You are viewing 'Windows'

Solutionary blogs about the Microsoft Windows operating system.

New and Improved Dridex

Atom Bombing Returns

David Biser

April 06, 2017 - Posted by David Biser to Security News

Atom Bombing

In November of 2016, I wrote a blog titled “Atom Bombing: Three ways to protect yourself.”  I discussed a new attack vector uncovered by security researchers at enSilo that allowed attackers to inject code directly into atom tables. Atom tables are present in all Windows operating systems and function in multiple ways across the operating system. Here is a link that can help you learn more about atom tables.

Dridex, a common banking malware, has evolved to include atom bombing into its attack vector. It doesn’t take long for criminals to adopt new attack methods and this is a clear example. The latest Dridex variant,... read more >

Atom Bombing

Three ways to protect yourself

David Biser

November 10, 2016 - Posted by David Biser to Security News

Atom Bombing

If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.

Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details. 

For the purposes of this blog, I am... read more >

Windows 10 Upgrade Spawns Phishing Campaign

Attackers using new Microsoft OS to distribute ransomware

Joseph (JB) Blankenship

August 04, 2015 - Posted by Joseph (JB) Blankenship to Security News

Phishing

Malicious actors are well-known to take advantage of breaking news, holidays and events to lure unsuspecting victims into downloading malware. The recent release of Microsoft’s highly-anticipated Windows 10 operation system is being used by cybercriminals in phishing campaigns designed to distribute ransomware. Since users have to wait to be notified by Microsoft that they are now eligible to download the new OS, they are more likely to be fooled by this attack.

Talos researchers described the attack in a recent blog post. The attacker is impersonating Microsoft, sending phishing emails from the spoofed email address update@microsoft.com with the subject line “Windows 10 Free Update.” Clicking on the links in the email will prompt the download of a zip file – Win10Installer.zip – which then executes, installing the ... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS