Cylance Protect AV vulnerability patched

MegaCortex variant redesigned a self-executing, incorporates features of previous version
August 7, 2019
Kern County suffers data breach compromising over 15000 employees’ personal information
August 8, 2019
Show all

Cylance Protect AV vulnerability patched

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently disclosed vulnerability in Cylance Protect.

The vulnerability note, VU#489481, said that prior to a July 21, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files. Security researchers found that this was done by isolating specific properties in the machine learning algorithm allowed them to change most known malicious files.

“Several common malware families, such as Dridex, Gh0stRAT, and Zeus, were reported as successfully modified to bypass the Cylance product in this way. The success rate of the bypass is reported as approximately 85 percent of malicious files tested,” the note said.

Cylance has deployed a patch fixing the problem and any systems that have connected to the service since July 21 have been updated.

Leave a Reply

Your email address will not be published. Required fields are marked *