Antivirus, Blog, Hacking and Information Security

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

Security Affairs

MAY 5, 2022

Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions.

Antivirus

Antivirus Hacking Software Cybersecurity

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers.

Cybersecurity

Cybersecurity IoT Antivirus Education

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus

Antivirus Malware Banking Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. The tool was specifically designed to avoid detection by security solutions such as endpoint detection and response (EDR) and antivirus (AV). SecurityAffairs – hacking, Brute Ratel).

Hacking

Hacking Cybercrime Ransomware Antivirus

Firefox finally addressed the Antivirus software TLS Errors

Security Affairs

JULY 2, 2019

Firefox finally addressed the issues with antivirus apps crashing HTTPS websites starting with the release of Firefox 68. Mozilla announced that it will resolve the issues that caused antivirus apps crashing HTTPs websites with the release of Firefox 68 version. ” reads the blog post published by Mozilla.

Antivirus

Antivirus Software Advertising Information Security

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. To nominate, please visit:?.

Adware

Adware Antivirus Malware Software

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. SecurityAffairs – hacking, SharkBot). To nominate, please visit:? Pierluigi Paganini.

Banking

Banking Antivirus Malware Accountability

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

The malware used a function called “DetectAV()” to determine the antivirus solution installed on the system and uninstall it. SecurityAffairs – hacking, NetDooka). The post NetDooka framework distributed via a pay-per-install (PPI) malware service appeared first on Security Affairs. ” concludes the analysis.

Malware

Malware Antivirus DDOS Hacking

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as theres nothing to kill the DLL just lives on disk waiting. SecurityAffairs – hacking, DLL hijacking). We do not need to rely on hash signature or third-party product, the malware will do the work for us.

Ransomware

Ransomware Antivirus Malware Encryption

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018. The tools were published on a Telegram channel named Hack Boss that was created on November 26, 2018, and has over 2,500 subscribers.

Cryptocurrency

Cryptocurrency Malware Hacking Banking

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

. “TAG observed a North Korean government-backed attacker group that previously targeted security researchers posing as recruiters at Samsung and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.” Pierluigi Paganini.

Malware

Malware Phishing Antivirus Hacking

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. The binary is deployed using a specific flag that allows its execution, while the ZIP archive is removed.

Ransomware

Ransomware VPN Antivirus Encryption

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Dave Kennedy | @hackingdave.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

“ZLoader has remained relevant as attackers’ tool of choice by including defense evasion capabilities, like disabling security and antivirus tools, and selling access-as-a-service to other affiliate groups, such as ransomware operators.” SecurityAffairs – hacking, ZLoader malware). To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

“Network telemetry can be used to detect anomalous DNS requests, and security tools such as antivirus and endpoint detection and response (EDR) should be statically linked to ensure they are not “infected” by userland rootkits.” SecurityAffairs – hacking, Symbiote backdoor). ” concludes the report.

Malware

Malware DNS Antivirus Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Review antivirus logs for indications they were unexpectedly turned off. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., Install and regularly update antivirus and anti-malware software on all hosts.

Ransomware

Ransomware Antivirus Passwords Malware

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

Security Affairs

MAY 9, 2023

The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm, a circumstance that suggests it was used as part of an exploit chain to deliver malware. This vulnerability is actively exploited in attacks. The flaw can be chained with a code execution bug to spread malware.

Antivirus

Antivirus Malware Hacking Cybersecurity

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM. Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM.

Security Intelligence

Security Intelligence Antivirus Hacking Authentication

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

ViperSoftX also checks for active antivirus products running on the machine. One of the key steps performed by the malware before downloading a first-stage PowerShell loader is a series of anti-virtual machine, anti-monitoring, and anti-malware checks. If all checks pass, the loader decrypts and executes a second-stage PowerShell script.

Encryption

Encryption Malware Cryptocurrency Software

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” reads the alert. Royal operators have demanded ransom ranging from approximately $1 million to $11 million USD worth of Bitcoin.

Ransomware

Ransomware Healthcare Education Encryption

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

IoT

IoT DNS Antivirus DDOS

Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild

Security Affairs

JULY 6, 2022

Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered benign by almost all the antivirus, was containing a payload associated with Brute Ratel C4 (BRc4), a new red-teaming and adversarial attack simulation tool. SecurityAffairs – hacking, BRc4).

Antivirus

Antivirus Penetration Testing Phishing Manufacturing

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

The DEV-0569 group carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in spam messages, fake forum pages, and blog comments. SecurityAffairs – hacking, DEV-0569). ” reads the report published by Microsoft. Pierluigi Paganini.

Ransomware

Ransomware Malware Antivirus Phishing

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. SecurityAffairs – hacking, APT). The post China-linked Moshen Dragon abuses security software to sideload malware appeared first on Security Affairs. To nominate, please visit:? Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The first campaigns of malware were distributed through fake antivirus or other common apps, while during the campaigns the malware is taking the turn of an APT attack against the customer of a specific Italian bank.” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Malware

Malware Banking Antivirus Phishing

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

. “To avoid malware infection and subsequent financial loss, we recommend to be cautious with apps, even those coming from Google Play, avoid giving permissions they should not have, and install an antivirus product capable of detecting this type of Trojans.”

Malware

Malware Mobile Antivirus Hacking

RTM Locker, a new RaaS gains notorieties in the threat landscape

Security Affairs

APRIL 14, 2023

antivirus products), deleting shadow copies, and finally encrypting the files on the targeted systems. The bleeds of the new software will be made for some time by several of our experienced negotiators. We apologize for the inconvenience!” reads the screenshot. ” continues the report.

Encryption

Encryption Antivirus Malware Education

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. In mid-2020, ZINC hackers created Twitter profiles for fake security researchers that were used to retweet security content and posting about vulnerability research. .

Malware

Malware Antivirus Hacking Accountability

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

“The loader decrypts the malicious malware and executes it using memfd create (as described in this blog in 2018). “The authors use the open source tool Ezuri, to load its previously seen payloads and avoid antivirus detections on the file.” SecurityAffairs – hacking, Golang). Pierluigi Paganini.

Malware

Malware Encryption Antivirus Passwords

New BotenaGo variant specifically targets Lilin security camera DVR devices

Security Affairs

APRIL 19, 2022

BotenaGo was written in Golang (Go) and at the time of the report published by the experts, it had a low antivirus (AV) detection rate (6/62). SecurityAffairs – hacking, BotenaGo botnet). The post New BotenaGo variant specifically targets Lilin security camera DVR devices appeared first on Security Affairs.

Malware

Malware IoT Antivirus Architecture

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

Some antivirus solutions specifically analyze this section look for malicious VBA code in the Excel docs. “As stated in our VBA Purging blog post, Office documents can also lack compiled VBA code when they are created with tools that are totally independent from Microsoft Office. SecurityAffairs – hacking, Norway).

Cybercrime

Cybercrime Phishing Advertising Antivirus

Experts spotted Syslogk, a Linux rootkit under development

Security Affairs

JUNE 14, 2022

Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. SecurityAffairs – hacking, Syslogk).

Malware

Malware System Administration Antivirus Architecture

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

“As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer.” ” states a blog post published by Zscaler. “Among other things, InnfiRAT is written to look for cryptocurrency wallet information, such as Bitcoin and Litecoin.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020. Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

Security Affairs

JANUARY 2, 2020

. “Your wallet is 100% secure and you don’t need to worry about assets loss due to any hacker attack to ShitcoinWallet servers. ” reads the Shitcoin Wallet blog. At the time of writing, the installers for the desktop app of the Shitcoin Wallet are not detected as malicious by major antivirus solutions.

Passwords

Passwords Cryptocurrency Advertising Antivirus

From Targeted Attack to Untargeted Attack

Security Affairs

JUNE 17, 2019

The file looks like a common XLS file within low Antivirus detection rate as shown in the following image (6/63). Antivirus Detection Rate. It looks like a romantic Emotet according to many Antivirus so I wont invest timing into this well-known Malware. I am a computer security scientist with an intensive hacking background.

Computers and Electronics

Computers and Electronics Penetration Testing Antivirus Malware

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

In March 2018, security researchers at Antivirus firm Dr. Web discovered that 42 models of low-cost Android smartphones are shipped with the Android.Triada.231 Please nominate Security Affairs as your favorite blog. The only way to remove the threat is to wipe the smartphone and reinstall the OS. 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

Lampion malware v2 February 2020

Security Affairs

FEBRUARY 24, 2020

The reason behind that is simple: to evade antivirus detection. With this new trick, antivirus detection will be harder, and its analysis a little bit confused. He is also a founding member and Pentester at CSIRT.UBI and founder of the security computer blog seguranca–informatica.pt. Pierluigi Paganini.

Malware

Malware Banking Antivirus Advertising

Security Affairs newsletter Round 227

Security Affairs

AUGUST 18, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Boffins hacked Siemens Simatic S7, most secure controllers in the industry. A flaw in Kaspersky Antivirus allowed tracking its users online.

Banking

Banking Password Management Advertising Antivirus

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Meanwhile, the advanced hacking collectives invest in innovation and press forward. While reporting for USA Today in 2009, I wrote about how fraudsters launched scareware campaigns to lock up computer screens as a means to extract $80 for worthless antivirus protection. This column originally appeared on Avast Blog.).

Ransomware

Ransomware Internet Internet Hacking

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

Security Affairs

NOVEMBER 23, 2020

Here’s how the malware execution sequence would appear to a Windows user: The “Windows NT is not supported” message shown in the screenshot, however, is a false error thrown by the malware in an attempt to fool both antivirus products and the end-user. SecurityAffairs – hacking, CursedGrabber malware). The malware dropped by lib2.exe

Malware

Malware Engineering Antivirus Software

Cyber Insurance and the Changing Global Risk Environment

Security Affairs

APRIL 22, 2022

Organizations should start by analyzing the security controls they have in place to ensure adherence to guidelines developed by agencies like CISA, FBI, and ENISA, including multifactor authentication, employing antivirus and anti-malware scanning, enabling strong spam filters, updating software, and segmenting networks.

Cyber Insurance

Cyber Insurance Insurance Risk Technology

Threat Report Portugal: Q3 2020

Security Affairs

NOVEMBER 6, 2020

The emergent URSA trojan is impacting many countries using a sophisticated loader and avoiding antivirus detection. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. Malware by Numbers.

Threat Reports

Threat Reports Phishing Malware Banking

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

15 Best Cybersecurity Blogs To Read

Webinars

Trending Sources

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Webinars

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Firefox finally addressed the Antivirus software TLS Errors

Malicious apps continue to spread through the Google Play Store

SharkBot Banking Trojan spreads through fake AV apps on Google Play

NetDooka framework distributed via a pay-per-install (PPI) malware service

An expert shows how to stop popular ransomware samples via DLL hijacking

Crooks made more than $560K with a simple clipboard hijacker

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

New CACTUS ransomware appeared in the threat landscape

Top Cybersecurity Accounts to Follow on Twitter

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Symbiote, a nearly-impossible-to-detect Linux malware?

BlackCat Ransomware gang breached over 60 orgs worldwide

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

Microsoft blocked Polonium attacks against Israeli organizations

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

City of Dallas shut down IT services after ransomware attack

Security Affairs newsletter Round 364 by Pierluigi Paganini

Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild

DEV-0569 group uses Google Ads to distribute Royal Ransomware

China-linked Moshen Dragon abuses security software to sideload malware

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Fleckpe Android malware totaled +620K downloads via Google Play Store

RTM Locker, a new RaaS gains notorieties in the threat landscape

Cyber Security Roundup for April 2021

Microsoft: North Korea-linked Zinc APT targets security experts

Ezuri memory loader used in Linux and Windows malware

New BotenaGo variant specifically targets Lilin security camera DVR devices

Epic Manchego gang uses Excel docs that avoid detection

Experts spotted Syslogk, a Linux rootkit under development

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

From Targeted Attack to Untargeted Attack

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Lampion malware v2 February 2020

Security Affairs newsletter Round 227

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

Cyber Insurance and the Changing Global Risk Environment

Threat Report Portugal: Q3 2020

Stay Connected