#microsoftdefender — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #microsoftdefender, aggregated by home.social.
-
AI-powered defense for an AI-accelerated threat landscape https://www.yayafa.com/2799125/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #Copilot #Microsoft #MicrosoftAI #MicrosoftCopilot #MicrosoftDefender #MicrosoftSecurity #エージェント型AI #人工知能 #汎用人工知能
-
Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust
#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows
-
Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust
#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows
-
Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust
#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows
-
Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust
#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows
-
Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust
#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows
-
DigiCert breached via malicious screensaver file
#DigiCert #MicrosoftDefender #ZhongStealer
https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/ -
#MicrosoftDefender wrongly flags #DigiCert certs as #Trojan:Win32/Cerdigent(dot)A!dha
-
Der #MicrosoftDefender stuft nach einem Signatur-Update legitime #Zertifikate als #Trojaner ein und löscht sie. Dadurch kam es zu Störungen bei Webseiten und Anwendungen. Ein Fix steht bereit. #Fehlalarm https://winfuture.de/news,158482.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
-
Der #MicrosoftDefender stuft nach einem Signatur-Update legitime #Zertifikate als #Trojaner ein und löscht sie. Dadurch kam es zu Störungen bei Webseiten und Anwendungen. Ein Fix steht bereit. #Fehlalarm https://winfuture.de/news,158482.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
-
Der #MicrosoftDefender stuft nach einem Signatur-Update legitime #Zertifikate als #Trojaner ein und löscht sie. Dadurch kam es zu Störungen bei Webseiten und Anwendungen. Ein Fix steht bereit. #Fehlalarm https://winfuture.de/news,158482.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
-
Der #MicrosoftDefender stuft nach einem Signatur-Update legitime #Zertifikate als #Trojaner ein und löscht sie. Dadurch kam es zu Störungen bei Webseiten und Anwendungen. Ein Fix steht bereit. #Fehlalarm https://winfuture.de/news,158482.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
-
Der #MicrosoftDefender stuft nach einem Signatur-Update legitime #Zertifikate als #Trojaner ein und löscht sie. Dadurch kam es zu Störungen bei Webseiten und Anwendungen. Ein Fix steht bereit. #Fehlalarm https://winfuture.de/news,158482.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
-
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
#MicrosoftDefender #DigiCert #GoldenEyeDog #ZhongStealer
https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/ -
Komari Red: The Monitoring Tool with a Built-in Reverse Shell
On April 16, 2026, a threat actor leveraged stolen VPN credentials to access a Windows workstation and deployed a SYSTEM-level backdoor using the Komari agent, an open-source monitoring tool with built-in command-and-control capabilities. The attacker authenticated through an SSLVPN session from IP 45.153.34[.]132 and used Impacket smbexec.py to enable RDP on the target system. The Komari agent was installed as a persistent Windows service named 'Windows Update Service' using NSSM, pulling the installer directly from the official GitHub repository. Komari provides bidirectional control through WebSocket connections, offering arbitrary command execution, interactive reverse shell access, and network probing capabilities by default. Microsoft Defender quarantined an earlier registry dump attempt, forcing the adversary to pivot to this GitHub-based approach. This represents the first publicly documented case of Komari being abused in a real-world intrusion.
Pulse ID: 69f29e7612b827a15dfc7787
Pulse Link: https://otx.alienvault.com/pulse/69f29e7612b827a15dfc7787
Pulse Author: AlienVault
Created: 2026-04-30 00:12:38Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #GitHub #InfoSec #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RCE #RDP #SMB #SSL #VPN #Windows #bot #AlienVault
-
We'll install MS Defender on your VMs, they said.
It will make them more secure, they said.#infosec #Defender #MicrosoftDefender
#RedSun #BlueHammer #UnDefend -
🔐 Just shipped a fix for the April 2026 Windows update (KB5083769) that flags unsigned RDP files as "Unknown Publisher".
If you manage RDP shortcuts via Intune and your users are suddenly seeing red security warnings — here's a complete solution:
✅ Self-signed code signing cert (no PKI required)
✅ rdpsign.exe signing workflow
✅ Intune Win32 package (install + uninstall scripts)
✅ Trusted Certificate profile + Settings Catalog policies
✅ Versioned detection rule for clean updates
✅ Supersedence pattern for migrating from unsigned deployments
Tested in production on a real M365 Business Premium environment.
🔗 github.com/Bluewal/m365-intune-scripts/tree/main/intune/rdp-signing
#Intune #Microsoft365 #RDP #BlueTeam #WindowsSecurity #MicrosoftDefender -
🔐 Just shipped a fix for the April 2026 Windows update (KB5083769) that flags unsigned RDP files as "Unknown Publisher".
If you manage RDP shortcuts via Intune and your users are suddenly seeing red security warnings — here's a complete solution:
✅ Self-signed code signing cert (no PKI required)
✅ rdpsign.exe signing workflow
✅ Intune Win32 package (install + uninstall scripts)
✅ Trusted Certificate profile + Settings Catalog policies
✅ Versioned detection rule for clean updates
✅ Supersedence pattern for migrating from unsigned deployments
Tested in production on a real M365 Business Premium environment.
🔗 github.com/Bluewal/m365-intune-scripts/tree/main/intune/rdp-signing
#Intune #Microsoft365 #RDP #BlueTeam #WindowsSecurity #MicrosoftDefender -
🔐 Just shipped a fix for the April 2026 Windows update (KB5083769) that flags unsigned RDP files as "Unknown Publisher".
If you manage RDP shortcuts via Intune and your users are suddenly seeing red security warnings — here's a complete solution:
✅ Self-signed code signing cert (no PKI required)
✅ rdpsign.exe signing workflow
✅ Intune Win32 package (install + uninstall scripts)
✅ Trusted Certificate profile + Settings Catalog policies
✅ Versioned detection rule for clean updates
✅ Supersedence pattern for migrating from unsigned deployments
Tested in production on a real M365 Business Premium environment.
🔗 github.com/Bluewal/m365-intune-scripts/tree/main/intune/rdp-signing
#Intune #Microsoft365 #RDP #BlueTeam #WindowsSecurity #MicrosoftDefender -
🔐 Just shipped a fix for the April 2026 Windows update (KB5083769) that flags unsigned RDP files as "Unknown Publisher".
If you manage RDP shortcuts via Intune and your users are suddenly seeing red security warnings — here's a complete solution:
✅ Self-signed code signing cert (no PKI required)
✅ rdpsign.exe signing workflow
✅ Intune Win32 package (install + uninstall scripts)
✅ Trusted Certificate profile + Settings Catalog policies
✅ Versioned detection rule for clean updates
✅ Supersedence pattern for migrating from unsigned deployments
Tested in production on a real M365 Business Premium environment.
🔗 github.com/Bluewal/m365-intune-scripts/tree/main/intune/rdp-signing
#Intune #Microsoft365 #RDP #BlueTeam #WindowsSecurity #MicrosoftDefender -
🔐 Just shipped a fix for the April 2026 Windows update (KB5083769) that flags unsigned RDP files as "Unknown Publisher".
If you manage RDP shortcuts via Intune and your users are suddenly seeing red security warnings — here's a complete solution:
✅ Self-signed code signing cert (no PKI required)
✅ rdpsign.exe signing workflow
✅ Intune Win32 package (install + uninstall scripts)
✅ Trusted Certificate profile + Settings Catalog policies
✅ Versioned detection rule for clean updates
✅ Supersedence pattern for migrating from unsigned deployments
Tested in production on a real M365 Business Premium environment.
🔗 github.com/Bluewal/m365-intune-scripts/tree/main/intune/rdp-signing
#Intune #Microsoft365 #RDP #BlueTeam #WindowsSecurity #MicrosoftDefender -
New #MicrosoftDefender “#RedSun” zero-day PoC grants SYSTEM privileges
-
https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/
Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days
#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution
-
https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/
Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days
#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution
-
https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/
Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days
#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution
-
https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/
Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days
#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution
-
Weird Intune/MDE issue 🧵
ASR policy (Block PSExec/WMI) shows 38 Succeeded in Intune, but Get-MpPreference returns empty on endpoints and registry key doesn't exist.
AttackSurfaceReductionRules_ProviderSet = 1 in PolicyManager but no actual rule values written anywhere.
Cloud-only, no SCCM. Anyone seen this? #MicrosoftDefender #Intune #MDE -
Tired of digging through menus just to configure Windows 11 Defender?
DefenderUI gives you a clean, powerful GUI that puts full control of Microsoft Defender at your fingertips, no guesswork, no clutter.
#Windows11 #MicrosoftDefender #DefenderUI #CyberSecurity #Infosec #WindowsSecurity
-
Ranking antywirusów na koniec 2025 roku. Kto daje 100% ochrony, a kto zawodzi?
Laboratorium AV-Comparatives opublikowało wyniki swoich najnowszych, kompleksowych testów oprogramowania zabezpieczającego.
Raporty zamykające rok 2025 przynoszą dobre wieści dla użytkowników darmowych rozwiązań (świetny wynik Microsoft Defender), ale też ostrzeżenie przed produktami, które generują rekordowe liczby fałszywych alarmów.
Najważniejszym sprawdzianem dla każdego pakietu ochronnego jest tzw. Real-World Protection Test. W edycji obejmującej okres od lipca do października 2025 roku badacze sprawdzili 19 popularnych programów na próbce 428 realnych zagrożeń (złośliwe strony, ataki drive-by download).
Elita ze skutecznością 100%
Bezbłędną skutecznością wykazały się trzy pakiety, które zablokowały absolutnie wszystkie próbki złośliwego oprogramowania (100% Protection Rate). Są to:
- Avast (Free Antivirus)
- AVG (AntiVirus Free)
- Norton (Antivirus Plus)
Tuż za nimi, z wynikiem 99,5%, uplasowała się silna grupa pościgowa, w której znalazły się m.in.: Kaspersky, ESET oraz Bitdefender (99,1%). Co istotne dla użytkowników systemu Windows – domyślny Microsoft Defender (standardowe oprogramowanie ochronne w systemie Microsoftu) również trafił do najwyższej kategorii „Advanced+”, osiągając solidne 99,1% skuteczności przy bardzo niskiej liczbie fałszywych alarmów.
Trend Micro i Malwarebytes z problemami
Wysoka wykrywalność to nie wszystko – liczy się też brak pomyłek. W tej kategorii najgorzej wypadł Trend Micro, który aż 75 razy błędnie oznaczył bezpieczne pliki lub strony jako zagrożenie. Słabo pod tym względem zaprezentowały się również Malwarebytes (42 fałszywe alarmy) oraz K7 (34 pomyłki). Z powodu tak dużej liczby błędów, produkty te zostały zdegradowane w rankingu końcowym do niższych kategorii certyfikacji, mimo przyzwoitej skuteczności wykrywania wirusów.
Ochrona zakupów: wykrywanie fałszywych sklepów
W kontekście zbliżających się Świąt, kluczowy jest test Fake Shops Detection 2025. Eksperci sprawdzali, czy antywirusy potrafią uchronić użytkownika przed wejściem na stronę udającą sklep internetowy, której celem jest kradzież danych karty kredytowej. Certyfikat potwierdzający skuteczność w tym obszarze otrzymała wąska grupa produktów:
- Avast Premium Security
- F-Secure Internet Security
- Kaspersky Premium
- Norton 360 Deluxe
Zaawansowane zagrożenia i Stalkerware
Dla najbardziej wymagających użytkowników przeprowadzono test Advanced Threat Protection (ATP), sprawdzający odporność na ataki celowane i bezplikowe. Tutaj rynek konsumencki prezentuje bardzo wysoki poziom – aż 7 z 8 testowanych produktów (w tym wersje darmowe Avast, AVG i Avira) otrzymało najwyższą ocenę „Advanced+”.
Równolegle, we współpracy z Electronic Frontier Foundation (EFF), przetestowano 13 aplikacji mobilnych na Androida pod kątem wykrywania oprogramowania szpiegującego (stalkerware). Raport zwraca uwagę na niepokojący trend rynkowy: sprawcy przemocy domowej coraz częściej porzucają aplikacje szpiegowskie na rzecz tanich lokalizatorów Bluetooth (jak AirTag i podobne), co stanowi nowe wyzwanie dla branży bezpieczeństwa.
Tylko 2% polskich małych firm jest gotowych na atak hakerów. Alarmujący raport Cisco
#avComparatives #avast #falszyweSklepyInternetowe #microsoftDefender #news #norton #rankingAntywirusow2025 #stalkerware #testyBezpieczenstwa
-
Microsoft Unveils Security Enhancements for Identity, Defense, Compliance https://www.securityweek.com/microsoft-unveils-security-enhancements-for-identity-defense-compliance/ #Management&Strategy #MicrosoftDefender #securityproducts #Microsoft #Copilot #Purview #Intune #Entra
-
#Patchday #Microsoft: #Azure, #Office, #Windows :windows: & Co. sind angreifbar | heise online https://www.heise.de/news/Patchday-Microsoft-Schadcode-Schlupfloecher-in-Office-und-Windows-geschlossen-10639037.html #MicrosoftAzure #Azure #MicrosoftDefender #Defender #MicrosoftHyperV #HyperV #MicrosoftOffice #MicrosoftWindows #MicrosoftXbox #Xbox
-
#Patchday #Microsoft: #Azure, #Office, #Windows :windows: & Co. sind angreifbar | heise online https://www.heise.de/news/Patchday-Microsoft-Schadcode-Schlupfloecher-in-Office-und-Windows-geschlossen-10639037.html #MicrosoftAzure #Azure #MicrosoftDefender #Defender #MicrosoftHyperV #HyperV #MicrosoftOffice #MicrosoftWindows #MicrosoftXbox #Xbox
-
#Patchday #Microsoft: #Azure, #Office, #Windows :windows: & Co. sind angreifbar | heise online https://www.heise.de/news/Patchday-Microsoft-Schadcode-Schlupfloecher-in-Office-und-Windows-geschlossen-10639037.html #MicrosoftAzure #Azure #MicrosoftDefender #Defender #MicrosoftHyperV #HyperV #MicrosoftOffice #MicrosoftWindows #MicrosoftXbox #Xbox
-
#Patchday #Microsoft: #Azure, #Office, #Windows :windows: & Co. sind angreifbar | heise online https://www.heise.de/news/Patchday-Microsoft-Schadcode-Schlupfloecher-in-Office-und-Windows-geschlossen-10639037.html #MicrosoftAzure #Azure #MicrosoftDefender #Defender #MicrosoftHyperV #HyperV #MicrosoftOffice #MicrosoftWindows #MicrosoftXbox #Xbox
-
Microsoft’s new AI reverse-engineers malware autonomously, marking a shift in cybersecurity - Microsoft says its new system could eventually detect new types of malware direct... - https://www.geekwire.com/2025/microsofts-new-ai-reverse-engineers-malware-autonomously-marking-a-shift-in-cybersecurity/ #securefutureinitiative #largelanguagemodels #reverseengineering #aimalwareanalysis #microsoftdefender #malwaredetection #threatdetection #cybersecurity #autonomousai #zerodayquest #microsoft
-
Project Ire: Microsoft’s autonomous malware detection AI agent https://www.helpnetsecurity.com/2025/08/05/project-ire-microsoft-autonomous-malware-detection-ai-agent/ #reverseengineering #MicrosoftDefender #malwaredetection #automation #Don'tmiss #Microsoft #Hotstuff #News #LLM #AI
-
URL-Based IOC Validation for Microsoft Defender KQL – Source: socprime.com https://ciso2ciso.com/url-based-ioc-validation-for-microsoft-defender-kql-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #MicrosoftDefender #SOCPrimePlatform #socprimecom #UncoderAI #socprime #Blog #KQL
-
URL-Based IOC Validation for Microsoft Defender KQL – Source: socprime.com https://ciso2ciso.com/url-based-ioc-validation-for-microsoft-defender-kql-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #MicrosoftDefender #SOCPrimePlatform #socprimecom #UncoderAI #socprime #Blog #KQL
-
URL-Based IOC Validation for Microsoft Defender KQL – Source: socprime.com https://ciso2ciso.com/url-based-ioc-validation-for-microsoft-defender-kql-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #MicrosoftDefender #SOCPrimePlatform #socprimecom #UncoderAI #socprime #Blog #KQL
-
URL-Based IOC Validation for Microsoft Defender KQL – Source: socprime.com https://ciso2ciso.com/url-based-ioc-validation-for-microsoft-defender-kql-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #MicrosoftDefender #SOCPrimePlatform #socprimecom #UncoderAI #socprime #Blog #KQL
-
🎁 NEW UPDATE:
I've added a small challenge to my FREE "Hands-On Introduction to KQL for Security Analysis" course.
More will be coming soon!
#KQL #Kusto #MicrosoftDefender #MicrosoftSentinel
👇
https://academy.bluraven.io/course/introduction-to-kql-for-security-analysis -
🤔 Why Sign Up for Continuing Education Classes?
🔹 **Stay Updated:** New features and updates are released daily. Don’t get left behind!
🔹 **Enhance Your Skills:** Deepen your understanding and expertise in cybersecurity and device management.Join our community of learners! 💻📚 Sign up today and be part of the future of technology. Your journey to mastering Defender and Intune starts here! 🌟https://www.thirdtier.net/product/defender-intune-continued-learning/
#MicrosoftDefender #Intune #ContinuingEducation #StayUpdated #Cybersecurity #DeviceManagement
-
I noticed today that a lot of people are struggling with antivirus alerts, specifically Microsoft Defender:
1) try to understand the alarm itself and at which point in the attack this would happen: phishing email = early, credential access (especially admin credentials) or suspicious C2 IPs = middle, ransomware/data upload = late.
2) what should be the attackers previous and next step then? (just look at 1 again: early/middle/late)
3) can you see this previous/next step in the logs? Look especially for evidence of execution. Attackers want to "do" something. Executables, scripts, PowerShell, command line, services, scheduled tasks?
If you cannot see any previous or any next steps, ask yourself if you're blind (are your logs empty? Timeframe not available?) or if there really aren't any. If there aren't any, it's likely a false positive. If there are, escalate.
Happy hunting!
-
Microsoft Plant Überarbeitung der Windows-Sicherheit nach CrowdStrike-Ausfall
Microsoft verstärkt seine Pläne, Windows widerstandsfähiger gegen fehlerhafte Software zu machen, nachdem ein missglücktes
https://www.apfeltalk.de/magazin/news/microsoft-plant-ueberarbeitung-der-windows-sicherheit-nach-crowdstrike-ausfall/
#News #Tellerrand #CrowdStrike #Cybersicherheit #Cybersicherheitsgipfel #Kernel #KernelZugriff #Microsoft #MicrosoftDefender #Sicherheitslcken #Sicherheitssoftware #Windows -
📢The Microsoft Defender for Endpoint plugin for WSL is now generally available! Enhance your security by integrating with WSL and protect your environments! Dive into the details here: https://learn.microsoft.com/en-us/defender-endpoint/mde-plugin-wsl #MicrosoftDefender #WSL #CyberSecurity #GeneralAvailability
-
🔍 Advanced Time Series Anomaly Detection: Discover methods you’ve never seen before.
🔗 Attack Path & Execution Chain Detection with Process Mining: A novel approach to threat detection.
🌐 Attack Pattern Detection Using Graph Semantics: Start thinking in graphs and revolutionize your detection and investigation skills.https://academy.bluraven.io/advanced-hands-on-kql-for-threat-hunting-and-detection-engineering
#KQL #Kusto #SIEM #MicrosoftSentinel #MicrosoftDefender #MicrosoftDefenderXDR #Defender #cybersecurity #KQLForSecurityAnalysts #ThreatHunting #DetectionEngineering #training #dfir #incidentresponse
-
DarkGate Malware Switches to AutoHotkey for Advanced Evasion Techniques
Date: June 2024
CVE: CVE-2023-36025, CVE-2024-21412
Vulnerability Type: Remote Code Execution, Information Disclosure
CWE: [[CWE-22]], [[CWE-427]]
Sources: McAfee , Trend Micro, The Hacker NewsSynopsis
DarkGate malware, known for its stealth and versatility, has recently transitioned from using AutoIt to AutoHotkey for its attack scripts. This shift enhances its evasion capabilities against security software, posing a renewed threat to targeted systems.
Issue Summary
The DarkGate malware has been active since 2018, offering a range of malicious functions including remote access, keylogging, and data theft. In its latest iteration, observed in March 2024, the malware has switched from AutoIt to AutoHotkey scripts to bypass detection mechanisms such as Microsoft Defender SmartScreen. The malware is distributed through phishing emails containing malicious HTML or Excel attachments.
Technical Key Findings
DarkGate initiates its attack via a phishing email, tricking users into opening a malicious HTML or Excel file. This file exploits security flaws in Microsoft Defender SmartScreen, allowing a Visual Basic Script to execute PowerShell commands that launch an AutoHotkey script. This script then downloads and executes the DarkGate payload.
Vulnerable Products
- Microsoft Windows systems running outdated or unpatched versions of Microsoft Defender SmartScreen
- Any systems susceptible to phishing attacks via email clients
Impact Assessment
When exploited, DarkGate can provide attackers with full remote access to compromised systems. This includes capabilities for credential theft, keylogging, screen capturing, and installing additional malware, significantly jeopardizing the integrity and security of affected systems.
Patches or Workarounds
N.A.
Tags
#DarkGate #Malware #CVE-2023-36025 #CVE-2024-21412 #AutoHotkey #RemoteAccessTrojan #Phishing #MicrosoftDefender #CyberSecurity #threatintelligence
-
🚀 FREE Hands-On KQL for Security Analysis Course is now available! 🚀
✅ 50 seats bi-monthly
✅ Certificate of completion
✅ 14-day lab with real-world Microsoft Sentinel and Defender XDR logs 🔥🔥
Enroll for #FREE 👇
https://academy.bluraven.io/intro-to-kql-for-security-analysis
#KQL #Kusto #SIEM #MicrosoftSentinel #MicrosoftDefender #Defender #cybersecurity #KQLForSecurityAnalysts #training -
The Register: SafeBreach presented at the Black Hat Asia conference on Friday that flaws in Microsoft and Kaspersky security products could potentially allow the remote deletion of files. Microsoft Defender and Kaspersky's Endpoint Detection and Response (EDR) can be made to detect false positive indicators of malicious files – and then to delete them. The attack relies on the fact that Microsoft and Kaspersky use byte signatures – unique sequences of bytes in file headers – to detect malware. "Our goal was to confuse EDR by implanting malware signatures into legit files and make them think its malicious" 🔗 https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
-
The Register: SafeBreach presented at the Black Hat Asia conference on Friday that flaws in Microsoft and Kaspersky security products could potentially allow the remote deletion of files. Microsoft Defender and Kaspersky's Endpoint Detection and Response (EDR) can be made to detect false positive indicators of malicious files – and then to delete them. The attack relies on the fact that Microsoft and Kaspersky use byte signatures – unique sequences of bytes in file headers – to detect malware. "Our goal was to confuse EDR by implanting malware signatures into legit files and make them think its malicious" 🔗 https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/