ISH Tecnologia, a 100% nationally owned company and leader in cybersecurity, critical infrastructure and secure clouds, releases a monthly report highlighting the top vulnerabilities and digital threats identified by its research and risk assessment team in the month of June.
The month was marked by the discovery of flaws in Microsoft Office and Windows programs that allow data leakage and the granting of permissions to cybercriminals. The company also warns against the misuse of a file compression tool that is used to better “hide” threats.
Read also:
Learn to create comics
62 best The Sims 4 mods
15 Best Similar HappyMod Apps
Windows 10/11: how to activate without installing anything
The Complete Guide to Character Creation and Design
WordPress: all about website builder
Check out the list of vulnerabilities found by ISH:
Exploit. Microsoft Office. CVE-2018-0802. gene”
It consists of malware that exploits code execution loopholes in Microsoft Office that occur when the software is unable to properly process files in its memory. In addition to executing commands on a compromised computer, if it is logged on as an administrator, an attacker can take full control of the affected system.
Windows certificate with holes
Windows has a built-in CertUril program that is used to manage certificates on the system. With it, you can install, backup, uninstall, manage, and perform various storage-related functions.
The vulnerability discovered by ISH exploits one of CertUtil’s features, the ability to download files from a remote URL and save them as a local file in order to infiltrate unprotected machines.
Risk of packaging methods
“Packaging” refers to the process of compressing files, which serves two purposes: reducing their size on disk, and obfuscating their code, making it difficult to reverse engineer (this is the main application). Commercial software, for example, uses this method to protect their intellectual property and prevent license avoidance problems.
However, packaging is also a weapon used by malware authors, who use the same technique to reduce fraud detection by antivirus tools, making them harder to analyze.
As a result of this malicious use of a legitimate tool, the act of uncompressing, referred to as “decompression”, has become a routine necessity in data analysis. malware.
Follina – Attack through Word files
Discovered while spreading in phishing campaigns, this is an attack hidden in illegal Word files. Once downloaded and opened, it executes code that guarantees access to the victim’s network data.
In this case, the ISH team emphasizes that, in addition to updated and active antivirus solutions, another measure is to increase user education, since such an attack only begins with the voluntary launch of a suspicious file.
ABOUT ISH
ISH Tecnologia, founded in 1996, is a leader in cybersecurity, critical infrastructure and secure clouds. It is ranked #26 in the world’s top 250 managed security service providers by MSSP Alert. With over 400 dedicated professionals, her clients include some of the largest companies in Brazil, including banks, fintechs, financial institutions, retailers, wholesalers, healthcare companies and government agencies. Headquartered in Vitoria (Spain), the company has branches in São Paulo, Rio de Janeiro, Belo Horizonte, Brazil, Curitiba, Goiania and Pernambuco, as well as a subsidiary in the USA.
Talk to us in the comments and let us know if you liked this news and take the opportunity to read more news on our website.
Source : Married Games
