fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Patches Windows DogWalk zero-day Exploited in Attacks

Microsoft Patches Windows DogWalk zero-day Exploited in Attacks

Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks.

Fixed as part of the August 2022 Patch Tuesday, this security flaw is now tracked CVE-2022-34713 and has been jokingly named DogWalk.

It is due to a path traversal weakness in the Windows Support Diagnostic Tool (MSDT) that attackers can exploit to gain remote code execution on compromised systems.

They can do that by adding maliciously crafted executables to the Windows Startup when the target opens a maliciously crafted .diagcab file (received via email or downloaded from the web).

Also Read: Top 10 Exceptional And Creative Website Design Guidelines

The planted executables would then automatically be executed the next time the victims restart their Windows device to perform various tasks such as downloading additional malware payloads.

DogWalk was publicly disclosed by security researcher Imre Rad more than two years ago, in January 2020, after Microsoft replied to his report saying it won’t provide a fix because this isn’t a security issue. 

However, the Microsoft Support Diagnostics Tool bug was recently re-discovered and brought back to public attention by security researcher j00sean.

While unauthenticated attackers can exploit the vulnerability in low-complexity attacks, successful exploitation does require user interaction (tricking the target into opening malicious email attachments or clicking a link to download and run a malicious file). 

Also Read: Data Protection Officer Duties And Responsibilities

“In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file,” Microsoft explains in today’s advisory.

“In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.”

According to Microsoft, DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.

Last month, Microsoft was forced to publish an official security advisory regarding another Windows MSDT zero-day (known as Follina) after rejecting an initial report and tagging it as not a “security-related issue.”

Today, the company also released security updates to address a publicly disclosed zero-day tracked as ‘CVE-2022-30134 – Microsoft Exchange Information Disclosure Vulnerability,’ allowing attackers to read targeted email messages.

In all, Microsoft patched 112 vulnerabilities as part of the August 2022 Patch Tuesday, including 17 critical ones allowing for remote code execution and privilege escalation.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us