#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

DLL injection | Breaking Cybersecurity News | The Hacker News

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

Dec 11, 2023 Endpoint Security / Malware
A new collection of eight process injection techniques, collectively dubbed  PoolParty , could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems. SafeBreach researcher Alon Leviev  said  the methods are "capable of working across all processes without any limitations, making them more flexible than existing process injection techniques." The  findings  were first presented at the  Black Hat Europe 2023  conference last week. Process injection refers to an  evasion technique  used to run arbitrary code in a target process. A wide range of process injection techniques exists, such as dynamic link library (DLL) injection, portable executable injection, thread execution hijacking, process hollowing, and process doppelgänging. PoolParty is so named because it's rooted in a component called Windows user-mode thread pool, leveraging it to insert any type of work item into a target process on the system. I
Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!

Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!

Mar 22, 2017
A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent , the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10. What's worse? DoubleAgent exploits a 15-years-old undocumented legitimate feature of Windows called " Application Verifier ," which cannot be patched. Application Verifier is a runtime verification tool that loads DLLs (dynamic link library) into processes for testing purpose, allowing developers quickly detect and fix programming errors in their applications. Unpatchable Microsoft Application Verifier Exploit The vulnerability resides in how this Application Verifier tool handles DLLs. According to the researchers, as part of the process, DLLs are bound to the target processes in a Windows Regist
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Feb 09, 2024Static Code Analysis
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without clear prioritization - and miss a significant portion of the attack surface altogether. The primary issue arises from the detection and prioritization methods used by traditional Static Code Analysis (SCA) tools for vulnerabilities. These methods lack the organizational-specific context needed to make an informed scoring decision: the score, even if critical, might not  actually  be critical for an organization because its infrastructure works in a unique way - affecting the actual impact the vulnerability might have.  In other words, since these tools depend on a relatively naive methodol
Hacker uses Evernote account as Command-and-Control Server

Hacker uses Evernote account as Command-and-Control Server

Mar 29, 2013
Cyber criminals  are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets. TrendMicro uncovered a malware detected as " BKDR_VERNOT.A " tried to communicate with Command-and-Control Server using Evernote. Malware delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once installed, BKDR_VERNOT.A can perform several backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization. Researchers  also pointed out that the backdoor may have also used Evernote as a location to upload stolen data. " Unfortunately, during our testing, it was not able to login using the credentials embedded in the
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cybersecurity Resources