Tag Archives: application control

Backdoored CCleaner could compromise millions of users

The popular PC cleanup tool, CCleaner has been hijacked by hackers in the latest widespread malware attack. The hack, identified by security researchers at Cisco Talos, found that anyone who downloaded or updated the CCleaner app between mid-August to mid-September also potentially downloaded malware without realising.

Continue Reading


The culture shock (Part 2)

In part 1, I discussed the importance of understanding your company’s culture when embarking on a security project as this can be the key to success or failure. In this blog, I’ll take a closer look at the five key areas you should pay particular attention to.

Continue Reading


How to dismantle an atomic bomb

Security researchers at enSilo recently released a novel code injection technique for Windows known as ‘Atom Bombing’. This is so called because it exploits Windows atom tables and Async procedure calls (APC) to evade detection by many common security solutions.

Continue Reading


Application authentication needs a reboot

Last week marked an exciting new first – ransomware on a Mac disclosed by Palo Alto who had seen it with a client. What’s simultaneously encouraging and disappointing is that it could have been prevented without detection using highly recommended best practices – application whitelisting  (yes, it is possible to do whitelisting today – we do it with lots of our clients as do other providers).

Continue Reading


Path of enlightenment part 2 – Taking tasks to task

As discussed in my last blog the issue of unquoted paths for services has been around for over 15 years. Despite this there is another potential privilege escalation with unquoted paths which doesn’t get as much coverage, these are Scheduled Tasks.

Continue Reading