AtomBombing attack | Breaking Cybersecurity News | The Hacker News

Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called " AtomBombing ." On Tuesday, Magal Baz, security researcher at Trusteer IBM  disclosed new research, exposing the new Dridex version 4, which is the latest version of the infamous financial Trojan and its new capabilities. Dridex is one of the most well-known Trojans that exhibits the typical behavior of monitoring a victim's traffic to bank sites by infiltrating victim PCs using macros embedded in Microsoft documents or via web injection attacks and then stealing online banking credentials and financial data. However, by including AtomBombing capabilities, Dridex becomes the first ever malware sample to utilize such sophisticated code injection technique to evade detection. What is "AtomBombing" Technique? Code injection te

Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer. Isn't that scary? Well, definitely for most of you. Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft's Windows operating system, even Windows 10, in a manner that no existing anti-malware tools can detect, threaten millions of PCs worldwide. Dubbed " AtomBombing ," the technique does not exploit any vulnerability but abuses a designing weakness in Windows. New Code Injection Attack helps Malware Bypass Security Measures AtomBombing attack abuses the system-level Atom Tables, a feature of Windows that allows applications to store information on strings, objects, and other types of data to access on a regular basis. And since Atom are shared tables, all sorts of applications can access or modify data inside those tables. You can read a more detailed explanation of Atom T

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.