2015, Antivirus and DNS - Cyber Security Informer

2015

Antivirus

DNS

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Pierluigi Paganini.

Passwords

Passwords DNS Malware Advertising

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Antivirus DNS Advertising

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The malicious code is used by the hackers to deliver a Moner (XMR) crypto miner that is not detected by almost any antivirus solution. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. . Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. One of several current Fudtools sites run by The Manipulaters. Image: Facebook.

Software

Software Phishing Cybercrime Accountability

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

Analyzing OilRigs malware that uses DNS Tunneling. Avast, Avira, Sophos and other antivirus solutions show problems after. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. European Commission is not in possession of evidence of issues with Kaspersky products.

Computers and Electronics

Computers and Electronics Spyware Data breaches Advertising

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

The group that has been active since late 2015 targeted businesses worldwide to steal payment card information. FIN7 has been observed making small changes to this malware family using multiple methods to avoid traditional antivirus detection, including a BOOSTWRITE sample where the dropper was signed by a valid Certificate Authority.

Identity Theft

Identity Theft Hacking Advertising DNS

Apple removed the popular app Adware Doctor because steals user browsing history

Security Affairs

SEPTEMBER 8, 2018

Patrick Wardle by redirecting DNS resolution was able to capture the exfiltrated data: The history.zip file is exfiltrated to a remote to dscan.yelabapp.com that is hosted on Amazon AWS servers, but the analysis of the DNS entries confirms that it is administered by an entity in China. Antivirus”, and ‘Dr.

Adware

Adware DNS Malware Advertising

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

It retrieves: System Info; Computer IP address; Network status; List of running processes; Available privileges; Usernames; Domain Admins; File on desktop machine; AntiVirus product on computer. Last DNS activity was in December 2018. Figure 14 – previous DNS of C2. Figure 7 – System information stealed by malware.

Malware

Malware DNS Social Engineering Advertising

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Also, the attacker behind this sample leans on the Dynamic DNS service “warzonedns.com”, pointing to the 213.183.58[.10 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising DNS Antivirus

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. Moreover, querying the services behind the latest associated DNS record the host responds with “403 Forbidden” message too, indicating the infrastructure may still be operative. Pierluigi Paganini.

Passwords

Passwords DNS Engineering Malware

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

It involves DNS cache poisoning as it redirects users to a malicious site even if they enter the correct web address. Another successful strategy for preventing phishing is to secure your device using anti-malware, antivirus, VPN and other security softwares. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Accountability Authentication Passwords

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Firefox finally addressed the Antivirus software TLS Errors. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. A cyberattack took offline websites of the Georgia agency. Cyber Defense Magazine – July 2019 has arrived.

Scams

Scams Spyware DNS Advertising

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

PoSeidon malware, discovered by Cisco researchers in 2015, installs a keylogger and searches the POS device’s memory for number sequences that match credit card data — then uploads that data to an exfiltration server. Multi-factor authentication is also required for remote access.

Retail

Retail Encryption Malware Artificial Intelligence

APT trends report Q1 2021

SecureList

APRIL 27, 2021

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. Ferocious Kitten is an APT group that has been active against Persian-speaking individuals since 2015 and appears to be based in Iran.

Malware

Malware Spyware Government Social Engineering

Linksys force password reset to prevent Router hijacking

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Trending Sources

Chinese-speaking cybercrime gang Rocke changes tactics

Webinars

“FudCo” Spam Empire Tied to Pakistani Software Firm

Security Affairs newsletter Round 210 – News of the week

FIN7 Hackers group is back with a new loader and a new RAT

Apple removed the popular app Adware Doctor because steals user browsing history

The return of the AdvisorsBot malware

LimeRAT spreads in the wild

A month later Gamaredon is still active in Eastern Europe

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs newsletter Round 221 – News of the week

Point-of-Sale (POS) Security Measures for 2021

APT trends report Q1 2021

Stay Connected