#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Process Doppelganging | Breaking Cybersecurity News | The Hacker News

Category — Process Doppelganging
Popular Malware Families Using 'Process Doppelgänging' to Evade Detection

Popular Malware Families Using 'Process Doppelgänging' to Evade Detection

Jul 25, 2019
The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed. Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection technique that takes advantage of a built-in Windows function to evade detection and works on all modern versions of Microsoft Windows operating system. Process Doppelgänging attack works by utilizing a Windows feature called Transactional NTFS (TxF) to launch a malicious process by replacing the memory of a legitimate process, tricking process monitoring tools and antivirus into believing that the legitimate process is running. Few months after the disclosure of this technique, a variant of the SynAck ransomware became the first-ever malware exploiting the Process Doppelgänging technique, targeting users in the United States, Kuwait, Germany, and Iran. Shortly after th
First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection

First-Ever Ransomware Found Using 'Process Doppelgänging' Attack to Evade Detection

May 07, 2018
Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging , a new fileless code injection technique that could help malware evade detection. The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS, including Windows 10. Process Doppelgänging attack works by using NTFS transactions to launch a malicious process by replacing the memory of a legitimate process, tricking process monitoring tools and antivirus into believing that the legitimate process is running. If you want to know more about how Process Doppelgänging attack works in detail, you should read this article  I published late last year. Shortly after the Process Doppelgänging attack details went public, several threat actors were found abusing it in an attempt to bypass modern security solutions. Security researchers
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

Nov 01, 2024SaaS Security / Insider Threat
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major vulnerabilities. So, how can CISOs reduce the noise? What misconfiguration should security teams focus on first? Here are five major SaaS configuration mistakes that can lead to security breaches. #1 Misconfiguration: HelpDesk Admins Have Excessive Privileges Risk: Help desk teams have access to sensitive account management functions making them prime targets for attackers. Attackers can exploit this by convincing help desk personnel to reset MFA for privileged users, gaining unauthorized access to critical systems. Impact: Compromised help desk accounts can lead to unauthorized changes to admin-
Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

Dec 07, 2017
A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging , the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London. Process Doppelgänging Works on All Windows Versions Apparently, Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10. Tal Liberman, the head of the research team at enSilo, told The Hacker New that this malware evasion technique is similar to Process Hollowing—a method first introduced years ago by attackers to defeat the m
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources