#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

process injection | Breaking Cybersecurity News | The Hacker News

Category — process injection
New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

Dec 11, 2023 Endpoint Security / Malware
A new collection of eight process injection techniques, collectively dubbed  PoolParty , could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems. SafeBreach researcher Alon Leviev  said  the methods are "capable of working across all processes without any limitations, making them more flexible than existing process injection techniques." The  findings  were first presented at the  Black Hat Europe 2023  conference last week. Process injection refers to an  evasion technique  used to run arbitrary code in a target process. A wide range of process injection techniques exists, such as dynamic link library (DLL) injection, portable executable injection, thread execution hijacking, process hollowing, and process doppelgänging. PoolParty is so named because it's rooted in a component called Windows user-mode thread pool, leveraging it to insert any type of work item into a target process on the system. I
New Mockingjay Process Injection Technique Could Let Malware Evade Detection

New Mockingjay Process Injection Technique Could Let Malware Evade Detection

Jun 27, 2023 Malware / Cyber Threat
A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers Thiago Peixoto, Felipe Duarte, and Ido Naor  said  in a report shared with The Hacker News. "The uniqueness of this technique is that it requires a vulnerable DLL and copying code to the right section." Process injection is an  attack method  that allows adversaries to inject code into processes in order to evade process-based defenses and elevate privileges. In doing so, it could allow for the execution of arbitrary code in the memory space of a separate live process. Some of the well-known process injection techniques include dynamic link library (DLL) injection, portable executable injection, thread execution hijacking, process hollowing, and process doppelgänging, amon
The New Effective Way to Prevent Account Takeovers

The New Effective Way to Prevent Account Takeovers

Sep 04, 2024SaaS Security / Browser Security
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, " Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them " argues that the browser is the primary battleground where account takeover attacks unfold and, thus, where they should be neutralized. The report also provides effective guidance for mitigating the account takeover risk.  Below are some of the key points raised in the report: The Role of the Browser in Account Takeovers According to the report, the SaaS kill chain takes advantage of the fundamental components that are contained within the browser. For account takeover, these include: Executed Web Pages - Attackers can create phishing login pages or use MiTM over legitimate web pages to harve
Popular Malware Families Using 'Process Doppelgänging' to Evade Detection

Popular Malware Families Using 'Process Doppelgänging' to Evade Detection

Jul 25, 2019
The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed. Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection technique that takes advantage of a built-in Windows function to evade detection and works on all modern versions of Microsoft Windows operating system. Process Doppelgänging attack works by utilizing a Windows feature called Transactional NTFS (TxF) to launch a malicious process by replacing the memory of a legitimate process, tricking process monitoring tools and antivirus into believing that the legitimate process is running. Few months after the disclosure of this technique, a variant of the SynAck ransomware became the first-ever malware exploiting the Process Doppelgänging technique, targeting users in the United States, Kuwait, Germany, and Iran. Shortly after th
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Expert Insights / Articles Videos
Cybersecurity Resources