Various technologies, including Microsoft Office, cURL, PHP, and Windows executables that indirectly use vulnerable command line tools, such as pip, composer, and git, are at risk. Only the Microsoft Excel vulnerability has been patched so far, according to Tsai.
It’s an adage among security experts that when network problems arise it’s nearly always DNS (Domain Name System) that’s to blame. Security researchers from Germany’s National Research Centre for applied cybersecurity (ATHENE) offered a retrospective on the KeyTrap vulnerability, a flaw patched last February that could have brought name resolution systems that rely on DNSSEC (Domain Name System Security Extensions) to a standstill.
Defending off the land
Attackers often rely on security tools built into Windows to elevate privileges, exfiltrate data, and move laterally across compromised network — a tactic known as living off the land. Security researchers from Thinkst Canary offered a presentation at Black Hat on how a similar approach might also be used by defenders by using existing Windows OS capabilities to detect and alert on attackers, an approach described as “Defending off the Land.”
