2014, Antivirus, Information Security and Malware

Experts warn of flaws in popular Antivirus solutions

Security Affairs

OCTOBER 5, 2020

Researchers disclosed details of security flaws in popular antivirus software that could allow threat actors to increase privileges. Antivirus solutions that are supposed to protect the systems from infection may unintentionally allow malware in escalating privileges on the system. .

Antivirus

Antivirus Malware Advertising Software

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. The post Romanians arrested for running underground malware services appeared first on Security Affairs.

Malware

Malware Antivirus Cybercrime Software

Comodo Antivirus is affected by several vulnerabilities

Security Affairs

JULY 23, 2019

Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. We recommend to keep updated on future Comodo Antivirus releases.”

Antivirus

Antivirus Advertising Hacking Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

BlackBerry Cylance addresses AI-based antivirus engine bypass

Security Affairs

JULY 22, 2019

BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. “We verified the issue was not a universal bypass as reported, but rather a technique that allowed for one of the anti-malware components of the product to be bypassed in certain circumstances.

Antivirus

Antivirus Engineering Advertising Hacking

A flaw in Kaspersky Antivirus allowed tracking its users online

Security Affairs

AUGUST 15, 2019

A vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years.

Antivirus

Antivirus Advertising Software Internet

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. ” concludes the report.”Once

Software

Software Malware Telecommunications Antivirus

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware

Malware Antivirus Phishing Cryptocurrency

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps.

Malware

Malware Banking Mobile Spyware

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware

Malware Government Passwords System Administration

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

Experts pointed out that Google Chrome appears to implicitly trust any file downloaded from Google Drive, even if they are flagged and “malicious” by antivirus software as malicious. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Google Drive).

Malware

Malware Phishing Advertising Antivirus

Nemty Ransomware, a new malware appears in the threat landscape

Security Affairs

AUGUST 26, 2019

A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. ” Victims could upload their configuration file, in turn, the operators behind the ransomware will provide with the link to another website that comes with a chat function and more information on the demands.

Ransomware

Ransomware Malware Antivirus Encryption

Lampion malware v2 February 2020

Security Affairs

FEBRUARY 24, 2020

Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Figure 1: Lampion malware email templates. 2020-02-13] #Lampion v2 #portugal #malware #ATA 0998f6473004e0ba54ead5784ba62db8 h}//vrau-x.s3.us-east-2.amazonaws.[com/0.zip zip h//oiurx14x.s3.us-east-2.amazonaws.}com/P-14-7.dll

Malware

Malware Banking Antivirus Advertising

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. See Protecting Against Malicious Code.

Malware

Malware Passwords Advertising Antivirus

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection.

Antivirus

Antivirus Malware Cryptocurrency Software

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This study also concludes that a total of 377 Portuguese domains to spread different types of malware in the same period. SecurityAffairs – malware, hacking).

Malware

Malware Retail Advertising Antivirus

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.

Government

Government Banking Advertising Malware

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs

MARCH 24, 2020

ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. ch launched a malware repository, called MalwareBazaar , to allow experts to share known malware samples and related analysis. Malware batches are available for download on a daily base.

Malware

Malware Adware Cyber threats Advertising

Microsoft’s case study: Emotet took down an entire network in just 8 days

Security Affairs

APRIL 4, 2020

The attack described by Microsoft begun with a phishing message that was opened by an internal employee, the malware infected its systems and made lateral movements infected other systems in the same network. The virus halted core services by saturating the CPU usage on Windows devices. ” reads the Microsoft DART announcement.

Antivirus

Antivirus Malware Phishing Advertising

France national cyber-security agency warns of a surge in Emotet attacks

Security Affairs

SEPTEMBER 7, 2020

The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. Send the samples (.doc

Malware

Malware Advertising Antivirus Banking

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

“They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks , and to develop an incident response plan which they regularly test.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the advisory. Pierluigi Paganini.

Education

Education Ransomware Antivirus Backups

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

Security experts at eSentire observed a new campaign spreading a variant of the Dridex banking Trojan that implements polymorphism. The Dridex banking Trojan that has been around since 2014, it was involved in numerous campaigns against financial institutions over the years and crooks have continuously improved it. Pierluigi Paganini.

Banking

Banking Antivirus Advertising Encryption

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

Experts spotted a new malware dubbed QNodeService that was involved in Coronavirus-themed phishing campaign, crooks promise victims COVID-19 tax relief. Researchers uncovered a new malware dubbed QNodeService that was employed in a Coronavirus-themed phishing campaign. malware file (either “qnodejs-win32-ia32.js”

Malware

Malware Phishing Advertising Antivirus

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

APT group targets high profile networks in Central Asia

Security Affairs

MAY 16, 2020

Security firms have foiled an advanced cyber espionage campaign carried out by Chinese APT and aimed at infiltrating a governmental institution and two companies. Antivirus firms have uncovered and foiled an advanced cyber espionage campaign aimed at a governmental institution and two companies in the telecommunications and gas sector.

Telecommunications

Telecommunications Malware Advertising Antivirus

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He allegedly subscribed the GandCrab ransomware-as-a-service to create his own version of the malware and spread it running a spam campaign. The authors of the GandCrab RaaS also offers technical support and updates to its members, they also published a video tutorial that shows how the ransomware is able to avoid antivirus detection.

Ransomware

Ransomware Advertising Malware Hacking

Security Affairs newsletter Round 285

Security Affairs

OCTOBER 11, 2020

ransomware displays ransom note in innovative way Carnival confirms data breach as a result of the August ransomware attack Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP) Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns.

Advertising

Advertising Antivirus Data privacy Ransomware

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . “As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer.” ” concludes the researchers.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan. Pierluigi Paganini.

Antivirus

Antivirus Malware Advertising Security Intelligence

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

0)b31 router distributed by TrueOnline CVE-2014-2321 ZTE F460 and F660 cable modems CVE-2017-6334 NETGEAR DGN2200 devices with firmware through 10.0.0.50. BotenaGo was written in Golang (Go) and at the time of the report published by the experts, it had a low antivirus (AV) detection rate (6/62). v001 / 3.40(ULM.0)b31

IoT

IoT Firmware Malware Wireless

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing

Phishing Social Engineering Malware Advertising

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

“Account accesses for antivirus programs garner the second-highest prices: around $21.67. The cost for antivirus accounts is just over $20, while other types of accounts (cable, social media, VPN, streaming, adult, music, file sharing, and video game accounts) typically go for less than $10. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Experts found DLL Hijacking issues in Avast, AVG, and Avira solutions

Security Affairs

OCTOBER 23, 2019

Flaws in Avast, AVG, and Avira Antivirus could be exploited by an attacker to load a malicious DLL file to bypass defenses and escalate privileges. The Antivirus implements a self-defense mechanism that prevents malicious code to write and implant a DLL to its folders. This trick could allow hackers to evade detection.

Antivirus

Antivirus Advertising Security Defenses Hacking

Security Affairs newsletter Round 248

Security Affairs

JANUARY 26, 2020

Malware attack took down 600 computers at Volusia County Public Library. Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Advertising Antivirus DDOS

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details of the victims. When malware initiates, it requests Google Drive documents for details on the C2’s IP address.

Banking

Banking Malware Phishing Social Engineering

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Security Affairs

DECEMBER 29, 2019

The BIOLOAD loader shares similarities with BOOSTWRITE , another loader associated with the FIN7 group that is able to drop the malware directly in memory. Experts pointed out that the BIOLOAD’s WinBio.dll is still detected by a limited number of antivirus on VirusTotal scanning platform despite it was compiled nine months ago.

Cybercrime

Cybercrime Antivirus Identity Theft Advertising

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider. The version 4.0 The image is stored in a file called SC4.P7D

eCommerce

eCommerce Advertising Malware Spyware

UHS hospitals hit by Ryuk ransomware attack

Security Affairs

SEPTEMBER 28, 2020

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads one of the reports shared online.

Ransomware

Ransomware Healthcare Advertising Antivirus

JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East

Security Affairs

JANUARY 20, 2020

The malware targets a very specific set of Arabic-speaking countries, including Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain, and Lebanon. Once the images are loaded onto a target machine will deploy the Trojan that harvests information from the victim’s machine (i.e.

Antivirus

Antivirus Malware Advertising Accountability

Android Apps containing Clicker Trojan installed on over 100M devices

Security Affairs

AUGUST 10, 2019

Malware researchers at antivirus firm Dr Web discovered more than 33 Android Apps in the Google Play Store with over 100 million installations that contain a clicker Tojan tracked as Android. origin gather information about the infected system and sent it back to the C2. Once executed, Android. Pierluigi Paganini.

Mobile

Mobile Advertising Malware Data collection

Experts warn of flaws in popular Antivirus solutions

Romanians arrested for running underground malware services

Webinars

Trending Sources

Comodo Antivirus is affected by several vulnerabilities

Webinars

BlackBerry Cylance addresses AI-based antivirus engine bypass

A flaw in Kaspersky Antivirus allowed tracking its users online

China-linked Moshen Dragon abuses security software to sideload malware

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Purple Lambert, a new malware of CIA-linked Lambert APT group

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

New Android BlackRock malware targets hundreds of apps

US govt agencies share details of the China-linked espionage malware Taidoor

A Google Drive weakness could allow attackers to serve malware

Nemty Ransomware, a new malware appears in the threat landscape

Lampion malware v2 February 2020

CISA’s advisory warns of notable increase in LokiBot malware

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Report: Threat of Emotet and Ryuk

CISA alert warns of Emotet attacks on US govt entities

MalwareBazaar – welcome to the abuse-ch malware repository

Microsoft’s case study: Emotet took down an entire network in just 8 days

France national cyber-security agency warns of a surge in Emotet attacks

NCSC warns of a surge in ransomware attacks on education institutions

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

New variant of Dridex banking Trojan implements polymorphism

QNodeService Trojan spreads via fake COVID-19 tax relief

Linksys force password reset to prevent Router hijacking

APT group targets high profile networks in Central Asia

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs newsletter Round 285

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

A new Astaroth Trojan Campaign uncovered by Microsoft

BotenaGo botnet targets millions of IoT devices using 33 exploits

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

15 billion credentials available in the cybercrime marketplaces

Experts found DLL Hijacking issues in Avast, AVG, and Avira solutions

Security Affairs newsletter Round 248

Brazilian trojan banker is targeting Portuguese users using browser overlay

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Evilnum Group targets European and British fintech companies

UHS hospitals hit by Ryuk ransomware attack

JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East

Android Apps containing Clicker Trojan installed on over 100M devices

Stay Connected