DOCSLIB.ORG

Identifying Code Injection and Reuse Payloads in Memory Error Exploits

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Identifying Code Injection and Reuse Payloads in Memory Error Exploits IDENTIFYING CODE INJECTION AND REUSE PAYLOADS IN MEMORY ERROR EXPLOITS Kevin Z. Snow A dissertation submitted to the faculty of the University of North Carolina at Chapel Hill in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Computer Science. Chapel Hill 2014 Approved by: Fabian Monrose Don Smith Montek Singh Michael Bailey Niels Provos ©2014 Kevin Z. Snow ALL RIGHTS RESERVED ii ABSTRACT KEVIN Z. SNOW: Identifying Code Injection and Reuse Payloads In Memory Error Exploits (Under the direction of Fabian Monrose) Today’s most widely exploited applications are the web browsers and document readers we use every day. The immediate goal of these attacks is to compromise target systems by executing a snippet of malicious code in the context of the exploited application. Technical tactics used to achieve this can be classified as either code injection – wherein malicious instructions are directly injected into the vulnerable program – or code reuse, where bits of existing program code are pieced together to form malicious logic. In this thesis, I present a new code reuse strategy that bypasses existing and up-and-coming mitigations, and two methods for detecting attacks by identifying the presence of code injection or reuse payloads. Fine-grained address space layout randomization efficiently scrambles program code, limiting one’s ability to predict the location of useful instructions to construct a code reuse payload. To expose the inadequacy of this exploit mitigation, a technique for “just-in-time” exploitation is developed. This new technique maps memory on-the-fly and compiles a code reuse payload at runtime to ensure it works in a randomized application. The attack also works in face of all other widely deployed mitigations, as demonstrated with a proof-of-concept attack against Internet Explorer 10 in Windows 8. This motivates the need for detection of such exploits rather than solely relying on prevention. Two new techniques are presented for detecting attacks by identifying the presence of a payload. Code reuse payloads are identified by first taking a memory snapshot of the target application, then statically profiling the memory for chains of code pointers that reuse code to implement malicious logic. Code injection payloads are identified with runtime heuristics by leveraging hardware virtualization for efficient sandboxed execution of all buffers in memory. Employing both detection methods together to scan program memory takes about a second and produces negligible false positives and false negatives provided that the given exploit is functional and triggered in the target application version. Compared to other strategies, such as the use of signatures, this approach iii requires relatively little effort spent on maintenance over time and is capable of detecting never before seen attacks. Moving forward, one could use these contributions to form the basis of a unique and effective network intrusion detection system (NIDS) to augment existing systems. iv To my mother, who encouraged and inspired me from day one. v ACKNOWLEDGEMENTS I have been supported and encouraged over the last five years by a great number individuals. Foremost, I would like to express sincere gratitude to my advisor, Fabian Monrose, for his guidance and mentorship. I am truly fortunate to have had the opportunity to leverage his knowledge and experience on this journey from beginning to end. I would also like to express appreciation to my committee members, Don Smith, Montek Singh, Michael Bailey and Niels Provos, for their support in thoughtful discussion, suggestions and diligent proofreading. Similarly, I thank my fellow doctoral students—Srinivas Krishnan, Teryl Taylor and Andrew White—and collaborators—Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Nathan Otterness, Ahmad-Reza Sadeghi, Blaine Stancill and Jan Werner—for engaging conversations, constructive criticism, technical contributions and overall friendship. My research would not have been possible without the generous support of a Google Research Award and National Science Foundation grants CNS-0915364 and OCI-1127361. Finally, I thank my family for their care and encouragement over the years. Most importantly, my wife has endured countless nights with my eyes glued to a computer screen and has made innumerable sacrifices along the way. She has always given me her unwavering love and support, without which I would not have had the enthusiastic determination to move forward. I am truly appreciative. vi PREFACE This dissertation is original, unpublished, independent work by the author, Kevin Z. Snow, except where due reference is made in the text of the dissertation. vii TABLE OF CONTENTS LIST OF TABLES . xii LIST OF FIGURES . xiii LIST OF ABBREVIATIONS . xv 1 Introduction . 2 1.1 A Brief History of Exploitation and Mitigation . 4 1.2 Just-in-Time Code Reuse . 5 1.3 Detecting Code Reuse Payloads . 6 1.4 Detecting Code Injection Payloads . 7 1.5 Contributions . 7 2 Background . 10 2.1 Memory Errors. 12 2.2 Code Reuse . 20 2.3 Code Injection . 25 3 Just-in-Time Code Reuse. 28 3.1 Literature Review . 29 3.2 Assumptions and Adversarial Model . 30 3.3 Method . 32 3.3.1 Mapping Code Page Memory . 33 3.3.2 API Function Discovery . 37 3.3.3 Gadget Discovery . 38 3.3.4 Just-In-Time Compilation . 40 3.4 Implementation . 42 viii 3.5 Evaluation . 45 3.5.1 On Code Page Harvesting . 45 3.5.2 On Gadget Coverage. 47 3.5.3 On API Function Discovery . 49 3.5.4 On Runtime Performance . 49 3.6 Real-world Applications . 52 3.6.1 Drive-by Downloads . 52 3.6.2 Remotely Leaking Password Manager Credentials. 52 3.7 Discussion . 55 4 Detecting Code Reuse Payloads . 58 4.1 Literature Review . 59 4.2 ROP Payload Example . 60 4.3 Method . 61 4.3.1 Unpacking Payload Containers . 62 4.3.2 Efficient Scanning of Memory Snapshots . 64 4.3.3 Gadget Candidate Profiling . 65 4.3.4 ROP Chain Profiling . 66 4.4 Evaluation . 68 4.4.1 On Payload and Gadget Space. 68 4.4.2 On Gadgets and Runtime Performance. 69 4.4.3 On Accuracy . 70 4.5 Diagnostics . 72 4.6 Limitations in Face of a Skilled Adversary. 73 4.7 Architecture and OS Specificity . 75 4.8 Discussion and Lessons Learned . ..
Load more

Recommended publications
  • Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)
    OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1.
    [Show full text]
  • A Solution to Php Code Injection Attacks and Web
    INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS Vol.2 Issue.9, Pg.: 24-31 September 2014 www.ijrcar.com INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 A SOLUTION TO PHP CODE INJECTION ATTACKS AND WEB VULNERABILITIES Venkatesh Yerram1, Dr G.Venkat Rami Reddy2 ¹Computer Networks and Information Security, [email protected] ²Computer Science Engineering, 2nd [email protected] JNTU Hyderabad, India Abstract Over the decade web applications are grown rapidly. This leads to cyber crimes. Attacker injects various scripts to malfunction the web application. Attacker injects these scripts to text box of vulnerable web application from various compounds such as search bar, feedback form, login form etc and later which is executed by the server. Sometimes attacker modifies the URL to execute a successful attack. This execution of system calls and API on web server by attacker can damage the file system and or leaks information of web server. PHP is a server side scripting language, dynamic features and functionalities are controlled through the PHP language. Hence, the use of PHP language results in high possibility of successful execution of code injection attacks. The aim of this paper is first to understand the code web application vulnerability related to PHP code injection attack, the scenario has been developed. Secondly defeat the attack and fast incident determination from the developed domain dictionary. This proposed system is helpful for cyber forensics expert to gather and analyze the evidence effectively Keywords: Code Injection, vulnerabilities, Attack, cyber forensics 1. INTRODUCTION The web environment is growing rapidly day by day, the cyber crimes also increasing rapidly.
    [Show full text]
  • Host-Based Code Injection Attacks: a Popular Technique Used by Malware
    Host-Based Code Injection Attacks: A Popular Technique Used By Malware Thomas Barabosch Elmar Gerhards-Padilla Fraunhofer FKIE Fraunhofer FKIE Friedrich-Ebert-Allee 144 Friedrich-Ebert-Allee 144 53113 Bonn, Germany 53113 Bonn, Germany [email protected] [email protected] c 2014 IEEE. Personal use of this material is per- implemented with different goals in mind, they share one mitted. Permission from IEEE must be obtained for all common feature: they all inject code locally into foreign other uses, in any current or future media, including process spaces. One reason for this behaviour is detection reprinting/republishing this material for advertising or avoidance. However, code injections are not limited to tar- promotional purposes, creating new collective works, for geted malware. Mass-malware also uses code injections in resale or redistribution to servers or lists, or reuse of any order to stay under the radar (ZeroAccess, ZeusP2P or Con- copyrighted component of this work in other works. ficker). Detection avoidance is not the only advantage of us- ing code injections from a malware author’s point of view. Abstract Further reasons for using code injections are interception of critical information, privilege escalation or manipulation of Common goals of malware authors are detection avoid- security products. ance and gathering of critical information. There exist The above mentioned examples are all malware fami- numerous techniques that help these actors to reach their lies for Microsoft Windows. However, code injections are goals. One especially popular technique is the Host-Based platform-independent. In fact all established multitasking Code Injection Attack (HBCIA).
    [Show full text]
  • Defeating Web Code Injection Attacks Using Web Element Attribute Mutation
    Session 1: New Moving Target Defenses MTD’17, October 30, 2017, Dallas, TX, USA WebMTD: Defeating Web Code Injection Attacks using Web Element Attribute Mutation Amirreza Niakanlahiji Jafar Haadi Jafarian UNC Charlotte University of Colorado Denver [email protected] [email protected] ABSTRACT injection and server-side script injection, they are still one of the Existing mitigation techniques for Web code injection attacks have most common attack vectors on Web applications; examples are the not been widely adopted, primarily due to incurring impractical recently discovered XSS vulnerabilities on Amazon [4] and Ebay overheads on the developer, Web applications, or Web browsers. [7] Websites. According to OWASP [21], XSS, the most prevalent They either substantially increase Web server/client execution time, type of Web code injection attacks, is the third Web application enforce restrictive coding practices on developers, fail to support security risk. legacy Web applications, demand browser code modification, or Methodologies for countering code injection attacks could be fail to provide browser backward compatibility. Moving Target De- broadly divided into two categories: (I) input validation techniques fense (MTD) is a novel proactive class of techniques that aim to that prevent injection of malicious code, but are highly suscepti- defeat attacks by imposing uncertainty in attack reconnaissance ble to evasion [23]; and, (II) code differentiation techniques that and planning. This uncertainty is achieved by frequent and ran- prevent execution of injected code, including BEEP [15] , ISR [17], dom mutation (randomization) of system configuration in a manner CSP [25], Noncespaces [27] and xJS [2]. However, as demonstrated that is not traceable (predictable) by attackers.
    [Show full text]
  • Arbitrary Code Injection Through Self-Propagating Worms in Von Neumann Architecture Devices
    Arbitrary Code Injection through Self-propagating Worms in Von Neumann Architecture Devices Thanassis Giannetsos1, Tassos Dimitriou1, Ioannis Krontiris2 and Neeli R. Prasad3 1Athens Information Tech. 19.5 km Markopoulo Ave. Athens, Greece 2Computer Science Dep. University of Mannheim D-68161 Mannheim, Germany 3Department of Communication Aalborg University Fr. Bajers Vej 7A5, DK-9220,Denmark Email: [email protected], [email protected], [email protected], [email protected] Malicious code (or malware) is de¯ned as software designed to execute attacks on software systems and ful¯ll the harmful intents of an attacker. As lightweight embedded devices become more ubiquitous and increasingly networked, they present a new and very disturbing target for malware developers. In this paper, we demonstrate how to execute malware on wireless sensor nodes that are based on the Von Neumann architecture. We achieve this by exploiting a bu®er overflow vulnerability to smash the call stack and intrude a remote node over the radio channel. By breaking the malware into multiple packets, the attacker can inject arbitrarily long malicious code to the node and completely take control of it. Then we proceed to show how the malware can be crafted to become a self-replicating worm that broadcasts itself and infects the network in a hop-by-hop manner. To our knowledge, this is the ¯rst instance of a self-propagating worm that provides a detailed analysis along with instructions in order to execute arbitrary malicious code. We also provide a complete implementation of our attack, measure its e®ectiveness in terms of time taken for the worm to propagate to the entire sensor network and, ¯nally, suggest possible countermeasures.
    [Show full text]
  • A Review of Fuzzing Tools and Methods 1 Introduction
    A Review of Fuzzing Tools and Methods James Fell, [email protected] Originally published in PenTest Magazine on 10th March 2017 1 Introduction Identifying vulnerabilities in software has long been an important research problem in the field of information security. Over the last decade, improvements have been made to programming languages, compilers and software engineering methods aimed at reducing the number of vulnerabilities in software [26]. In addition, exploit mitigation features such as Data Execution Prevention (DEP) [65] and Address Space Layout Randomisation (ASLR) [66] have been added to operating systems aimed at making it more difficult to exploit the vulnerabilities that do exist. Nevertheless, it is fair to say that all software applications of any significant size and complexity are still likely to contain undetected vulnerabilities and it is also frequently possible for skilled attackers to bypass any defences that are implemented at the operating system level [6, 7, 12, 66]. There are many classes of vulnerabilities that occur in software [64]. Ultimately they are all caused by mistakes that are made by programmers. Some of the most common vulnerabilities in binaries are stack based and heap based buffer overflows, integer overflows, format string bugs, off-by-one vulnerabilities, double free and use-after-free bugs [5]. These can all lead to an attacker hijacking the path of execution and causing his own arbitrary code to be executed by the victim. In the case of software running with elevated privileges this can lead to the complete compromise of the host system on which it is running.
    [Show full text]
  • Study of Stenography and Forensic Analysis of Cyber Crimes Using Sql Injection Attack Viral Rajendrakumar Dagli, Surendranagar Dr
    Science, Technology and Development ISSN : 0950-0707 STUDY OF STENOGRAPHY AND FORENSIC ANALYSIS OF CYBER CRIMES USING SQL INJECTION ATTACK VIRAL RAJENDRAKUMAR DAGLI, SURENDRANAGAR DR. H. B. BHADKA, C U SHAH UNIVERSITY DR. K. H. WANDRA ABSTRACT Cyber Crime is normally comprehended to comprise of getting to a PC without the proprietor's consent, surpassing the extent of one's endorsement to get to a PC framework, changing or annihilating PC information or utilizing PC time and assets without appropriate approval. Cyber fear mongering comprises basically of undertaking these equivalent exercises to propel one's political or ideological closures. Psychological oppressor activities in the internet should be possible by confined people or fear monger gatherings, yet one state against another. By that, digital psychological warfare doesn't vary from other sort of fear mongering in any capacity. The particular idea of the risk can extend from forswearing of administration to listening in, extortion, damage, and robbery of licensed innovation and restrictive data. This paper expects to give a wide review of the difficulties looked by the world in digital wrongdoing and issues looked by law implementation organizations and Information and Communication Technology security masters in digital examinations and the advantages that might be picked up by the worldwide network and obviously the open private associations (PPP) to the anticipation, location and arraignment of digital violations and how underdeveloped nations need to keep pace with the consistently changing innovations and the control of this innovation by what we may term digital crooks so as to make benefit. Keywords: Cyber Crime, online frauds, SQL Injection INTRODUCTION Cybercrime is any crime that includes a PC, organized gadget or a system.
    [Show full text]
  • Software Vulnerabilities Principles, Exploitability, Detection and Mitigation
    Software vulnerabilities principles, exploitability, detection and mitigation Laurent Mounier and Marie-Laure Potet Verimag/Université Grenoble Alpes GDR Sécurité – Cyber in Saclay (Winter School in CyberSecurity) February 2021 Software vulnerabilities . are everywhere . and keep going . 2 / 35 Outline Software vulnerabilities (what & why ?) Programming languages (security) issues Exploiting a sofwtare vulnerability Software vulnerabilities mitigation Conclusion Example 1: password authentication Is this code “secure” ? boolean verify (char[] input, char[] passwd , byte len) { // No more than triesLeft attempts if (triesLeft < 0) return false ; // no authentication // Main comparison for (short i=0; i <= len; i++) if (input[i] != passwd[i]) { triesLeft-- ; return false ; // no authentication } // Comparison is successful triesLeft = maxTries ; return true ; // authentication is successful } functional property: verify(input; passwd; len) , input[0::len] = passwd[0::len] What do we want to protect ? Against what ? I confidentiality of passwd, information leakage ? I control-flow integrity of the code I no unexpected runtime behaviour, etc. 3 / 35 Example 2: make ‘python -c ’print "A"*5000’‘ run make with a long argument crash (in recent Ubuntu versions) Why do we need to bother about crashes (wrt. security) ? crash = consequence of an unexpected run-time error not trapped/foreseen by the programmer, nor by the compiler/interpreter ) some part of the execution: I may take place outside the program scope/semantics I but can be controled/exploited by an attacker (∼ “weird machine”) out of scope execution runtime error crash normal execution possibly exploitable ... security breach ! ,! may break all security properties ... from simple denial-of-service to arbitrary code execution Rk: may also happen silently (without any crash !) 4 / 35 Back to the context: computer system security what does security mean ? I a set of general security properties: CIA Confidentiality, Integrity, Availability (+ Non Repudiation + Anonymity + .
    [Show full text]
  • Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine
    Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine Pontus Johnson KTH Royal Institute of Technology Stockholm, Sweden [email protected] Abstract and Weyuker in [4], “Turing’s construction of a universal computer in 1936 provided reason to believe that, at least in The universal Turing machine is generally considered to be principle, an all-purpose computer would be possible, and the simplest, most abstract model of a computer. This paper was thus an anticipation of the modern digital computer.” Or, reports on the discovery of an accidental arbitrary code execu- in the words of Stephen Wolfram [16], ‘what launched the tion vulnerability in Marvin Minsky’s 1967 implementation whole computer revolution is the remarkable fact that uni- of the universal Turing machine. By submitting crafted data, versal systems with fixed underlying rules can be built that the machine may be coerced into executing user-provided can in effect perform any possible computation.” Not only code. The article presents the discovered vulnerability in de- the universality, but also the simplicity of the universal Tur- tail and discusses its potential implications. To the best of our ing machine has attracted interest. In 1956, Claude Shannon knowledge, an arbitrary code execution vulnerability has not explored some minimal forms of the universal Turing ma- previously been reported for such a simple system. chine [13], and posed the challenge to find even smaller such machines. That exploration has continued to this day [16]. 1 Introduction A common strategy for understanding a problem is to re- duce it to its minimal form.
    [Show full text]
  • Revealing Injection Vulnerabilities by Leveraging Existing Tests
    Revealing Injection Vulnerabilities by Leveraging Existing Tests Katherine Hough1, Gebrehiwet Welearegai2, Christian Hammer2 and Jonathan Bell1 1George Mason University, Fairfax, VA, USA 2University of Potsdam, Potsdam, Germany [email protected],[email protected],[email protected],[email protected] Abstract just one of over 8,200 similar code injection exploits discovered in Code injection attacks, like the one used in the high-prole 2017 recent years in popular software [44]. Code injection vulnerabilities Equifax breach, have become increasingly common, now ranking have been exploited in repeated attacks on US election systems [10, #1 on OWASP’s list of critical web application vulnerabilities. Static 18, 39, 61], in the theft of sensitive nancial data [56], and in the analyses for detecting these vulnerabilities can overwhelm develop- theft of millions of credit card numbers [33]. In the past several ers with false positive reports. Meanwhile, most dynamic analyses years, code injection attacks have persistently ranked at the top rely on detecting vulnerabilities as they occur in the eld, which of the Open Web Application Security Project (OWASP) top ten can introduce a high performance overhead in production code. most dangerous web aws [46]. Injection attacks can be damaging This paper describes a new approach for detecting injection vul- even for applications that are not traditionally considered critical nerabilities in applications by harnessing the combined power of targets, such as personal websites, because attackers can use them human developers’ test suites and automated dynamic analysis. as footholds to launch more complicated attacks. Our new approach, Rivulet, monitors the execution of developer- In a code injection attack, an adversary crafts a malicious in- written functional tests in order to detect information ows that put that gets interpreted by the application as code rather than may be vulnerable to attack.
    [Show full text]
  • Operating Systems & Virtualisation Security Knowledge Area
    Operating Systems & Virtualisation Security Knowledge Area Issue 1.0 Herbert Bos Vrije Universiteit Amsterdam EDITOR Andrew Martin Oxford University REVIEWERS Chris Dalton Hewlett Packard David Lie University of Toronto Gernot Heiser University of New South Wales Mathias Payer École Polytechnique Fédérale de Lausanne The Cyber Security Body Of Knowledge www.cybok.org COPYRIGHT © Crown Copyright, The National Cyber Security Centre 2019. This information is licensed under the Open Government Licence v3.0. To view this licence, visit: http://www.nationalarchives.gov.uk/doc/open-government-licence/ When you use this information under the Open Government Licence, you should include the following attribution: CyBOK © Crown Copyright, The National Cyber Security Centre 2018, li- censed under the Open Government Licence: http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at con- [email protected] to let the project know how they are using CyBOK. Issue 1.0 is a stable public release of the Operating Systems & Virtualisation Security Knowl- edge Area. However, it should be noted that a fully-collated CyBOK document which includes all of the Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas KA Operating Systems & Virtualisation Security j October 2019 Page 1 The Cyber Security Body Of Knowledge www.cybok.org INTRODUCTION In this Knowledge Area, we introduce the principles, primitives and practices for ensuring se- curity at the operating system and hypervisor levels.
    [Show full text]
  • Security Threat Intelligence Report
    Security Threat Intelligence Report December 2020 In this issue COVID-19 vaccine manufacturers and supply chain targeted RansomEXX ransomware targeting Linux systems Botnet targets Linux servers, Linux IoT devices NSA top 25 vulnerabilities exploited by Chinese APT groups VMware zero-day vulnerability exploited in the wild Security Threat Intelligence Report About this report Message from Mark Hughes Fusing a range of public and proprietary information feeds, Cyber criminals are opportunists, and including DXC’s global network with COVID-19 vaccines shipping in of security operations centers and cyber intelligence services, multiple countries, attackers are targeting this report delivers an overview manufacturers and their supply chains in an of major incidents, insights into effort to monetize ransomware attacks at key trends and strategic threat awareness. the worst possible time and steal intellectual property and patient data. This month’s report also documents This report is a part of DXC Labs | Security, which provides insights the expanding attacks against Linux, Windows, and internet of and thought leadership to the things (IoT) devices. Also, the SolarWinds hack is top of mind for security industry. everyone. This is a rapidly evolving situation, and we will share Intelligence cutoff date: more details next month. For the most up to date information, November 30, 2020 refer to CISA guidance. Mark Hughes Senior Vice President Offerings & Strategic Partners DXC Technology Table of Threat Updates contents RansomEXX ransomware targeting
    [Show full text]