Security News for November 2017

Scammers have been busy the past month with their newest attempts at security breaches. One of the most notable security threats reported in November was a tech support scam technique, which launches communication or phone call apps to automatically call a scam tech support hotline. This scam method is extremely streamlined, leaving potential victims a mere click or finger tap away from initiating a call to the fake tech support hotline. These tech support scams typically use bogus error messages in order to trick users into contacting scam hotlines and then paying for unnecessary or fake tach support services, supposedly fixing the contrived platform, device, or software problem. They create an impression of a tech issue by attempting to lock browsers or using dialog loops, which essentially locks the browser session. Many browsers have settings that allow users to block dialog pop ups.

Windows offers a potent solution against tech support scams in the form of the Windows Defender SmartScreen. This blocks tech support scams and malicious websites, along with phishing sites as well as those hosting malicious downloads.

Early in November, a vulnerability dubbed as #AVGater was discovered to be affecting certain antivirus products. It uses a relatively old attack vector that works to restore previously quarantined files using a non-administrator level account. Fortunately, Windows Defender Antivirus is not among the antivirus products affected by the vulnerability. Windows Defender has built-in protections against many known user-account-permissions vulnerabilities.

Recent security attacks leave little forensic evidence, if at all, making them more discreet and persistent. Attackers would typically use methods allowing exploits to remain resident within a vulnerable or already exploited process or migrate to some long-lived process without creating a trail (such as a file on disk). These techniques range from basic cross-process migration to more advanced methods like process hollowing and atom bombing, which help them avoid detection. Windows 10 continuously strengthens its defense capabilities so users can have full protection against the wide range of modern and ever more sophisticated attacks. Windows Defender, for instance, can detect exploitative activities like reflective DLL loading, which helps security operations personnel to quickly identify and in turn respond to attacks within their networks.

The latest Windows Patch Tuesday include updates and fixes for a total of 53 security bugs in an entire range of applications, including Windows OS, various Office offerings, Microsoft Edge, Internet Explorer,.NET Core, ASP.NET Core, as well as the browser engine Chakra Core, among many others.

Mike Rana is the Chief Technology Advisor of Orion Network Solutions. Orion Network Solutions specializes in providing Computer Installation, Maintenance, and Consulting services along with 24x7 help desk services for small and midsize companies.