June 29, 2023
In this Episode:
Enhancing Security Visibility – Sysmon’s Latest Features Unveiled
Mockingjay Process Injection
This Day in Tech History
From Sourced Network Production in New York city. “It’s 5:05”. I’m Pokie Huang. Today is Thursday, June 29th. Here is the full story behind today’s cyber security and open source headlines.
This is Edwin Kwan from Sydney, Australia.
This software supply chain vulnerability is due to the NPM public registry not validating manifest information with the contents of the package tarball. There’s an assumption that the contents of the manifest and the tarball are consistent.
As a result of this, any tools using the public registry are susceptible to exploitation.
Such attacks are difficult to detect as most Software Composition Analysis (SCA) tools rely on the manifest information to generate dependency graphs.
Microsoft Sysmon just got a beefy upgrade. Sysmon has recently received an upgrade to version 15.0, introducing two significant features. First, it has been converted into a protected process, making it more resilient against tampering and malicious code injection. Second, a new configuration option called File Executable Detected has been added, allowing Sysmon to log and detect when executable files are created on a monitored system.
Hey folks. This is Ian Garrett in Arlington, Virginia.
Sysmon is a free Microsoft Sysinternals tool that can monitor and block malicious or suspicious activity and log events to the Windows event log. Sysmon’s transformation into a protected process is a crucial security enhancement. By leveraging Windows code integrity measures, the update ensures that only trusted code can load into Sysmon’s process.
This protection mitigates the risk of code injection and other attacks initiated by admin processes. This safeguarding measure strengthens the overall reliability and integrity of Sysmon as a critical security tool.
The updated Sysmon version 15.0 also introduces the File Executable Detected configuration option. This feature enables Sysmon to detect and log events when new executable files are created on the monitored system. When an executable file is created within designated locations or sub folders, Sysmon generates an event log entry, providing valuable information about the event, including the process id, user filename, target filename, and hash of the created file.
With the ability to detect new executable files, Sysmon strengthens its role as a powerful security monitoring tool. By leveraging the File Executable Detected configuration option, administrators can be alerted to potential threats or suspicious activities related to the creation of executable files.
There’s a new process injection technique that could give threat actors a way to bypass security solutions and wreak havoc on compromised systems.
This is Katy Craig in San Diego, California.
Dubbed Mockingjay, this technique is a game changer. It doesn’t require space allocation, setting permissions, or even starting a thread. It’s sneaking through the back door without anyone noticing.
Security Joes researchers uncovered this technique, and boy is it a doozy. Process injection is nothing new In the hacker’s toolkit. We’ve seen DLL injection, portable executable injection, threat execution hijacking, you name it.
But Mockingjay takes a different approach.
It leverages preexisting windows executable files to load malicious code in a section of memory that security solutions often overlook. What makes Mockingjay truly special is its ability to execute code without the need to allocate memory or create a new thread within the target process. This makes it a nightmare for endpoint detection and response systems to detect.
So stay vigilant, keep your security solutions updated, and be on the lookout for the latest tricks and techniques from those crafty hackers.
This is Katy Craig, stay safe out there.
This is Marcel Brown delivering some technology history for June 29th.
June 29th, 2007. Nearly six months after it was introduced, Apple’s highly anticipated iPhone goes on sale. Generally downplayed by old world technology pundits after its introduction, the iPhone was greeted by long lines of buyers around the country on that first day, quickly becoming an overnight phenomenon. 1 million iPhones were sold in only 74 days.
Since those early days, the ensuing iPhone models have continued to set sales records and have completely changed not only the smartphone and technology industries, but the world as well.
Of course we know the iPhone was not the first smartphone. However, the iPhone impacted the computer industry and our society like few other technologies have in history. It is a clear example of what a disruptive technology is.
Before the iPhone, the smartphone was the exclusive domain of corporate employees and tech savvy individuals. After the iPhone, the smartphone became staple of everyday life. The iPhone kicked off the mobile device revolution, and in doing so, has put incredible power in the palms of our hands.
Social networking would not be so social without mobile devices. In fact, much of the growth of social media can be attributed to the rise of the iPhone and to this day, the iPhone is often regarded as a dominant platform among social networking users.
The iPad and the end of the PC may not have come to fruition without the iPhone clearing the way. People may not have been as receptive to tablets had they not fell in love with the iPhone.
The power of Google is magnified when the world’s information is literally at our fingertips, no matter where we may be. The mobile device Revolution has put a GPS device in nearly all of our hands, making us safer. The incredible growth of YouTube and other media sharing services is largely due to the mobile device revolution, along with a significant increase in the general consumption of digital media in all forms.
The iPhone turned out to be the computing device that we all wished we had, yet didn’t know what we were missing until we had one. It redefined what computing could be in terms of ease of use, and through its mobility made it more powerful. It has literally impacted nearly every aspect of our society, and it is no stretch to say that the iPhone has changed the world.
And that is your tech history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
That’s our updates for today, June 29th. I’m Pokie Huang. We’ll be back tomorrow… at 5:05.