Latest news with #AntimalwareScanInterface
Time Magazine
3 days ago
- Business
- Time Magazine
How to Protect Yourself From the Global Microsoft Hack
Dozens of organizations appear to have been affected over the past few days by hackers targeting Microsoft server software. Microsoft said in a post on its website on Saturday that it was 'aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities.' SharePoint is a Microsoft platform that allows customers to manage and share documents within their organizations. Here's what to know about the attack, and how to protect yourself. Hackers targeted a "vulnerability" in Microsoft Sharepoint Eye Security, a cybersecurity firm based in the Netherlands, said in a post that it identified the 'large-scale exploitation' of a 'vulnerability' in the Microsoft software on Friday. The vulnerability was not 'widely known' before then, according to the firm. Microsoft said that only servers housed within an organization were compromised in the hack; SharePoint Online in Microsoft 365 was not impacted. Eye Security warned that once hackers breached Sharepoint systems, they could access all content within them and 'move laterally across the Windows Domain.' 'Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network,' the firm said. 'This is a rapidly evolving, targeted exploit. Organizations with unpatched SharePoint servers should not wait for a fix. They should assess for compromise immediately and respond accordingly.' Researchers determined that nearly 100 organizations were affected in the attack over the weekend, Eye Security's chief hacker Vaisha Bernard told Reuters. It is not yet clear who was responsible for the hack or what the motive was, according to The Washington Post. How to protect yourself from the attack Microsoft advised customers using SharePoint to apply the latest security updates, and to make sure that the Antimalware Scan Interface is on and configured properly. The U.S. Cybersecurity & Infrastructure Security Agency recommended that customers take several technical steps to reduce risks associated with the attack, including configuring the Antimalware Scan Interface. Eye Security also suggested that customers who have confirmed that they've been impacted by the attack 'isolate or shut down affected SharePoint servers,' 'renew all credentials and system secrets that could have been exposed,' and 'engage your incident response team or a trusted cybersecurity firm.'
Biz Bahrain
12-04-2025
- Biz Bahrain
Kaspersky Research Sandbox 3.0: more power, less hardware
Kaspersky has launched a major update to Kaspersky Research Sandbox, introducing version 3.0 with advanced capabilities for deeper file analysis, interactive threat investigation, and significantly reduced hardware requirements. Designed for security teams and threat researchers, the enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analyzing modern cyber threats. Kaspersky Research Sandbox has been developed directly out of the company's in-lab sandboxing complex, a technology that's been evolving for over two decades. It incorporates all the knowledge about malware behaviors acquired through continuous threat research, allowing Kaspersky to detect over 400,000 new malicious objects every day. One of the key advancements in Kaspersky Research Sandbox 3.0 is the introduction of visual interaction during sample detonation (VNC). This feature enables security analysts to interact with the execution environment in real time, monitor malware behavior as it unfolds, and run investigation tools to uncover additional threat details. This deeper level of analysis enhances the ability to detect sophisticated threats that adapt to traditional sandboxing methods. The updated sandbox now also offers the option to work with Kaspersky Security Network (KSN) as an alternative to Kaspersky Private Security Network (KPSN). This flexibility provides a more cost-effective and faster deployment option which is particularly useful for pilot projects. Additionally, this change reduces hardware requirements by half, making the solution more accessible for organizations with limited resources. To address the growing use of obfuscation techniques in modern attacks, Kaspersky Research Sandbox 3.0 now incorporates Microsoft AMSI (Antimalware Scan Interface) output. This integration significantly improves detection of packed and obfuscated scripts, including malicious PowerShell activity, a tactic increasingly exploited by threat actors. Further improving threat intelligence capabilities, the update introduces extended static analysis. By examining key file attributes such as strings, headers, sections, import and export tables and entropy graphs for executable files, analysts gain critical insights into malware characteristics, even for operating systems not yet supported for dynamic analysis, such as macOS. Alongside these technological enhancements, the user interface has been completely redesigned to improve usability and streamline the research process. The enhanced System Activities page now offers improved visualization, allowing analysts to filter reports and focus only on relevant malicious processes. The History table search function makes it easier to retrieve previous analysis results, helping security teams quickly resume investigations. 'With Kaspersky Research Sandbox 3.0, we're providing security teams with even more extensive analysis capabilities, greater visibility and control over malware behavior and a significantly decreased entry threshold for organizations with limited hardware resources. Built on over two decades of malware research, Kaspersky Research Sandbox combines our deep threat analysis expertise with cutting-edge technology. It empowers security teams with professional interactive malware investigation tool with even deeper analysis and optimized performance – now with twice lowered hardware requirements,' comments Boris Storonkin, Threat Intelligence Product Manager at Kaspersky. For more information about Kaspersky Research Sandbox 3.0, please visit the link.
Tahawul Tech
11-04-2025
- Tahawul Tech
Kaspersky Research Sandbox 3.0: more power, less hardware
Kaspersky has launched a major update to Kaspersky Research Sandbox, introducing version 3.0 with advanced capabilities for deeper file analysis, interactive threat investigation, and significantly reduced hardware requirements. Designed for security teams and threat researchers, the enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analysing modern cyber threats. Kaspersky Research Sandbox has been developed directly out of the company's in-lab sandboxing complex, a technology that's been evolving for over two decades. It incorporates all the knowledge about malware behaviours acquired through continuous threat research, allowing Kaspersky to detect over 400,000 new malicious objects every day. One of the key advancements in Kaspersky Research Sandbox 3.0 is the introduction of visual interaction during sample detonation (VNC). This feature enables security analysts to interact with the execution environment in real time, monitor malware behaviour as it unfolds, and run investigation tools to uncover additional threat details. This deeper level of analysis enhances the ability to detect sophisticated threats that adapt to traditional sandboxing methods. The updated sandbox now also offers the option to work with Kaspersky Security Network (KSN) as an alternative to Kaspersky Private Security Network (KPSN). This flexibility provides a more cost-effective and faster deployment option which is particularly useful for pilot projects. Additionally, this change reduces hardware requirements by half, making the solution more accessible for organizations with limited resources. To address the growing use of obfuscation techniques in modern attacks, Kaspersky Research Sandbox 3.0 now incorporates Microsoft AMSI (Antimalware Scan Interface) output. This integration significantly improves detection of packed and obfuscated scripts, including malicious PowerShell activity, a tactic increasingly exploited by threat actors. Further improving threat intelligence capabilities, the update introduces extended static analysis. By examining key file attributes such as strings, headers, sections, import and export tables and entropy graphs for executable files, analysts gain critical insights into malware characteristics, even for operating systems not yet supported for dynamic analysis, such as macOS. Alongside these technological enhancements, the user interface has been completely redesigned to improve usability and streamline the research process. The enhanced System Activities page now offers improved visualisation, allowing analysts to filter reports and focus only on relevant malicious processes. The History table search function makes it easier to retrieve previous analysis results, helping security teams quickly resume investigations. 'With Kaspersky Research Sandbox 3.0, we're providing security teams with even more extensive analysis capabilities, greater visibility and control over malware behaviour and a significantly decreased entry threshold for organisations with limited hardware resources. Built on over two decades of malware research, Kaspersky Research Sandbox combines our deep threat analysis expertise with cutting-edge technology. It empowers security teams with professional interactive malware investigation tool with even deeper analysis and optimised performance – now with twice lowered hardware requirements', comments Boris Storonkin, Threat Intelligence Product Manager at Kaspersky. For more information about Kaspersky Research Sandbox 3.0, please visit the link.
