Home Tags Threat Vector

Tag: Threat Vector

During past few years, the number and quality of attacks aimed financial sector organizations has continuously grown.

The financial institutions that have not already thought about cyber security, will soon face the consequences of hacker attacks.
Keeping you in hoodies Microsoft has expanded its programme for rewarding those who find and report bugs in its Edge browser, enabling bounty hunters to claim their prize for a broader range of vulnerabilities. The snappily titled "Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Programme" was launched in August, and enabled anyone to report vulnerabilities they discover in Microsoft Edge in exchange for flippin’ great wodges of cash. Now, the firm has expanded the programme, with a focus on vulnerabilities that lead to “violation of W3C standards that compromise privacy and integrity of important user data”, or which enable remote code execution by a particular threat vector. Specifically, the bounty programme now covers the following: Same Origin Policy bypass vulnerabilities (such as universal cross-site scripting) Referrer Spoofing vulnerabilities Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview Vulnerabilities in open source sections of Chakra The programme is due to run until May 15, 2017, and those bug-bashers successfully reporting a flaw will get rewarded with a payout ranging from $500 to $15,000. For anyone who is unlucky enough to find a vulnerability that the devs inside Microsoft have already found themselves, a payment will be made to the first to report up to a maximum reward of $1,500. However, the caveat is that any bugs found must be relevant to Microsoft’s Edge browser running in the current Windows Insider Preview Slow Ring release code, and critically, must also be reproducible. Keen-eyed bounty hunters can find more details on Microsoft’s Bounty Programmes from its website. ®
Application Guard aims to defeat malware served up from web sites Microsoft is developing a technology for Windows 10 designed to combat the threat of malware served up from web pages penetrating corporate defences and slurping sensitive data. Known as Windows Defender Application Guard, the feature is set to become a part of Windows 10 Enterprise edition next year, and uses virtualisation to isolate untrusted web pages in a sandbox from where any malicious code cannot escape onto the corporate network. Detailing the new capability on its Edge Developer Blog, Microsoft claimed that over 90 per cent of modern attacks use a hyperlink to initiate an attack in order to steal credentials, install malware, or exploit vulnerabilities. Many of these get inside the corporate defence perimeter through social engineering, whereby an attacker creates a carefully crafted email to a known employee, fooling them into clicking a link to read an important document. To combat this threat vector, Application Guard integrates with the Edge browser in Windows 10 and Microsoft’s Hyper-V virtualisation technology to isolate dodgy web pages. Essentially, when an employee browses to a website that is not recognised or whitelisted by the system administrator as a trusted site, Application Guard steps in and shunts the session into an isolated sandbox, as explained by Microsoft on its blog: Application Guard creates a new instance of Windows at the hardware layer, with an entirely separate copy of the kernel and the minimum Windows Platform Services required to run Microsoft Edge.

The underlying hardware enforces that this separate copy of Windows has no access to the user’s normal operating environment. From this sandbox, Application Guard blocks access to memory, local storage and other applications on the same system, as well as the rest of the corporate network, so any malware will be unable to access any sensitive resources. However, Microsoft claims that users will not be inconvenienced if the non-trusted website turns out to be perfectly innocuous.

They will be able to browse as normal, copy and paste content to other apps via the Windows clipboard, and print content from a sandboxed website. Microsoft said that Windows Defender Application Guard will be rolled out to testers on its Windows Insider early access programme in the coming months, with general availability as part of Windows 10 Enterprise slated for next year. ®