All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1st, 2022. I’ve also included some comments on these stories.

Windows 11 Smart App Control blocks files used to push malware

Smart App Control, a Windows 11 security feature that blocks threats at the process level, now blocks several file types that threat actors use to infect targets with malware in phishing attacks, reports Bleeping Computer.  This came on the heels of Microsoft again starting to block macros in Office files downloaded from the web, which forced hackers to resort to different file types when launching an attack.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Smart App Control for Windows 11 has been updated to block several file types. It has been updated to block iso and lnk file types that have been downloaded from the internet. Smart App Control will alert users when applications have been blocked. Smart App Control blocks the the following: .img, .vhd, .vhdx, .appref-ms, .bat, .cmd, .chm, .cpl, .js, .jse, .msc, .msp, .reg, .vbe, .vbs, and .wsf.


High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

A high-severity local privilege-escalation (LPE) vulnerability in Kaspersky’s VPN Secure Connection for Microsoft Windows has been discovered, which would allow an attacker to gain administrative privileges and take full control over a victim’s computer, notes Dark Reading.

Andrew Swoboda | Senior Security Researcher at Tripwire

Kaspersky’s VPN Secure Connect for Microsoft Windows is subject to a local privilege escalation. This vulnerability could allow an attacker to take full control over a victim’s system. The vendor has released version 21.7.7.393 to resolve this vulnerability.

Claroty

(Read more...)