folders’ UAC bypass used to drop malware
A new phishing campaign targets organizations in Eastern European countries with the Remcos RAT malware with aid from an old Windows User Account Control bypass discovered over two years ago.
- March 06, 2023
- 04:34 PM
- 0
-
QBot phishing abuses Windows Control Panel EXE to infect devices
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software.
- November 17, 2022
- 01:19 PM
- 0
-
Cisco warns admins to patch AnyConnect flaws exploited in attacks
Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.
- October 25, 2022
- 04:55 PM
- 0
-
QBot phishing uses Windows Calculator DLL hijacking to infect devices
The operators of the QBot malware have been using a DLL hijacking flaw in Windows Calculator to infect computers, which also helps evade detection by security software.
- July 24, 2022
- 11:18 AM
- 0
-
Trend Micro fixes bug Chinese hackers exploited for espionage
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.
- May 24, 2022
- 12:09 PM
- 0
-
Conti, REvil, LockBit ransomware bugs exploited to block encryption
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today.
- May 03, 2022
- 05:34 PM
- 0
-
New Windows 'Pingback' malware uses ICMP for covert communication
Today, Trustwave researchers have disclosed their findings on a novel Windows malware sample that uses Internet Control Message Protocol (ICMP) for its command-and-control (C2) activities. Dubbed "Pingback," this malware targets Windows 64-bit systems, and uses DLL Hijacking to gain persistence.
- May 04, 2021
- 09:00 AM
- 1
-
Bypassing Windows 10 UAC with mock folders and DLL hijacking
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.
- July 31, 2020
- 12:48 PM
- 4
-
Almost 300 Windows 10 executables vulnerable to DLL hijacking
A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10.
- June 27, 2020
- 10:05 AM
- 0
-
CoinMiner exploits Apple APSDaemon vulnerability to evade detection
Malware distributors are abusing a DLL hijacking vulnerability in Apple's Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software.
- June 16, 2020
- 11:04 AM
- 0
-
Dell SupportAssist Bug Exposes Business, Home PCs to Attacks
Dell published a security update to patch a SupportAssist Client software flaw which enables potential local attackers to execute arbitrary code with Administrator privileges on vulnerable computers.
- February 10, 2020
- 06:47 PM
- 1
-
Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows
Realtek fixed a security vulnerability discovered in the Realtek HD Audio Driver Package that could allow potential attackers to gain persistence, plant malware, and evade detection on unpatched Windows systems.
- February 04, 2020
- 06:48 PM
- 9
-
AdwCleaner 8.0.1 Fixes DLL Hijacking Vulnerability
Malwarebytes has released AdwCleaner 8.0.1 and in addition to various improvements to the tool's scanning engine, it also fixes a DLL hijacking vulnerability.
- December 19, 2019
- 03:43 PM
- 1
-
Update Intel's Rapid Storage App to Fix Bug Letting Malware Evade AV
A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows.
- December 16, 2019
- 11:00 PM
- 0
-
Symantec Fixes Privilege Escalation Flaw in Endpoint Protection
Symantec fixed a local privilege escalation security flaw affecting all Symantec Endpoint Protection software versions prior to 14.2 RU2, and allowing attackers to escalate privileges on compromised devices and execute malicious code using SYSTEM privileges.
- November 14, 2019
- 09:16 AM
- 0
-
HP Touchpoint Analytics LPE Vulnerability Affects Most HP PCs
HP patched a vulnerability discovered in the HP Touchpoint Analytics software installed by default on most of its Windows laptops and desktops, a flaw allowing attackers to escalate privileges and execute arbitrary code using SYSTEM privileges.
- October 10, 2019
- 10:52 AM
- 1
-
Check Point Patches Privilege Escalation Flaw in Endpoint Client
Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges.
- August 27, 2019
- 02:53 PM
- 1
- 1
- 2
