Microsoft issues Windows warning, Windows log used to hide malware and why you need to tighten cloud security.
Welcome to cybersecurity today. It’s Friday September 10th. I’m Howard Solomon, contributing author on cybersecurity for ITWorldCanada.com.
Windows administrators should pay attention to a warning issued this week for a remote code execution vulnerability. The problem lies in a bug in a browser rendering component called MSHTML. This is triggered when a victim opens a malicious Microsoft Office document. Inside the document is an ActiveX control that exploits the bug to give an attacker unrestricted access to their computer. From there, the attacker can download malware and do all kinds of nasty things. If your business doesn’t use Internet Explorer, you won’t be affected. If you are using Internet Explorer, consider disabling the installation of all new ActiveX controls. Some antivirus products can catch this attack.
Researchers from the security company Huntress issued this notice, claiming that Microsoft’s workaround is not effective in all cases.
during this time FireEye’s Mandiant Threat Intelligence Team discovered a new family of malware that exploits a flaw in the Windows Common Log File System, or CLFS. In short, an attacker using this technique can hide registry modification data in the form of log records. This works because the CLFS file format is not widely used or documented, so there are no tools to analyze these log files. A threat researcher reportedly said it’s like an attacker finding a dark haystack to hide a needle. There is a link in the text version of this podcast to the Mandiant Report with advice for threat hunters on how to comb through CLFS for signs of this malware.
Palo Alto Networks’ Unit 42 Threat Intelligence Team identified what it says is the first known vulnerability that could allow a user of Microsoft’s Azure Container-as-a-Service platform to break out of their environment to attack users of the same cloud service. Cloud environments are supposed to be built so that Company A’s service on a cloud platform cannot be used to attack Company B on the same platform. Microsoft quickly fixed this problem. But, say, researchers, it highlights the need for cloud users to take a defense-in-depth approach to securing cloud workloads.
Ultimately, organizations that use ManageEngine’s ADSelfServicePlus for password management are warned to update to the latest version. This is because a serious vulnerability has been found
Later today, the Week in Review podcast will be released. I’ll talk with Terry Cutler from Cyology Labs in Montreal about other ways to fight ransomware.
Remember that the links to details on the podcast stories can be found in the text version at ITWorldCanada.com. This is where you will find other stories of mine as well.
Follow Cyber ââSecurity Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smart speaker. Thanks for listening. I am Howard Salomon