Microsoft has once more deactivated its MSIX ms-appinstaller protocol after it was abused by threat groups to distribute malware into Windows systems. This follows exploitation of the CVE-2021-43890 Windows AppX Installer vulnerability, enabling evasion of protective measures like Defender SmartScreen. Threat actors employed malicious ads and phishing messages to push malware, with potential links to ransomware operations. Microsoft has advised installing a patched App Installer version to block exploitation attempts.
News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection – Security Boulevard
Security Boulevard reports that Hybrid Analysis has enhanced its malware detection capabilities by integrating real-time domain scans of Criminal IP’s. This addition is expected to