FLSI • Managed IT Solutions’ Post

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. " 𝗛𝗶𝘁 𝘁𝗵𝗲 𝘁𝗵𝘂𝗺𝗯𝘀 𝘂𝗽 𝗶𝗳 𝘁𝗵𝗶𝘀 𝗮𝗱𝗱𝘀 𝘃𝗮𝗹𝘂𝗲! The Hackers News

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. " 𝗛𝗶𝘁 𝘁𝗵𝗲 𝘁𝗵𝘂𝗺𝗯𝘀 𝘂𝗽 𝗶𝗳 𝘁𝗵𝗶𝘀 𝗮𝗱𝗱𝘀 𝘃𝗮𝗹𝘂𝗲! The Hackers News

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools: A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "

Cybersecurity researchers from Akamai have discovered a new way to get malware to run on Windows devices without triggering Endpoint Detection and Response (EDR) tools. UI Automation is a part of the .NET Framework is a feature designed to provide programmatic access to user interface elements, enabling assistive technologies like screen readers to interact with applications and help users with disabilities. If a piece of malware were to abuse UI Automation, it could execute different malicious commands without triggering detection tools. #edr #malware #xdr #mssp #vciso https://lnkd.in/e5pgruNb

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "This can lead to stealthy command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more." Even worse, local attackers could take advantage of this security blindspot to execute commands and read/write messages from/to messaging applications like Slack and WhatsApp. On top of that, it could also be potentially weaponized to manipulate UI elements over a network. First available in Windows XP as part of the Microsoft .NET Framework, UI Automation is designed to provide programmatic access to various user interface (UI) elements and help users manipulate them using assistive technology products, such as screen readers. It can also be used in automated testing scenarios. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools https://lnkd.in/dFvxHVvn

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools https://buff.ly/4it41JM #Cybersecurity #InternetSafety #WebProtection #OnlineSecurity #DataPrivacy #SecureBrowsing #PhishingProtection #MalwarePrevention #BrowserSecurity #FraudAlert #ThreatDetection #SafeSurfing #DigitalSecurity #PrivacyEnhancement #CyberSafe #NetGuard #WebShield #InfoSec #PrivacyFirst #ScamBlock #ThreatIntel #SurfSafely #SecureNet #FraudWatch #Tripleye

How DNS was used to modify Mac and Windows software updates from loose vendors to install malware and gain full control. In a nutshell: 1- DNS resolution poisoning on the end user device to reroute updates that are set by software vendors to use http flows instead of https. 2- Man in the middle at the ISP level (pre conditionned via exploit) 3- Unscrupulous vendors software updates now contain malware. 4- Malware took control of end user device. 5- Game over - Repeat and scald. Remedy if not already a victim: block outgoing http traffic with your firewall at the local host or network level. Andy Jenkinson #dns

Fake CrowdStrike repair manual pushes new infostealer malware. CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. Since Friday, when the buggy CrowdStrike Falcon update caused global IT outages, threat actors have quickly begun to capitalize on the news to deliver malware through fake fixes. A new campaign conducted through phishing emails pretends to be instructions on using a new Recovery Tool that fixes Windows devices impacted by the recent CrowdStrike Falcon crashes. Once active on the system, the stealer harvests account credentials, browser history, and authentication cookies stored in Chrome, Edge, Firefox, and the Cốc Cốc web browsers. https://lnkd.in/eqAdvpJm

⚠️ Zip files Hackers are now using ZIP file concatenation to evade detection on Windows machines. This technique exploits the different methods ZIP parsers and file managers use to handle concatenated ZIP files. Perception Point discovered a concatenated ZIP file hiding a trojan during the analysis of a phishing attack that lured users with a fake delivery notice. To defend against these concatenated ZIP files, users and organizations should use security solutions that support recursive unpacking and treat emails with ZIP attachments with suspicion, implementing filters to block these file extensions in critical environments.