Latest news with #AMSI
Time of India
24-07-2025
- Time of India
Microsoft warns of ransomware surge in SharePoint server attacks linked to Chinese hackers
Microsoft Sharepoint zero-day vulnerability Microsoft has issued a warring to organisations that are using on-premises SharePoint servers. The tech giant has confirmed that the hackers are exploiting vulnerabilities in its on on-premises SharePoint servers to deploy ransomware. The Microsoft Threat Intelligence team has identified a specific actor, designated Storm-2603 , as being responsible for these new ransomware campaigns. Earlier, the exploration of SharePoint vulnerabilities led of data exfiltration , but the latest observations suggest motivated financial attacks leveraging the Warlock ransomware. Hackers are using the Warlock ransomware to paralyze networks and demand cryptocurrency payments. How the attack works In an updated blog post Microsoft explains that the attack starts with the exploitation of an internet-facing on-premises SharePoint server. This initial breach grants Storm-2603 access to the environment, often facilitated by a payload named Once the hacker gains access they then move ahead and deploy ransomware. Microsoft has confirmed that SharePoint Online is not affected, but on-premises versions—including SharePoint 2016, 2019, and Subscription Edition—remain vulnerable if not patched. Three Chinese state-sponsored groups behind global attack Microsoft identified three China-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—as exploiting critical vulnerabilities in SharePoint servers that rendered customers running the software on their own networks vulnerable to attack. The breaches affected organizations across multiple sectors, including government agencies, energy companies, consulting firms, and universities spanning from the US to Europe and the Middle East. No sensitive or classified information was reportedly compromised in the National Nuclear Security Administration breach, according to sources familiar with the matter. The semiautonomous Energy Department arm responsible for producing and dismantling nuclear weapons was targeted alongside other federal agencies including the US Education Department. What organisation should do Microsoft has also shared some guidelines for users to protect their on-premises SharePoint Server environment. The company has asked the users to: - Enable Antimalware Scan Interface (AMSI) integration and deploy Defender AV on all SharePoint servers - If AMSI cannot be enabled, Microsoft recommends disconnecting servers from the internet - Use Defender for Endpoint to detect post-exploit activity and monitor for suspicious file creation like
NDTV
21-07-2025
- Business
- NDTV
Microsoft Issues Urgent Security Patch For SharePoint After "Active Attacks"
New Delhi: Tech giant Microsoft has issued urgent security patch after observing "active attacks" on server software used by government agencies and businesses to share documents within organisations. According to Microsoft, the vulnerabilities apply only to SharePoint servers used within organisations. SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks, the organisation informed. "Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update," said the tech giant in ints security advisory. The company recommended security updates that customers should apply immediately. The US Federal Bureau of Investigation (FBI) also said it is aware of the attacks and is working closely with its federal and private-sector partners. The vulnerability is related to a case of remote code execution that arises due to the deserialization of untrusted data in on-premise versions of Microsoft SharePoint Server. Microsoft said the current published content is correct and that the previous inconsistency does not impact the company's guidance for customers. "After applying the latest security updates above or enabling AMSI, it is critical that customers rotate SharePoint server machine keys and restart IIS on all SharePoint servers," Microsoft said. "If you cannot enable AMSI, you will need to rotate your keys after you install the new security update," its added. The US Cybersecurity and Infrastructure Security Agency (CISA) has added 'CVE-2025-53770' vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 21, 2025. "Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771. Customers should apply these updates immediately to ensure they're protected," said the company in its security update.
Biz Bahrain
12-04-2025
- Biz Bahrain
Kaspersky Research Sandbox 3.0: more power, less hardware
Kaspersky has launched a major update to Kaspersky Research Sandbox, introducing version 3.0 with advanced capabilities for deeper file analysis, interactive threat investigation, and significantly reduced hardware requirements. Designed for security teams and threat researchers, the enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analyzing modern cyber threats. Kaspersky Research Sandbox has been developed directly out of the company's in-lab sandboxing complex, a technology that's been evolving for over two decades. It incorporates all the knowledge about malware behaviors acquired through continuous threat research, allowing Kaspersky to detect over 400,000 new malicious objects every day. One of the key advancements in Kaspersky Research Sandbox 3.0 is the introduction of visual interaction during sample detonation (VNC). This feature enables security analysts to interact with the execution environment in real time, monitor malware behavior as it unfolds, and run investigation tools to uncover additional threat details. This deeper level of analysis enhances the ability to detect sophisticated threats that adapt to traditional sandboxing methods. The updated sandbox now also offers the option to work with Kaspersky Security Network (KSN) as an alternative to Kaspersky Private Security Network (KPSN). This flexibility provides a more cost-effective and faster deployment option which is particularly useful for pilot projects. Additionally, this change reduces hardware requirements by half, making the solution more accessible for organizations with limited resources. To address the growing use of obfuscation techniques in modern attacks, Kaspersky Research Sandbox 3.0 now incorporates Microsoft AMSI (Antimalware Scan Interface) output. This integration significantly improves detection of packed and obfuscated scripts, including malicious PowerShell activity, a tactic increasingly exploited by threat actors. Further improving threat intelligence capabilities, the update introduces extended static analysis. By examining key file attributes such as strings, headers, sections, import and export tables and entropy graphs for executable files, analysts gain critical insights into malware characteristics, even for operating systems not yet supported for dynamic analysis, such as macOS. Alongside these technological enhancements, the user interface has been completely redesigned to improve usability and streamline the research process. The enhanced System Activities page now offers improved visualization, allowing analysts to filter reports and focus only on relevant malicious processes. The History table search function makes it easier to retrieve previous analysis results, helping security teams quickly resume investigations. 'With Kaspersky Research Sandbox 3.0, we're providing security teams with even more extensive analysis capabilities, greater visibility and control over malware behavior and a significantly decreased entry threshold for organizations with limited hardware resources. Built on over two decades of malware research, Kaspersky Research Sandbox combines our deep threat analysis expertise with cutting-edge technology. It empowers security teams with professional interactive malware investigation tool with even deeper analysis and optimized performance – now with twice lowered hardware requirements,' comments Boris Storonkin, Threat Intelligence Product Manager at Kaspersky. For more information about Kaspersky Research Sandbox 3.0, please visit the link.
Tahawul Tech
11-04-2025
- Tahawul Tech
Kaspersky Research Sandbox 3.0: more power, less hardware
Kaspersky has launched a major update to Kaspersky Research Sandbox, introducing version 3.0 with advanced capabilities for deeper file analysis, interactive threat investigation, and significantly reduced hardware requirements. Designed for security teams and threat researchers, the enhanced solution provides more flexibility, efficiency, and cost-effectiveness in detecting and analysing modern cyber threats. Kaspersky Research Sandbox has been developed directly out of the company's in-lab sandboxing complex, a technology that's been evolving for over two decades. It incorporates all the knowledge about malware behaviours acquired through continuous threat research, allowing Kaspersky to detect over 400,000 new malicious objects every day. One of the key advancements in Kaspersky Research Sandbox 3.0 is the introduction of visual interaction during sample detonation (VNC). This feature enables security analysts to interact with the execution environment in real time, monitor malware behaviour as it unfolds, and run investigation tools to uncover additional threat details. This deeper level of analysis enhances the ability to detect sophisticated threats that adapt to traditional sandboxing methods. The updated sandbox now also offers the option to work with Kaspersky Security Network (KSN) as an alternative to Kaspersky Private Security Network (KPSN). This flexibility provides a more cost-effective and faster deployment option which is particularly useful for pilot projects. Additionally, this change reduces hardware requirements by half, making the solution more accessible for organizations with limited resources. To address the growing use of obfuscation techniques in modern attacks, Kaspersky Research Sandbox 3.0 now incorporates Microsoft AMSI (Antimalware Scan Interface) output. This integration significantly improves detection of packed and obfuscated scripts, including malicious PowerShell activity, a tactic increasingly exploited by threat actors. Further improving threat intelligence capabilities, the update introduces extended static analysis. By examining key file attributes such as strings, headers, sections, import and export tables and entropy graphs for executable files, analysts gain critical insights into malware characteristics, even for operating systems not yet supported for dynamic analysis, such as macOS. Alongside these technological enhancements, the user interface has been completely redesigned to improve usability and streamline the research process. The enhanced System Activities page now offers improved visualisation, allowing analysts to filter reports and focus only on relevant malicious processes. The History table search function makes it easier to retrieve previous analysis results, helping security teams quickly resume investigations. 'With Kaspersky Research Sandbox 3.0, we're providing security teams with even more extensive analysis capabilities, greater visibility and control over malware behaviour and a significantly decreased entry threshold for organisations with limited hardware resources. Built on over two decades of malware research, Kaspersky Research Sandbox combines our deep threat analysis expertise with cutting-edge technology. It empowers security teams with professional interactive malware investigation tool with even deeper analysis and optimised performance – now with twice lowered hardware requirements', comments Boris Storonkin, Threat Intelligence Product Manager at Kaspersky. For more information about Kaspersky Research Sandbox 3.0, please visit the link.
Yahoo
25-03-2025
- Automotive
- Yahoo
Mercedes-Benz dealers traded sex for discounts, former saleswoman claims
Salesmen at a Long Island, New York, Mercedes dealership routinely offered discounts on vehicles to 'select female customers' in exchange for sex, a former employee alleges. In a federal discrimination lawsuit filed Monday and obtained by The Independent, Talita Paulino, who was hired last year at Mercedes-Benz of Massapequa as a sales consultant, claims another employee, a 'product concierge,' shared videos of buyers providing sexual favors for discounts in the dealership's cars. 'Give them a good discount, and they'll do anything,' the salesman allegedly said, according to Paulino's complaint, which adds that she heard him say he had 'lost count' of how many women had agreed to such trades. On another occasion, Paulino, 29, says she watched her boss shove his hand down a female client's pants and fondle her buttocks while offering her a special deal, after which the two of them drove away in his personal car. The alleged behavior extended to staffers like Paulino, who contends the boss withheld crucial information from saleswomen unless they let him touch them 'in a sexual manner.' When Paulino brought up the situation to a female colleague, her complaint says the woman responded, 'You just have to ignore it and let them be men.' 'Everybody should work at a place where they are respected and treated with dignity,' attorney Joshua Paul Frank, who is representing Paulino, told The Independent. 'This obviously goes far beyond that.' In an email, Ana Shields, the lawyer representing Mercedes-Benz of Massapequa, said, 'The Dealership strongly denies the allegations as they are baseless and without merit. Additionally, after investigating the matter, the Dealership has no knowledge of the alleged discounts in exchange for sexual favors and vehemently denies that this occurred. We have found no evidence to support the Plaintiff's claims and intend to defend this matter vigorously. Since this matter is in active litigation, we will not be commenting further.' Messages sent to co-defendant Automotive Management Services, Inc. (AMSI), which oversees the dealership, went unanswered. AMSI is owned by reclusive West Palm Beach billionaire Terry Taylor, the largest private owner of auto dealerships in the nation. He also did not reply to emails seeking comment. Paulino began working at Mercedes-Benz of Massapequa on April 26, 2024, and almost immediately found herself being objectified by higher-ups, according to her complaint. During her second week on the job, it says the sales manager took Paulino for a ride in a new GLE 350 to 'demonstrate to her the model's features.' But when the sales manager pulled into the parking lot of a 7-11 and said, 'I can tell you like me,' Paulino told him she was in a committed relationship, the complaint goes on. 'Oh come on, you wouldn't cheat?' the complaint says he replied, to which Paulino said, 'Absolutely not. Let's head back.' As time went by, Paulino saw the sales manager 'strok[ing] and caress[ing]' female employees in an inappropriate way, and making 'sexual and perverted remarks to them,' the complaint continues. However, when Paulino rebuffed the sales manager's advances, her rejections visibly 'angered him,' according to the complaint. Those women who played along were given more opportunities to make sales, and Paulino soon felt obligated to give in to the manager's demand for 'hugs,' in order to earn a living. '[W]hen she permitted [the sales manager] to hug her, his attitude drastically changed for the better, which enabled her to work under calmer conditions and increase her sales production,' the complaint contends. 'Unfortunately, [the sales manager] did not long remain satisfied with hugs and began demanding that [Paulino] scratch his back.' In one instance, the sales manager refused to provide Paulino with a sales quote for a potential customer unless she scratched his back, which she did, reluctantly, the complaint states. From then on, each time Paulino needed a sales quote, he insisted she scratch his back, the complaint says. When she refused, it claims his 'hostile and unhelpful conduct returned.' Soon, Paulino became aware that the sales manager and a product concierge-turned-sales assistant 'routinely provide[d] select female customers with discounts in exchange for sexual favors,' according to the complaint. One unsettling episode occurred while Paulino was in the dealership cafeteria with a group of male coworkers, the complaint states. The product concierge walked in and made a joke about management having discovered a condom inside one of the dealership's cars, after which he 'began recounting some of his sexual experiences that he had had with customers inside of the dealership's cars during working hours,' according to the complaint. 'Management knows those condoms weren't mine,' the product concierge allegedly said. 'Because they know I don't use condoms.' He then 'proceeded to take out his phone and show videos of customers with whom he had sex inside of dealership vehicles,' reiterating his practice of trading sex for discounts, the complaint states. The sales manager, as well, made no secret of his interest in young women who showed up to buy cars, pointing to one and commenting to Paulino, 'Oh my god, I would destroy that little body,' according to the complaint. She also allegedly heard him proposition female customers, more than once, saying, 'Have you been with an older guy before?' Broadly speaking, the dealership's 'male-dominated management team generally belittle[s] the subordinate female staff,' only giving them the same opportunities as male staff if they succumbed to their sexually inappropriate demands, the complaint states. In October 2024, some seven months after Paulino started at Mercedes-Benz of Massapequa, she 'determined that it would be unreasonable to continue working under such detrimental conditions,' and resigned — a constructive discharge, in legal terms. In fact, when she emailed her 'forced resignation' to management, telling them she could no longer abide the constant sexual harassment, she did not receive any reply, the complaint concludes. Paulino is demanding economic and punitive damages, including lost sales opportunities, back pay, front pay, and loss of benefits, along with compensatory damages for emotional distress, mental anguish, and pain and suffering, as well as attorneys' fees.
