Kaspersky Lab recently discovered a new vulnerability on Microsoft Windows, used in attacks by at least two groups of hackers, including SandCat.
This is the fourth time a zero-day vulnerability has been discovered by Kaspersky Lab’s Automatic Exploit Prevention technology. Kaspersky Lab has reported the vulnerability code CVE-2019-0797 to Microsoft to release the patch soon after.
Zero-day is a term used to indicate unresolved or unresolved vulnerabilities. Hackers can take advantage of these vulnerabilities to infiltrate users’ networks and devices. According to experts from Kaspersky Lab, hackers take advantage of vulnerabilities on Microsoft Windows systems to create privilege escalation and full control of access on users’ devices.
This malware sample targets Windows 8 to Windows 10 versions.
In many groups of hackers, it could be FruityArmor and SandCat. Reportedly, FruityArmor has attacked through zero-day vulnerabilities in the past, while SandCat has only exploited this vulnerability recently.
Anton Ivanov, a security expert at Kaspersky Lab, said: “The findings suggest that many groups of hackers are still interested in zero-day vulnerabilities, and organizations need solutions to counter the threats, caused by this vulnerability. This once again confirms the importance of collaboration between the security industry and software developers, timely detection of information and quick patching is the best way to help users fight off clues. threat just appeared.
The vulnerability was discovered by Kaspersky Lab’s Automatic Exploit Prevention technology, which is integrated into most of the company’s products.
Kaspersky Lab products have the ability to detect security vulnerabilities such as:
• HEUR: Exploit.Win32.Generic
• HEUR: Trojan.Win32.Generic
• PDM: Exploit.Win32.Generic
Kaspersky Lab recommends that users should implement the following security measures:
• Install Microsoft patch as soon as possible.
• Be sure to update all software regularly, especially as soon as a new security patch is released. Security products that feature Vulnerability Assessment and Patch Management can help automate these processes.
• Choose a security solution like Kaspersky Endpoint Security, equipped with vulnerability detection based on user behavior to effectively protect data against threats that have been or have been detected.
• Use advanced security tools such as Kaspersky’s KATA (Kaspersky Anti Targeted Attack) platform if businesses require more sophisticated security measures.
• Ensure the security department has access to the latest information about cyber threats. The most up-to-date report on the development of threats is posted at Kaspersky Intelligence Report. For more information, please contact: [email protected]
• Last but not least, make sure the staff in the organization is equipped with basic knowledge of network security.
More complete information about the technology discovered zero-day vulnerabilities on Microsoft Windows mentioned in the online seminar conducted by Kaspersky Lab in February 2019.