Blog
Share This Post
[ad_1]
A vulnerability has been discovered in Microsoft’s UI Automation framework that potentially exposes millions of Windows users to attacks that bypass endpoint detection and response systems to enable undetected data theft and system manipulation, Cyber Security News reports.
The UIA framework was initially designed to aid users with disabilities and has been integral to all Windows versions since XP. However, by exploiting UI Automation’s elevated permissions to interact with user interface elements, attackers can execute a range of malicious activities including exfiltrating sensitive information, redirecting browsers to phishing sites, manipulating chat applications like WhatsApp and Slack, and harvesting credit card data from browsers. For example, attackers can monitor changes in UI elements, such as credit card fields, to extract entered information stealthily, according to security researchers at Akamai.
Alarmingly, EDR technologies have failed to detect malicious activities using this method, making it a highly dangerous attack vector. Although Microsoft has implemented some restrictions on UI Automation, skilled attackers can still exploit its features. Experts recommend monitoring the use of UIAutomationCore.dll and unexpected UI Automation named pipes as potential detection strategies.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
