By Deeba Ahmed
Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its…
This is a post from HackRead.com Read the original post: Microsoft Office Most Exploited Software in Malware Attacks – Report

****Research reveals that around 80% of all malware attacks used MS Office flaws.****

Atlas VPN has shared its findings for Q1 2022, in which the company revealed startling stats about Microsoft Office. Reportedly, Microsoft Office has become the most commonly exploited software in malware attacks.

It is a fact that most Microsoft Office security flaws are publicly known which makes it easy for cybercriminals to exploit them. On the other hand, because most users ignore essential software updates, scammers can easily inject malicious code after exploiting security loopholes.

According to researchers, some Microsoft Office vulnerabilities are being exploited more than others. These include the following:

1.  CVE-2018-0802
2.  CVE-2017-8570
3.  CVE-2017-11882

These flaws allow system infection, execute commands autonomically, and spread malware infection including the nasty Cobalt Strike one. Despite that security updates are available for these vulnerabilities, these still top the list of most exploited flaws. This indicates that users need to ramp up software security to stay protected.

Atlas VPN wrote that around 78.5% of all malware attacks are launched by targeting Microsoft Office vulnerabilities. Per the Q4 2021 data shared by Kaspersky’s malware research platform Securelist, Microsoft was targeted in 61% of the attacks last year.

Therefore, it can be assumed that hackers are increasingly abusing MS Office, and there’s been a rise in software exploitation since last year.

*   Hackers are using Microsoft Teams chat to spread malware
*   Threat actors using Google Docs exploit to spread phishing links
*   Google, Microsoft and Oracle generated most vulnerabilities in 2021
*   Google Drive accounted for 50% of malicious Office document downloads

In contrast, browser exploits have become rare as they are updated automatically. Android (4.1%), Java (3.48%), Adobe Flash (3.49%), and PDF (2.79%) exploits didn’t show any drastic changes in percentages in Q1 2022.

MS Office is a widely used software. Today, over 1.2 billion individuals and companies across 140 countries and 107 languages use Microsoft Office. For this reason alone, ensuring that the software is properly patched and updated is essential. It is also necessary to follow basic cybersecurity practices and always patch the software as soon as an update is available.

Microsoft Office Most Exploited Software in Malware Attacks – Report

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.

CVE-2022-34487: Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

CVE-2022-31475: GiveWP – Donation Plugin and Fundraising Platform

Google Cloud pledges experts and other resources to Health Information Sharing and Analysis Center, a community of healthcare infrastructure operators and owners.

The security-minded community of owners and operators of healthcare infrastructure just landed a big new member.

Google Cloud announced on Thursday that it has joined the Health Information Sharing and Analysis Center (Health-ISAC). It plans to share its considerable intelligence, best practices, and experts to help secure healthcare and public health sector (HPH) networks.

It is the first time that a cloud provider has joined the alliance, despite the fact that the industry sector has increasingly turned to cloud storage, centralized electronic medical records, and software-as-a-service applications.

"Joining Health-ISAC directly fits into our shared-fate model — as opposed to the traditional (and inherently flawed) shared responsibility model," Taylor Lehmann, director at the Office of the CISO at Google Cloud, tells Dark Reading. "We are taking an active stake in the security posture of our customers by offering our own technologies, people, resources, and lessons learned — and we encourage other hyperscalers to do the same."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Google Becomes First Cloud Operator to Join Healthcare ISAC

A 3-year old TikTok influencer has got parents talking about how to keep images of their kids away from online creeps.
The post The Wren Eleanor story: Why you should keep your kids off social media appeared first on Malwarebytes Labs.

TikTok moms have started a movement: Calling out potential creeps who follow child influencer accounts on the platform. The latest account in the spotlight is @wren.eleanor, a TikTok account with a massive 17.3 million followers. It’s an impressive number and one that got the attention of armchair sleuths.

@hashtagfacts, another account, posted a video about what other people on TikTok have observed about this account’s followers. They’ve noted the number of times specific clips of 3-year-old Wren have been saved. Perhaps, more surprisingly, they’ve taken note of the pre-filled texts that appear in TikTok’s search box when one starts searching for “wren”.

And that’s just the tip of the iceberg. Many also found a lot of “disgusting comments left by men” in certain videos about Wren.

“My daughter is 12 and a half,” @hashtagfacts said in her video post, “The issue with all of these saves and the follows are that people are watching your children. And doing disgusting things.”

**“Protect your children.”**

Regardless of your intentions when you post pictures and videos of your children publicly, realize and accept the fact that the Internet, with all its awesomeness, also harbors creeps who follow social media accounts featuring kids for disturbing reasons. It’s safe to assume they’re everywhere: Facebook, Instagram, YouTube, TikTok, Omegle, and others.

The simplest way to protect your children from the harms you know, and especially the harms you don’t, is to keep them off social media entirely. Let them decide how they want to use it when they are old enough to understand and navigate the risks they face. That means no social media accounts for them, and no posting images of them on your own accounts.

If that simply isn’t an option for you, for whatever reason, there are ways that you can still safely share photos and videos of your kids on social media while keeping them far away from the hawking eyes of online child predators. In reality, there are many things we can’t control when it comes to protecting our children. However, as one TikTok commenter correctly pointed out, we _can_ control what we post online about our kids.

So, parents and carers, let’s take control.

**Take your social media accounts private**

If you need to act quickly but don’t have the time now to weed through all the media to pick which ones to delete and keep, consider protecting your tweets or making your Instagram account private.

Doing this also gives you time to think about what to consider before deciding on where you stand with the sharing of your child’s photos and videos. Because at the end of the day, you, the responsible parents and carers, get to decide, not people on the internet.

**Limit access to the child’s photos and videos**

Even though your entire account is public, some social media platforms allow you to pick and choose who among your contacts can see specific things you share. Better yet, share to a Private group on Facebook and Instagram comprising only of close family members and friends you’ve known and trusted for long enough you consider them as family.

The smaller the circle of trust, the better.

**Yes, share via secure messengers and private albums**

Social media platforms aren’t the only places where you can safely share pictures and videos of your kids. Secure messengers like iMessage, WhatsApp, or Signal can also do this for you, so make good use of them.

If your family and friends all have Apple devices, or if you use Google Photos, you can also set up a private, shared photo album where you can share media of all family members safely.

**Prepare your kids for a life with social media**

Posting media of your kids on social media is one thing. Creating social media accounts for them, whether they meet a social network’s minimum age requirement or not, is quite another. Because for children, especially girls aged 11 to 13, who are targeted by online predators more than other groups, just being online is already a huge risk.

Don’t assume they know enough to look after themselves. Make sure they do. We suggest you adopt **T.A.L.K.**, a series of comprehensive and actionable steps parents and carers can take to help guide kids through a safe online experience as they grow up.

T.A.L.K. stands for:

*   **Talk to your child** about online sexual abuse. Start the conversation—and listen to their concerns.
*   **Agree on ground rules** about the way you use technology as a family.
*   **Learn about the platforms and apps** your child loves**.** Take an interest in their online life.
*   **Know how to use tools**, apps and settings that can help to keep your child safe online.

Age shouldn’t be the only indicator for when you can allow your kids to start exploring the wider Internet more. Maturity of mind should be considered, too.

We also believe that part of keeping kids secure online is developing their self-esteem. So no matter what negativity the online world throws at them, they will rise above it. An insecure child will easily succumb to criticisms, want to be famous, or feel the need to get approval and acceptance from everyone.

Putting them in front of the camera for millions of people to watch and look at won’t build up the self-esteem your child needs.

The Wren Eleanor story: Why you should keep your kids off social media

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

This plugin extends WooCommerce to allow shop owners to add custom tabs to products. The tabs are displayed on the individual product pages to the right of the default “Description” tab.

Individual product tabs are managed on the WooCommerce Edit Product screen and can be added on a per product basis. You can also create saved tabs and add them to multiple products as needed. Tabs can be easily added, deleted and rearranged.

Tab content areas use the standard WordPress text editor and may contain text, images, HTML or shortcodes.

If you experience any problems, please submit a ticket on our Free WordPress Support Forums and we’ll look in to it as soon as possible.

This plugin is compatible with WPML.

Upgrade to Custom Product Tabs Pro for great enhanced features!

1.  Download the plugin .zip file and make note of where on your computer you downloaded it to.
2.  In the WordPress admin (yourdomain.com/wp-admin) go to Plugins > Add New or click the “Add New” button on the main plugins screen.
3.  On the following screen, click the “Upload Plugin” button.
4.  Browse your computer to where you downloaded the plugin .zip file, select it and click the “Install Now” button.
5.  After the plugin has successfully installed, click “Activate Plugin” and enjoy!
6.  Edit a product, then click on ‘Custom Tab’ within the ‘Product Data’ panel
7.  Create saved, reusable tabs under Settings > Custom Product Tabs for WooCommerce

**All documentation can be found in our Knowledge Base.**

**Where do I go to add tabs to a product?**

When editing a product in WooCommerce, you will find “Custom Tabs” in the bottom left corner of the Product Data box. Click on “Custom Tabs” to reveal the custom tab manager.

**Where will these tabs appear?**

When the product is viewed on your website you will see the tabs you created to the right of the default “Description” tab.

**How do I change the order of the tabs?**

To change the order of custom tabs use the up and down “Move tab order” arrows.

**How do saved tabs work?**

Saved tabs are tabs you can create and then add to as many products you would like. If you update a saved tab, the changes will be updated for all products using that tab.

**How do I create saved tabs?**

To create a saved tab, click on the ‘Custom Product Tabs’ item on the WordPress dashboard menu and click the “Add Tab” button.

**How do I add a saved tab to a product?**

To add a saved tab to a product, go to the custom tabs section on the edit product screen, click the ‘Add a Saved Tab’ button above the tab, and choose which tab you would like to add.

**What does overriding a saved tab do?**

When using a saved tab on a product, a checkbox appears with the message ‘Override Saved Tab’ If you click that checkbox, edit the tab and save, the tab will be changed for that product only. Any edits to that saved tab under ‘Custom Product Tabs’ will not be applied to that product.

**Why does the WYSIWYG editor default to the ‘Visual’ tab?**

This was added in version 1.5 to support the dynamic adding and removing of the wp\_editor/WYSIWYG editor. Without this setting, the WYSIWYG editor does not load the correct toolbar and the editor can potentially break.

**Does custom tab data get exported with standard WooCommerce product data?**

Yes! Since v1.4 we’ve added the necessary code to ensure the custom tab data is exported with all of the other standard WooCommerce data. This ensures a smooth transition of products between sites.

Thank you for creating this useful plugin.

Hey Guys, I really respect that you think about the others. <3 <3 <3

Doesn't display new tabs, even with the apply\_filters checked. Useless for me.

I just added this plugin to a site and so far it works great. Thanks to the author!

Thank you very much for such helpful and very simple tabs for the woocommerce.

Every time there is an update something stops working.

Read all 145 reviews

“Custom Product Tabs for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

**1.7.9 – June 21st, 2022**

*   Address minor vulnerability
*   Fix issue related to Divi Builder

**1.7.7 – March 8th, 2021**

*   Housekeeping

**1.7.6 – October 19th, 2020**

*   WooCommerce 4.6 tested.

**1.7.5 – September 18th, 2020**

*   Swapping (deprecated) wp\_make\_content\_images\_responsive for wp\_filter\_content\_tags in our content filter. Thanks @stephencd!

**1.7.4 – September 12th, 2020**

*   WooCommerce 4.5.

**1.7.3 – August 19th, 2020**

*   WooCommerce 4.4.
*   Fixes issues related to WordPress 5.5.

**1.7.1 – March 13th, 2020**

*   Fixes a bug with product display in certain conditions.

**1.7.0 – March 10th, 2020**

*   Toggle the content filter on or off setting added. Use this to help with compatibility.
*   Support WooCommerce 4.0.
*   Support WordPress 5.4.

**1.6.13 – January 22nd, 2020**

*   Support WooCommerce 3.9.

**1.6.12 – November 20th, 2019**

*   Support WooCommerce 3.8.

**1.6.11 – September 25th, 2019**

*   Adding additional checks to post global before enqueueing assets.

**1.6.10 – April 19th, 2019**

*   Updating WC compatibility.
*   Fixing JS issue with WP backwards compatibility for versions < 4.7.

**1.6.9 – January 18th, 2019**

*   Fixing an issue where the visual editor shows a small portion of the content on product edit pages.

**1.6.8 – January 2nd, 2019**

*   Fixing some HTML markup.
*   Applying PHPCS fixes.

**1.6.7 – December 18th, 2018**

*   Adding filter to help allow importing of custom tabs.
*   Changing our export filters so custom tabs work with WooCommerce’s native meta export/import features.
*   The default capability for all admin pages is now publish_products.

**1.6.6 – October 26th, 2018**

*   Bumping WooCo Compatibility.
*   Changed wp_send_json_failure() to wp_send_json_error().

**1.6.5 – October 3rd, 2018**

*   Bumping WooCo Compatibility.

**1.6.4 – January 9th, 2018**

*   Happy new year!
*   The editor is now vertically resizeable.
*   The default capability for interacting with saved tabs is now Publish Products (publish\_products)

**1.6.3 – November 1st, 2017**

*   Declaring compatibility with WooCommerce and WordPress

**1.6.2 – October 13th, 2017**

*   Fixed a PHP Fatal Error that was occurring for users with PHP versions < 5.5.
*   Updated some of our documentation and language

**1.6.1 – October 12th, 2017**

*   Fixed an issue with handling foreign characters. Foreign character tab titles should be working properly now. Sorry about that everyone!
*   Added support for native WooCommerce exporting. You can now export and import your tabs with just WooCommerce!
*   Fixed some styling issues
*   Added a new “Support” page
*   Added a new “Go Pro” page – check out Custom Product Tabs Pro

**1.6.0 – October 9th, 2017**

*   Complete re-organization of all plugin files and removal of legacy code
*   Added a “name” field for saved tabs. This field is used only on the admin as a way of identifying tabs.
*   Tab “slugs” are now created via the WP Core sanitize_title() function. This should allow meaningful tab slugs when foreign characters are used in a title.
*   Re-added the “Add Media” button to the editor when it’s first initialized. This had disappeared when WP4.8 was released.
*   Fixed some issues with loading saved tab content into the editor. This should fix the issue that some users were experiencing where adding a saved tab would only work the second time.
*   Setting the width of the editor to 100%.
*   Custom Product Tabs is now a top-level menu item instead of a sub-menu item.
*   Cleaning up the saved tab’s array so we don’t leave orphaned data (e.g. added a hook so we delete a product’s tabs when the product is deleted)
*   Added a data update script to update all existing tab slugs to use sanitize_title() function.
*   Generated new POT file.
*   Added support and hooks for our new Custom Product Tabs Pro plugin!

**1.5.17 – August 23rd, 2017**

*   Cleaning up some PHP Notices being thrown – thanks to @ZombiEquinox on GitHub for reporting this
*   Updating readme compatibility values

**1.5.16 – August 1st, 2017**

*   Adding a proper deactivation hook. The plugin will leave no trace.

**1.5.15 – June 8th, 2017**

*   WordPress 4.8 support – using the new JavaScript Editor API functions to instantiate the editor and removed requiring WordPress’ wpembed plugin

**1.5.14 – May 8th, 2017**

*   Updating some CSS for the admin tabs table – the table should now render correctly regardless of “Visual” or “Text” tab and the saved tabs list should include a scrollbar if necessary

**1.5.13 – April 17th, 2017**

*   Updating a WooCommerce action – now using the proper one instead of a deprecated one

**1.5.12 – April 10th, 2017**

*   Adding some CSS to allow the editor’s text mode to function properly

**1.5.11 – April 6th, 2017**

*   Checking for the existence of the get_id() method before using it.

**1.5.10 – April 5th, 2017**

*   Duplicating a product now duplicates custom product tabs and saved tabs correctly

**1.5.9 – April 4th, 2017**

*   Tested and updated the plugin for WooCommerce v3.0.0

**1.5.8 – March 17th, 2017**

*   Replaced the saved tab’s ID w/ an “Add New” button on the single saved tab page – it should be easier to add saved tabs in bulk now
*   Added a filter for all of the custom tab content – it should allow you to apply custom logic such as permissions in one central location
*   Changed the way saved tabs are applied on the edit product page – it should allow embed content (especially Google Maps Embed content) to function correctly in all instances.

**1.5.7 – February 27th, 2017**

*   Duplicating a product now duplicates the corresponding saved tabs correctly
*   Added two filters (yikes_woo_use_the_content_filter and yikes_woo_filter_main_tab_content) to help provide a work-around to using the standard the_content filter which has caused numerous issues due to plugin conflicts.

**1.5.6 – February 16th, 2017**

*   Fixed an issue where the “Add a Saved Tab” modal was displaying YouTube videos if a saved tab had a YouTube URL in its content

**1.5.5 – January 23rd, 2017**

*   Re-did 1.5.4 changes – checking for function existence before using it

**1.5.4 – January 23rd, 2017**

*   Re-did 1.5.3 changes – the_content filter is reapplied and the specific Site Builder plugin’s filters are

**1.5.3 – January 23rd, 2017**

*   Replaced the use of the_content filter with the filter’s associated functions (e.g. wptexturize, wpautop)

**1.5.2 – December 23rd, 2016**

*   The editor should only default to the ‘Visual’ tab for our Custom Product Tabs (no other editors)
*   Added all of the default WordPress settings to the editor

**1.5.1 – December 22nd, 2016**

*   Fixed bug that caused content to be copied incorrectly when moving tabs up / down
*   Only on the product page will the editor default to ‘Visual’ (instead of every page)

**1.5 – December 20th, 2016**

*   Version 1.5 includes a brand new feature – saved tabs – as well as a number of bug fixes, style tweaks, code clean-up, and comments
*   UI: Complete overhaul of the custom tab interface for an easier, responsive tab creating experience.
*   Saved Tabs: A new settings page has been added for users to create / update / delete saved tabs (see FAQ for more information)
*   Saved Tabs: On the product edit page, a new button (‘Add a Saved Tab’) has been added that allows you to choose one of your saved tabs and add it to the current product
*   Adding a new tab initializes a new wp\_editor (WYSIWYG) instead of a plain textarea
*   Added warning message when two tabs have the same title
*   Tabs with empty titles are no longer shown on the product page
*   Added ability to remove the first tab
*   Adding, moving, and removing tabs works as expected when the user’s ‘Visual Editor’ option is checked
*   On the product & settings pages, WYSIWYG editors will default to the visual tab (this helps prevent errors with dynamic wp\_editor generation)
*   Added a filter yikes_woocommerce_default_editor_mode that can change the default-to-visual-tab behavior (use at your own risk!)
*   Updated the ‘How To’ text, and slight modification to the style
*   Changed the JavaScript methods controlling how tabs were added, deleted, and moved up/down
*   Cleaned up and commented on all PHP and JavaScript files
*   Added proper i18n, with languages/ folder, .pot file, and load_plugin_textdomain hook
*   Incremented version #

**1.4.4 – March 1st, 2016**

*   Re-named the tab ID’s to support URL’s with query args (eg: http://www.example.com/shop#tab-reviews)

**1.4.3 – February 18th, 2016**

*   Wrapped missing ‘Custom Tab Title’ in localization/translation functions. (Plugin is now 100% translatable)
*   Removed i18n class files, and old .po/.mo files (less bloat)

**1.4.2 – February 17th, 2016**

*   Updated the internationalization strings ( yikes-inc-woocommerce-custom-product-tabs to yikes-inc-easy-custom-woocommerce-product-tabs )

**1.4.1 – August 20th, 2015**

*   Fixed conflict with other CSV export plugins for WooCommerce
*   Now custom product tab and row data/headers only get exported via ‘Tools > Export > Products’

**1.4 – July 29th, 2015**

*   Enhancement: Added the ‘Custom Product Tabs for WooCommerce ‘ data to the standard WooCommerce export file, so custom tab data can be transferred between sites smoothly.

**1.3 – July 21st, 2015**

*   Enhancement: Enabled WYSIWYG editor on tab content containers (enables shortcode and content to pass through the\_content() filter)
*   Updated repo screenshots and descriptions

**1.2 – March 18th, 2015**

*   Enhancement: Fixed issue where non utf8 characters in tab titles caused front end not to generate the tabs
*   Enhancement: When user doesn’t have WooCommerce installed, they are now redirected to the plugin install search page, with WooCommerce at the top.

**1.1**

*   Added class to the Woo tabs content title, for targeting via CSS ( .yikes-custom-woo-tab-title )

**1.0.0**

*   Initial Release

CVE-2022-28666: Custom Product Tabs for WooCommerce

Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.

CVE-2022-30337: WP Meta SEO

Malwarebytes Endpoint Detection and Response can fight—and defeat—advanced ransomware that other security solutions miss. In this post, we’ll walk through what it looks like to deal with a ransomware attack using Malwarebytes EDR. 
The post Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR appeared first on Malwarebytes Labs.

It’s no secret that ransomware is one of the most pressing cyber threats of our day. What worse, ransomware gangs have increased their attacks on a range of vulnerable industries, with disruptions to business operations, million-dollar ransom demands, data exfiltration, and extortion. 

With Malwarebytes Endpoint Detection and Response, however, you can fight—and defeat—advanced ransomware that other security solutions miss. 

In this post, we’ll walk through what it looks like to deal with a ransomware attack using Malwarebytes EDR.

*   Part 1: Your data has been encrypted!
*   Part 2: Pinpointing the ransomware
*   Part 3: Isolating the endpoint infected with ransomware
*   Part 4: Remediating the ransomware
*   Accelerate and simplify your ransomware defense with Malwarebytes EDR

**Part 1: Your data has been encrypted!**

Prior to this demo, we ran a ransomware sample on the virtual machine (VM) that we’ll be demonstrating from. Below, you’ll see that the VM is currently in an infected state.

As you can see, our files have in fact been encrypted by the ransomware across multiple directories with the “.**encrypt**” extension.

Let’s start a ping to Google’s DNS server. The reason that we’re going to do this is to help demonstrate some of the functionality that Malwarebytes has later. 

Just keep in mind that right now we can effectively communicate out to the internet. But we’ll come back to that later.

**Part 2: Pinpointing the ransomware**

Now, let’s switch to our Nebula console. Below, you’ll see the dashboard for Malwarebytes Nebula, our cloud-hosted security operations platform that allows you to manage control of any malware or ransomware incident. 

Click into the **Suspicious Activity** section of the console.

Right at the top, we can see that activity, a process that ran today at 9:31am.

Let’s click on this executable and start diving into how an IT admin or security analyst could use Malwarebytes to help respond to a ransomware situation, as well as effectively contain it.

Up at the top here, we have categorization of rules to help a maybe newer or less savvy security expert understand what’s going on with this process.

At the bottom, we have a detailed process timeline as well.

Let’s expand here by clicking **Show rules**. 

What we see here is the actual categorization of behaviors that Malwarebytes witnessed in this process. Each of these little bubbles has been color coded to help you understand the severity of this issue. 

We follow a pretty simple mechanism: Red is high severity, orange is medium severity, yellow is low severity. All of these behaviors are things that Malwarebytes actually witnessed this process doing on our endpoint. 

As you can see, there’s a lot of questionable behavior here. Things like disabling Windows Firewall, turning off the control panel, turning off the desktop activity; lots of things that would be concerning to a security expert.

Now, for someone who is not as familiar with some of these behaviors, or maybe there’s a technique that you’re not aware of, you can hover over them for more details. 

So for example, if we hover over the disable Windows Firewall behavior that we saw, on the left, you’ll see that we’ve been partnering with the MITRE foundation and using its attack framework to give you context and a common set of terms that you can use to identify and understand these tactics.

On the right, we see the command line context for this process in our organization.

We can see the exact time that it ran and the file hashes, so if we needed to do further investigation, we have those available. And most importantly, we’ve highlighted below the command line actually used to execute this technique on our machine. 

So again, in the context of disabling the firewall, this might be something we do in testing or as part of our troubleshooting process.

We can use this context to help understand if this is something that we have done intentionally – or if it’s possibly something that an attacker is doing to compromise our environment.

Let’s navigate now down to the bottom half, where we can see the actual specific details of this process.

Clicking into any of these nodes, we get a lot of rich context information about what this process did. 

As a security analyst or an IT admin, the first question you typically ask when an incident occurs is: What happened? Do we know if it’s malicious? What is the actual extent of the potential damages? And so on.

So here, we can navigate through to see everything that’s happened on this machine. 

For example, if we click on **File Write**, we can see every artifact or file left behind by this process.

Similarly, we can click on **Reg values** to see what registry changes were made on that system. 

**Part 3: Isolating the endpoint infected with ransomware**

Now, as we’re continuing our investigation, we’re looking at this and deciding it looks pretty suspicious – it’s probably unwanted or a potentially damaging activity. So as a safeguard, we’re going to use the first response mechanism in Malwarebytes, which is our isolation capability.

From the **Actions** menu, let’s choose to isolate this machine with **Isolate Endpoint**.

We have three layers of isolation that we can provide: **network isolation**, **process isolation**, and **desktop** **isolation**. 

The network and process isolations are intended to give us the ability to quarantine that machine and prevent it from doing anything that is not authorized by Malwarebytes. 

What this means is, we can still use our Malwarebytes console to trigger scans to perform other tasks and to review data, but the machine otherwise can’t communicate or run anything else. 

For this demonstration, we’re just going to use network isolation so that we can simulate preventing this machine from spreading an infection laterally in the environment.

Notice as we send that isolation command, the ping to Google immediately begins to fail – showing that that machine can no longer communicate to the internet. 

Now that we’ve isolated this device, let’s continue our investigation further. 

Below, we see a process here with a large amount of file activity, namely file renames. 

Let’s click into this. This is where Malwarebytes witnessed the ransomware attack actually occurring—so we see those files changing to not their normal versions, but to the .**encrypted** versions of the same file. 

What makes Malwarebytes unique in our EDR capabilities is when we see behavior like this (something that could compromise your files due to encryption or deletion or other types of malicious activity) we’ve actually created backups of all of the files that were targeted by this process stored locally on this machine. 

Now that we’ve identified that this is unwanted and malicious behavior, what we’re going to do is initiate a rollback action. 

Effectively, we’re telling Malwarebytes that we did not want this activity: this is something that happened on our machine that we never authorized and that we did not want. So when we go to **Actions**, and then **Remediate**, this will send a customized script to this endpoint and it will look at all of the behavior we witnessed in this process graph here.

This will create a customized remediation plan for this machine, where it will iterate backwards through the behavior, resolving any potential issues that might have arisen. 

One of the things that it’s going to do in this process is look for those backup versions of the files we created and restore those to the end user.

We can see on the right that our virtual machine received the command and it needs to restart to finish the process. Let’s restart it now so that we can see it carry out the backup!

After the machine reboots, we can open these folders and actually see that all of our files have been returned to their original version. 

**Accelerate and simplify your ransomware defense with Malwarebytes EDR**

In this post, we seamlessly looked at the activity that ransomware exhibited, found a recovery plan for it, then implemented that plan. 

In short, this is not a tool where you’re going to have to devise a customer mediation plan, where you’re going to have to iterate through hundreds of IOCs or complex readouts with an EDR solution to build a manual recovery solution – you simply need to tell Malwarebytes to resolve the issue. 

When it comes to ransomware mitigation, we’ll take the wheel from you – freeing up a lot of time in your day as an admin or an analyst. Read about how a leading automotive manufacturer and distributor used Malwarebytes EDR to simplify their ransomware remediation.

Looking for more demos of Malwarebytes EDR? Watch the webinar!

_Read our eBook on_ _ransomware best practices to detect and block ransomware attacks before they happen_.

Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR

A bill with bipartisan support might finally give the US a strong federal data protection law.

Usually, when Congress is working on major tech legislation, the inboxes of tech reporters get flooded with PR emails from politicians and nonprofits either denouncing or trumpeting the proposed statute. Not so with the American Data Privacy and Protection Act. A first draft of the bill seemed to pop up out of nowhere in June. Over the next month, it went through so many changes that no one could say for sure what it was even designed to do. For such an important topic, the bill’s progress has been surprisingly under the radar.

Now comes an even bigger surprise: A new version of the ADPPA has taken shape, and privacy advocates are mostly jazzed about it. It just might have enough bipartisan support to become law—meaning that, after decades of inaction, the United States could soon have a real federal privacy statute.

Perhaps the most distinctive feature of the new bill is that it focuses on what’s known as data minimization. Generally, companies would only be allowed to collect and make use of user data if it’s necessary for one of 17 permitted purposes spelled out in the bill—things like authenticating users, preventing fraud, and completing transactions. Everything else is simply prohibited. Contrast this with the type of online privacy regime most people are familiar with, which is all based on consent: an endless stream of annoying privacy pop-ups that most people click “yes” on because it’s easier than going to the trouble of turning off cookies. That’s pretty much how the European Union’s privacy law, the GDPR, has played out.

“The reason I really like this bill is, it takes a data-minimization approach first,” says Sara Collins, senior policy council at Public Knowledge, a consumer advocacy group in DC. “The bill at the outset is like, ‘One, you don't collect any more data than you reasonably need, and, two, here’s a list of reasons you might need this data.’”

A major caveat is that the list of reasons includes targeted advertising, which is the economic driver of most commercial surveillance in the first place. So the bill falls well short of simply banning the practice, which is what many data-privacy advocates would prefer. On the other hand, it imposes much stricter limits on targeted advertising—and the data collection supporting it—than any law in the US and perhaps the world. It would completely prohibit targeting ads to minors, something Joe Biden called for in his 2022 State of the Union address. It would ban targeting ads based on “sensitive data.” That category includes things like health information, precise geolocation, and private communications—as well as “information identifying an individual’s online activities over time and across third-party websites or online services.” In other words, companies would no longer be allowed to follow you around the internet, gathering data on everything you do and using it to sell you stuff.

“I think it’s a pretty fundamental shift,” says Alan Butler, executive director and president of the Electronic Privacy Information Center. “It gets at the heart of what I see as the major privacy problem in the way that ad tech has developed over the last 20 years, largely because there was no privacy law in effect. What’s developed is an ad tech industry that just gorges on personal information in every possible way it can, grabbing every possible piece of data they can find about people.”

Under the new version of the ADPPA, Butler says, some forms of targeting would remain common, particularly targeting based on first-party data. If you shop for shoes on Target.com, Target could still use that information to show you ads for shoes when you’re on another site. What it wouldn’t be able to do is match your shopping history with everything else you do on the web and on your phone to show you ads for stuff you’ve never told them you wanted. Nor could Facebook and Google continue to spy on you by placing trackers on nearly every website or free app you use, in order to build a profile of you for advertisers.

“If they’re tracking your activity across third-party websites, which they certainly are, then that’s sensitive data, and they can’t be processing that for targeted advertising purpose,” says Butler.

To the extent that the new bill would still allow targeted advertising, it would require companies to give users the right to opt out—while prohibiting the sorts of tricks that companies often use to nudge users to click “Accept all cookies” under the GDPR. And it would direct the Federal Trade Commission to create a standard for a universal opt-out that companies would have to honor, meaning users could decline all targeted advertising in one click. (That’s an important feature of California’s recently adopted privacy law.)

The ad industry seems to agree that the bill would mark a fundamental shift. Yesterday, the Association of National Advertisers, a trade group, issued a statement opposing the bill on the grounds that it would “prohibit companies from collecting and using basic demographic and online activity data for typical and responsible advertising purposes.”

Apart from its data-minimization approach, the new bill contains quite a lot of provisions that data privacy experts have long called for, including transparency standards, anti-discrimination rules, increased oversight for data brokers, and new cybersecurity requirements.

Federal privacy legislation has been something of a white whale in DC over the last few years. Since 2019, a bipartisan agreement has supposedly been just around the corner. The effort kept stalling because Democrats and Republicans were divided on two key issues: whether a federal bill should preempt state privacy laws, and whether it should create a “private right of action” allowing individuals, not just the government, to sue companies for violations. Democrats are generally against preemption and in favor of a private right of action, Republicans the reverse.

The new bill represents a long-sought compromise on those issues. It preempts state laws, but with some exceptions. (Most notably, it empowers California’s brand-new privacy agency to enforce the ADPPA within the state.) And it contains a limited private right of action, with restrictions on the damages that people can sue for.

The bill has other shortcomings, inevitably. The universal opt-out requirement is nice, but it won’t mean much until the largest browsers, especially Chrome and Safari, add the feature. The bill gives the FTC new authority to issue rules and enforce them, but it doesn’t direct any new resources to the agency, which already lacks the staff and funding to handle everything on its plate.

As a result, not everyone in the privacy camp is on board. On Tuesday, a group of mostly blue-state state attorneys general sent a letter to the committee objecting to the preemption provision. And the Electronic Frontier Foundation tweeted on Wednesday that it is “disappointed” by the compromises in the bill.

On the whole, however, the ADPPA seems wildly popular both on the Hill and among advocacy organizations. It has the support of leading privacy and civil rights nonprofits, and the House Commerce Committee voted to advance it by a 53-2 margin—an overwhelmingly bipartisan consensus that bodes well for the bill’s prospects when the full House votes on it. During yesterday’s markup hearing, several members noted that while the bill isn’t perfect, it’s simply politically impossible to pass a federal privacy law that doesn’t involve compromise on those two key issues.

Even the tech industry hasn’t launched any public campaign to kill the bill. You could take this as a sign that it’s actually too weak to trouble the industry. But Adam Kovacevich, the CEO of Chamber of Progress, a Big Tech lobbying group, points out that even the bill’s liberal critics have acknowledged that it goes further than any of the state laws it would preempt—even California’s. “I don’t think anyone in industry is crazy about the idea of the private right of action, the idea of more lawsuits,” he says. But, he adds, tech companies have already spent years learning to comply with the growing web of privacy regimes around the world. A somewhat stricter law might not be so bad if it provides a clear, fixed national standard.

None of this means that the ADPPA is sure to become law, of course. In the Senate, Maria Cantwell, the top Democrat on the Commerce Committee, has not gotten behind the effort yet, though her Republican counterpart has. And time is running out for that sclerotic body to pass any major laws before next year, when Democrats will almost surely lose their governing trifecta.

Still, privacy advocates are cautiously optimistic. “You’re looking at a situation where you have bicameral, bipartisan support, with Republicans and Democrats on board on the House and Senate side,” says Butler. “I don’t think we’ve ever been this close.”

Congress Might Pass an Actually Good Privacy Bill

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.
This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).

Chief among them is

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.

This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).

Chief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google disclosed earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.

Besides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).

Also patched is a Pointer Authentication bypass affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation flaws in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).

What's more, the latest version of macOS resolves five security vulnerabilities in the SMB module that could be potentially exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.

Users of Apple devices are recommended to update to iOS 15.6, iPadOS 15.6, macOS (Monterey 12.5, Big Sur 11.6.8, and 2022-005 Catalina), tvOS 15.6, and watchOS 8.7 to obtain the latest security protections.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#google