August 2020

Native Windows Ransomware protection works better than any 3rd party endpoint protection  How Windows Defender Ransomware protection works Step 0 Turn on Windows Defender Ransomware protection(Start   > Settings  > Update & Security > Windows Security > Virus & threat protection> Manage ransomware protection> Controlled folder access. ) Step 1 Windows Defender will identify malicious software/process/access Step 2 […]

Microsoft Put Off Fixing Zero Day for 2 Years https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464 https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/ https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd This is fucking bonkers https://t.co/XXiwW2b062 — SwiftOnSecurity (@SwiftOnSecurity) June 13, 2020 What does this matter? 1) Attackers can bypass security features(Any antivirus/security endpoint) and load improperly signed files 2)Windows cannot validate file signatures correctly 3)This was first spotted in attacks used in

Initial spreading Drive-by Compromise https://attack.mitre.org/techniques/T1189/ Fake Google Chrome updates that are delivered to victims via drive-by download attacks when victims browse compromised websites. The initial malware is delivered to victims in the form of a ZIP archive that contains a malicious JavaScript file. Theoretical mitigations: Application Isolation and Sandboxing, Exploit Protection, Restrict Web-Based Content, Update

More details about Zero trust network