Tag Archive for: adds

Google Cloud Adds Crypto Mining Malware Detection Tool By DailyCoin

/in


Google Cloud Adds Crypto Mining Malware Detection Tool

Google Cloud has expanded its range of security features to address the growing threat of illegal cryptocurrency mining as more companies adopt cloud storage technology.

To protect Google (NASDAQ:) Cloud clients and the virtual machines running on its infrastructure, the company unveiled its newest threat detection layer, Virtual Machine Threat Detection (VMTD).

Illegal cryptocurrency mining is one of the most common exploits of compromised remote storage accounts. Digital asset mining typically requires large amounts of computing power, which Google Cloud customers happen to pay for.

The new Virtual Machine Threat Detection (VMTD) tool utilizes an agentless memory scanning that assists in detecting cryptocurrency mining malware as well as other threats such as data exfiltration and ransomware in virtual machines.

This means that VMTD users will be empowered to detect malicious behavior in their VMs without installing any additional software that could impact performance or increase the risk of a potential attack.

“Not running an agent inside of their instance means less performance impact, lowered operational burden for agent deployment and management, and exposing less attack surface to potential adversaries,” explained the Google team.

The VMTD feature is currently only available as a public preview for Google Cloud’s Security Command Center Premium customers. The company expects to be able to make the tool available to all of its customers within the next few months. In the meantime, the Google Cloud team is planning the steady release of new detection capabilities and integrations for other aspects that fall under the Google Cloud infrastructure purview.

The Use of Hacked Accounts to Mine Crypto

As more organizations worldwide continue to shift to employing cloud services and technologies, they have become common targets for hackers.

Compromised cloud accounts make up the majority of illegal cryptocurrency mining exploits. According to Google, 86% of its compromised cloud instances were used to mine digital currencies in 2021. In some cases, malicious actors installed crypto mining malware just 22 seconds…

Source…

Windows 10 21H2 adds ransomware protection to security baseline

/in


Windows 10 21H2 adds ransomware protection to security baseline

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.

“This Windows 10 feature update brings very few new policy settings,” Microsoft security consultant Rick Munck said.

“One setting has been added for this release for printer driver installation restrictions (which was also added to the Windows 11 release). Additionally, all Microsoft Edge Legacy settings have been removed,”

Protection from human-operated ransomware

However, the highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this was also made a default setting in the Windows 11 security baseline two months ago).

When toggling on the Microsoft Security Baseline for Windows 10 21H2, Redmond urges admins to toggle on Defender for Endpoint’s tamper protection feature to protect against human-operated ransomware attacks.

This feature does that by blocking attempts by ransomware operators or malware to disable OS security features and security solutions to gain easier access to sensitive data and deploy further malware or malicious tools.

Tamper protection automatically locks Microsoft Defender Antivirus using the default secure values, thwarting attempts to change them using the registry, PowerShell cmdlets, or group policies.

After enabling it, ransomware operators would have a considerably more challenging task when trying to:

  • Disable virus and threat protection
  • Disable real-time protection
  • Turnoff behavior monitoring
  • Disable antivirus (such as IOfficeAntivirus (IOAV))
  • Disable cloud-delivered protection
  • Remove security intelligence updates
  • Disable automatic actions on detected threats

PrintNightmare and Edge Legacy

With the new Windows 10 21H2 security baseline, Redmond removed all Microsoft Edge Legacy settings after its EdgeHTML-based web browser reached end of support in March.

“Going forward, please use the new Microsoft Edge (Chromium-based) baseline, which is on a separate release cadence and available as part of the Microsoft Security Compliance Toolkit,” Munck added.

Microsoft also added a new setting to the MS Security…

Source…

Battlefield 2042 Update Adds New Weekly Missions, &Lots of Bug Fixes

/in


News

Published on

EA Dice has issued full patch notes for its upcoming Battlefield 2042 patch, which is due to launch tomorrow, Dec. 2. The update is substantial, aiming to resolve in part the huge number of glitches, bugs, and performance issues that have plagued Battlefield 2042 since its launch, in addition to adding new weekly missions and a game mode.

In terms of new content, there will be a total of 3 varying missions each week that reward players with XP for completion. In turn, the XP goes toward unique cosmetic rewards. For Battlefield Portal comes new game mode layouts for Rush on all All-Out Warfare maps. Also, several new templates to the Builder, and a new custom mode called Vehicle Team Deathmatch, which allows players to utilize combat vehicles in custom experiences. It will also support logic created in the Rules Editor, allowing players to spawn at team HQ and adding more options when creating custom games.

Below you can find the full list of patch notes for Update 0.3.0.

Fixes, Changes, and Improvements

General

  • The Recent Players screen now include everyone from previous matches to allow for easier user reporting
  • Made improvements to the “Interaction” system by switching the default “INTERACT” text on multiple interactions to reflect the action you are about to do, i.e. “OPEN CONTAINER”, “CALL ELEVATOR”
  • Resolved Kaleidoscope server room lighting issue
  • Resolved an issue related to the velocity / trajectory while spawning in jets
  • Improved helicopter animation in level fly-bys during insertion
  • Improvements to address an issue where players killed in vehicles would fall beneath level geometry
  • Improvements to streaming assets in deploy screen presentation
  • Player no longer gets stuck in a zipline/rope after exiting a vehicle after entering it too close to a zipline or rope
  • Exiting an open seat early in the enter animation no longer causes your aim pitch to lock up
  • Correct field of view is applied immediately following insertion sequences

User Interface

  • Improved the Collection screens, making them easier to use and clear as to what…

Source…

VirusTotal Adds Collections Feature for Better Collaboration and Context

/in


VirusTotal, a key repository of malware samples and suspicious files for security researchers and defenders, is introducing a new service that enables users to collaborate and share data and indicators of compromise in real time.

The Collections feature allows any user to create a new collection for a file or malware sample that includes a variety of different IOCs, such as file hashes, domains or URLs or other information. The collection can also include a description and VirusTotal will add other information to the collection, such as tags and metadata.

Researchers and security teams often use informal methods such as Twitter, Pastebin, or Dropbox for sharing IOCs, threat intelligence, hashes of malware samples, and lists of suspicious domains. There are also a number of private forums in which that information is shared, but those tend to be small and so data is not disseminated widely. Those methods work for specific use cases, but getting threat information out to the widest possible audience of defenders and researchers can make a significant difference in heading off attacks.

The VirusTotal Collections feature is designed to enable researchers and defenders to update their contributions as needed and allow others to consume them.

“Collection owners can update these by adding or removing IoCs. They are public via our UI and API, and they can be shared using their permalink. This makes it a very convenient way of linking to listings of IoCs in blog posts, research reports and the like,” Juan Infantes of VirusTotal said in a post.

VirusTotal has been the default platform for checking potentially malicious files and URLs for many years, and has evolved into a resource for community sharing and discussion, as well.

“Time evolves and now most investigations go beyond one observable, quickly adding up several indicators of compromise (IOCs) for one single incident . With many security researchers sharing their findings in blog posts and tweets, it’s getting hard to keep track of all these data inputs. Moreover, these investigations change over time bringing more difficulty into reporting the new findings,” Infantes said.

Source…