2023. nov. 15.
Biztonsági szemle
Redline Dropped Through MSIX Package, (Wed, Nov 15th)
The MSIX package file format has been in the light for a few weeks. The GHOSTPULSE[1] malware has been identified to bypass many security controls delivered through an MSIX package. Like many operating systems, Windows can install applications by executing an executable (often called "setup.exe"), but packages are also available. Think about the well-known â.debâ for Debian/Ubuntu or â.rpmâ for RedHat/CentOS. In the Windows eco-system, packages have the â.msiâ extension. They have been used to deliver malware for a while (see my old diary from 2018![2]).
Tovább