Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit
Tuesday, June 29, 2021
Microsoft said the malware author's goal was to use the driver to spoof their geolocation so they could play games from anywhere. "The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers." The company has updated its Microsoft Defender antivirus product and distributed signatures against the threat to other security vendors.
Ilia Kolochenko, founder, CEO, and chief architect at ImmuniWeb, says the latest incident is a great example of why organizations need to shift to zero-trust security models where all software and external entities are considered untrusted and therefore diligently verified, tested, and continuously monitored. "Industry knows many similar incidents, for instance, when Android or iOS mobile apps are approved to be hosted at the official app stores but contain sophisticated malware, spyware, or undocumented features that violate privacy," Kolochenko says.
A similar situation exists with backdoored container images available in public repositories, like Docker Hub. "[Organizations should] consider all external code as potentially malicious," Kolochenko says, "and perform rigorous security and privacy testing prior to deploying it internally." Read Full Article
SiliconANGLE: Microsoft warns SolarWinds hacking group Nobelium is targeting its customers
IT PRO: GDPR 2.0: What do Europe’s new AI rules mean for businesses