In this week’s Security Snacks, we have:
- ATP FTW! Microsoft’s Advanced Threat Protection Exposes Privilege Escalation Flaw
- A Million or so Asus Computers Get ‘Poisoned’ Software Update Installed and Shipped
- Don’t Tell Me You Forgot about World Backup Day Again!?
Microsoft’s Advanced Threat Protection Exposes Privilege Escalation Flaw
Microsoft Defender ATP spots anomalous behavior from a device driver developed by Huawei.
Defender ATP is Microsoft’s solution for preventative protection, post-breach detection, automated investigation, and response. Microsoft recently studied an alert raised by the ATP kernel sensors. Microsoft is constantly looking to improve against kernel mitigations. Third-party kernel drivers, such as the one which alerted in ATP, have become a focus for attackers looking for vulnerabilities to expose. Kernel driver access full compromises a system . Not only can it allow an attacker to escalate their privileges and bypass security certifications, they can run any code they want.
On this occasion, Microsoft identified the issue as a vulnerability which would allow privilege escalation. They contacted the developer, Huawei. Huawei responded quickly and issued a fix as noted here.
Microsoft’s ATP product is constantly evolving to mitigate against threats in real-time. They recently they rebranded from Window Defender ATP to Microsoft Defender ATP, extending the product from Windows to include Macintosh and Linux devices, as well as Windows.
Microsoft give a full break down of the process from discovering the alert to protecting the devices in the article titled, From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw.
A Million or so Asus Computers Get ‘Poisoned’ Software Update Installed and Shipped
Asus Live Update Utility targeted by hackers attempting to spy on 600 ASUS devices.
Hackers took the cheeky approach of modifying the ASUS Live Update Utility on the ASUS internal servers, signing the utility with the company’s security certificate and keeping the file length the same to avoid detection.
The utility was shipped with ASUS devices from a period between June and November last year and it was identified that the back-door utility was intended to spy on approximately 600 devices, as identified from their MAC addresses which had been hardcoded into the hacked software.
It’s estimated that around 1 million devices shipped with the exposed software. ASUS issued an update to the utility on the 26th March and provided an online tool to check if a device was actively hijacked by the software hack. The dubbed it ShadowHammer.
You can read about the breach at the Register article titled, Spyware sneaks into ‘million-ish’ Asus PCs via poisoned software updates, says Kaspersky. You can get manufacturer details on how to update your ASUS device here.
Don’t Tell Me You Forgot About World Backup Day Again!?
Acronis attempts to raise aware of the need to backup our data by launching last weekend’s World Backup Day.
With data loss being a major threat to companies, be it via a ransomware attack, human error or hardware failure, it is important to communicate the need for a valid and successful backup data set.
In the enterprise, data loss can be economically dire and for any business, which cannot recover its data, it could spell potential disaster.
Acronis has launched World Backup Day to promote the need to backup systems and data, this comes in a week when former social media giant MySpace announced that it had lost 12 years of music uploads as a result of a server migration.
Simple backup procedures should be implemented to mitigate against data loss. Data sets should be stored locally for fast recovery, and in the cloud or at a remote site to avoid losing data should a fire, flood, or other type of disaster occur. You should validate the integrity of the backup process with daily checks.
As always, ensure your systems are patched with the latest updates for those operating systems to ensure cybercriminals cannot access your systems.
World Backup Day: Data loss underscores need to backup full details in this article titled, World Backup Day: Data loss underscores need to backup, or visit the and you can visit the World Backup Day website.