fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans

Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender’s malware detection engine.

This security flaw [12] affected the latest Windows 10 versions, and threat attackers could abuse it since at least 2014.

Exploiting the weakness was possible because the Registry key was accessible by the ‘Everyone’ group, as shown in the image below.

Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes

Exclusions Registry key accessible by the Everyone group
Exclusions Registry key accessible by the Everyone group
Source: BleepingComputer

This made it possible for local users (regardless of their permissions) to access it via the command line by querying the Windows Registry.

Accessing Defender exclusions
Accessing Defender exclusions (BleepingComputer)

Security expert Nathan McNulty also warned that users could also grab the list of exclusions from registry trees with entries storing Group Policy settings, which is much more sensitive info as it provides exclusions for multiple computers on a Windows domain.

After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.

By exploiting this weakness, BleepingComputer could execute a sample of Conti ransomware from an excluded folder and encrypt a Windows system without any warnings or signs of detection from Microsoft Defender.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Security weakness addressed silently by Microsoft

This is no longer be possible given Microsoft has now addressed the weakness via a silent update, as spotted by Dutch security expert SecGuru_OTX on Thursday.

SentinelOne threat researcher Antonio Cocomazzi confirmed that the flaw can no longer be used on Windows 10 20H2 systems after installing the February 2022 Patch Tuesday Windows updates.

Some users are seeing the new permission change after installing the February 2022 Patch Tuesday Windows cumulative updates.

On the other hand, Will Dormann, a vulnerability analyst for CERT/CC, noted that he received the permissions change without installing any updates, indicating that the change could be added by both Windows updates and Microsoft Defender security intelligence updates.

As BleepingComputer was also able to confirm today, the permissions on Windows advanced security settings for Defender exclusions have indeed been updated, with the ‘Everyone’ group removed from the Registry key’s permissions.

New permissions for the Exclusions Registry key
New permissions for the Exclusions Registry key
Source: BleepingComputer

On Windows 10 systems where this change has already rolled out, users are now required to have admin privileges to be able to access the list of exclusions via the command line or when adding them using the Windows Security settings screen.

Also Read: Data Protection Officer Singapore | 10 FAQs

Access to Defender exclusions now blocked
Access to Defender exclusions now blocked (BleepingComputer)

The change rolled out since our previous report, but, at the moment, only Microsoft knows how it was pushed to affected Windows 10 systems (via Windows updates, Defender intelligence updates, or other means).

A Microsoft spokesperson was not available for comment when contacted by BleepingComputer earlier today.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us