2017, Antivirus and Hacking - Cyber Security Informer

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine. According to §7 BSI law, the BSI warns against the use of Kaspersky Antivirus and recommends replacing it asap with defense solutions from other vendors. SecurityAffairs – hacking, BSI).

Antivirus

Antivirus Software Manufacturing Information Security

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. The attackers have exploited a directory traversal and arbitrary file upload vulnerability, tracked as CVE-2019-18187, in the Trend Micro OfficeScan antivirus. Pierluigi Paganini.

Antivirus

Antivirus Hacking Advertising Media

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

” Only one of the men sanctioned today is known to have been criminally charged in connection with hacking activity. Secret Service determined that he ran a massive “money mule” scheme, which used phony job offers to trick people into laundering money stolen from hacked small to mid-sized businesses in the United States.

Hacking

Hacking Cybercrime Ransomware Government

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. ”The websites promised to render malicious software fully undetectable by nearly every major provider of antivirus software. . SecurityAffairs – hacking, Kelihos). Pierluigi Paganini.

Antivirus

Antivirus Malware Cryptocurrency Software

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The WannaCry and NotPetya outbreaks in May and June 2017, respectively, were the most devastating in history. In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. SecurityAffairs – hacking, industrial enterprises). ” concludes the report.

Antivirus

Antivirus Encryption Malware Hacking

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs

JUNE 12, 2019

The last time security experts documented the FIN8’s activities was in 2016 and 2017. FireEye documented obfuscation techniques used by the group in June 2017 and the involvement of PUNCHTRACK POS-scraping malware. SecurityAffairs – FIN8, hacking). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Malware Advertising Retail

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

The company states that the bug affected all users who created or revoked shared invitation links between 17 April 2017 and 17 July 2022. SecurityAffairs – hacking, Slack). This issue was reported by an independent security researcher and disclosed to Slack on 17 July 2022. ” reads the advisory published by Slack. .

Passwords

Passwords Password Management Antivirus Encryption

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

Kaspersky discovers long time Malware based espionage campaign

CyberSecurity Insiders

JUNE 17, 2021

And information is out that the campaign could have started by a hacking group dubbed Ferocious Kitten that has been active since 2015 and was conducting spying through a highly sophisticated malware named MarkiRAT. . Russian Security Firm Kaspersky has uncovered an espionage campaign that was targeting Persian-speaking people in Iran.

Malware

Malware Surveillance Antivirus Software

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These two software are currently unknown to most if not all antivirus companies.” “FUD” in the ad above refers to software and download links that are “Fully UnDetectable” as suspicious or malicious by all antivirus software. The Exe Clean service made malware look like goodware to antivirus products.

VPN

VPN Computers and Electronics Antivirus Software

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

” But critics say WebMonitor is far more likely to be deployed on “pwned” devices, or those that are surreptitiously hacked. court to computer hacking and to creating, marketing and selling Blackshades , a RAT that was used to compromise and spy on hundreds of thousands of computers.

Advertising

Advertising Antivirus Software Malware

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution. Pierluigi Paganini.

DNS

DNS Cryptocurrency Internet Internet

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 CVE-2017-18368 ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 SecurityAffairs – hacking, BotenaGo). Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

Security Affairs newsletter Round 261

Security Affairs

APRIL 26, 2020

SecurityAffairs – newsletter, hacking). Are Maze operators behind the attack on the IT services giant Cognizant? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Hacking Advertising Antivirus

Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak

Security Affairs

SEPTEMBER 26, 2018

A former member of the NSA’s Tailored Access Operations hacking team was sentenced to 66 months in prison because he leaked top-secret online documents related to the US government ban on Kaspersky software. The man pleaded guilty in December 2017 to one count of willful retention of classified national defense information.

Antivirus

Antivirus Hacking Software Government

DoubleFeature, post-exploitation dashboard used by Equation Group APT

Security Affairs

DECEMBER 28, 2021

DanderSpritz made the headlines on April 14, 2017, when it was leaked by the Shadow Broker hacking group along with other tools and exploits belonging to NSA’s arsenal. The tool also includes features to bypass Antivirus engines and perform other malicious activities. . SecurityAffairs – hacking, IKEA).

Antivirus

Antivirus Malware Hacking Engineering

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. . Across the years, the researchers found analyzed multiple backdoors and hacking tools composing the arsenal of the cyberespionage group.

Malware

Malware Hacking Government Telecommunications

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

“The hacking campaign, known as “ Cloud Hopper ,” was the subject of a U.S. ” The report attributed the cyberespionage campaign to the China-linked APT10 (aka Menupass, and Stone Panda), the same group recently accused of hacking telco operators worldwide. SecurityAffairs – Cloud Hopper, hacking).

Identity Theft

Identity Theft Hacking System Administration Advertising

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The weaponized RTF documents generated with the exploit builder are able to trigger the CVE-2017-11882 , CVE-2018-0798 , CVE-2018-0802 vulnerabilities in Microsoft’s Equation Editor. SecurityAffairs – hacking, Russian defense contractor). The documents were used to deliver a previously undocumented backdoor, tracked as PortDoor.

Phishing

Phishing Malware Antivirus Encryption

Security Affairs newsletter Round 224 – News of the week

Security Affairs

JULY 28, 2019

Twitter account of Scotland Yard hacked and posted bizarre messages. BlackBerry Cylance addresses AI-based antivirus engine bypass. WSJ says Equifax to Pay $700 million settlement for 2017 breach. A new ProFTPD vulnerability exposes servers to hack. Comodo Antivirus is affected by several vulnerabilities.

Antivirus

Antivirus Spyware Advertising Hacking

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Xbash gets rolling by infecting one device, which then serves as the launch pad for deeper hacking forays limited only by the attacker’s initiative. To be sure, it’s not as if the good guys aren’t also innovating.

Passwords

Passwords Password Management Antivirus Internet

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

APRIL 18, 2019

Investigators believe the intruders were using the ScreenConnect software on the hacked Wipro systems to connect remotely to Wipro client systems, which were then used to leverage further access into Wipro customer networks. based company in 2016 and 2017. This is remarkably similar to activity that was directed against a U.S.

Retail

Retail Phishing Antivirus Internet

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. In one case, attackers attempted to exploit, without success, the CVE-2017-16238 vulnerability in a vulnerable driver for the antivirus product called Vir.IT Pierluigi Paganini.

Malware

Malware Phishing Antivirus Hacking

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

As of the publishing of this article, antivirus (AV) vendor detection for BotenaGo and its variants remains behind with very low detection coverage from most of AV vendors. In the same repository, we have found additional hacking tools collected from several different sources. Background. The original source of the code is yet unknown.

Malware

Malware IoT Authentication Antivirus

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Security Affairs

FEBRUARY 7, 2020

Kobe identified unauthorized access to its network in August 2016 and in June 2017, Pasco had detected the intrusion in May 2018. The attackers have exploited a directory traversal and arbitrary file upload vulnerability, tracked as CVE-2019-18187, in the Trend Micro OfficeScan antivirus. reported the Nikkei. . Pierluigi Paganini.

Manufacturing

Manufacturing Data breaches Advertising Antivirus

Could Your Company Survive a Ransomware Attack?

CyberSecurity Insiders

AUGUST 26, 2022

A ransomware attack occurs when somebody hacks a person’s or company’s computer system and demands a ransom payment in return. Some infamous examples of ransomware attacks over the years include: WannaCry: This ransomware attack occurred in May 2017 and had devastating effects worldwide. What Is a Ransomware Attack?

Ransomware

Ransomware Education Software Malware

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

” Microleaves has long been classified by antivirus companies as adware or as a “potentially unwanted program” (PUP), the euphemism that antivirus companies use to describe executable files that get installed with ambiguous consent at best, and are often part of a bundle of software tied to some “free” download.

Advertising

Advertising Software Computers and Electronics Internet

New APT ChamelGang Targets energy and aviation companies in Russia

Security Affairs

OCTOBER 4, 2021

The March attack was spotted after the experts noticed that the antivirus software installed on the systems of a Russia-based energy company repeatedly reported the presence of the Cobalt Strike Beacon in RAM. SecurityAffairs – hacking, ChamelGang). ” reads the analysis published by the experts. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Malware Technology Antivirus

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. In early 2017, he created accounts on several other Russian-speaking forums, including on the infamous exploit[.]in, Geography and victims. Proxy seller.

Antivirus

Antivirus Advertising Hacking Banking

Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies

Security Affairs

OCTOBER 15, 2018

SBU along with experts from a well-known antivirus company determined that the malware involved in the attack are updated versions of the Industroyer backdoor. Experts from the SBU also observed attackers using hacking tools that were used by the BlackEnergy hackers in previous attacks. ” states the ukrinform.net.

Cyber Attacks

Cyber Attacks Surveillance Telecommunications Advertising

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

When I first began writing about Vrublevsky in 2009 as a reporter for The Washington Post , ChronoPay and its sister firm Red & Partners (RNP) were earning millions setting up payment infrastructure for fake antivirus peddlers and spammers pimping male enhancement drugs. The latest document in the hacked archive is dated April 2021.

Banking

Banking Marketing DDOS Risk

On Chinese "Spy Trains"

Schneier on Security

SEPTEMBER 26, 2019

It's also why the United States has blocked the cybersecurity company Kaspersky from selling its Russian-made antivirus products to US government agencies. We have credible reports that the Chinese hacked Gmail around 2010, and there are ongoing concerns about both censorship and surveillance by the Chinese social-networking company TikTok.

Surveillance

Surveillance Wireless Government Internet

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. SecurityAffairs – hacking, Wannacry).

Malware

Malware Computers and Electronics Encryption Ransomware

Hackers penetrated NEC defense business division in 2016

Security Affairs

JANUARY 31, 2020

” NEC was informed of the intrusion in July 2017 by a security company contracted by the electronics company to investigate alleged unauthorized accesses to the internal network. The attackers have exploited a directory traversal and arbitrary file upload vulnerability, tracked as CVE-2019-18187, in the Trend Micro OfficeScan antivirus.

Data breaches

Data breaches Advertising Antivirus Encryption

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. In one case, attackers attempted to exploit, without success, the CVE-2017-16238 vulnerability in a vulnerable driver for the antivirus product called Vir.IT Pierluigi Paganini.

Malware

Malware Antivirus Hacking Accountability

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

Security Affairs

JULY 21, 2018

But for two whole years, until May 2018, Calisto remained off the radar of antivirus solutions, with the first detections on VT appearing only recently.” A few weeks later the malware was involved in attacks in the wild for the first time, threat actors hacked the website of the HandBrake app and poisoned the official app with it.

Antivirus

Antivirus Advertising Malware Accountability

A new variant of HawkEye stealer emerges in the threat landscape

Security Affairs

APRIL 17, 2019

The malicious code is under continuous enhancement, it is offered for sale on various hacking forums as a keylogger and stealer, it allows to monitor systems and exfiltrate information. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. ” continues the analysis. .”

Antivirus

Antivirus Malware Advertising Passwords

Top-Tier Russian Hacking group Fxmsp claims hack of major AntiVirus Companies

Security Affairs

MAY 10, 2019

A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software. Fxmsp is a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information.

Antivirus

Antivirus Hacking Artificial Intelligence Cybercrime

VIPRE certified to withstand real-life threats, ATP test proves

Vipre

JANUARY 5, 2021

Here’s how it works: the ATP test uses real-life hacking and penetration techniques typically used by hackers to access internal computer systems. This type of threat has been on the rise since 2017, and has proven to be quite successful at attacking. This ATP test focused on: Fileless attacks.

Antivirus

Antivirus Malware Software Hacking

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. ru using the email address tretyakov-files@yandex.ru.

Ransomware

Ransomware Accountability Cybercrime Backups

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Security Affairs

OCTOBER 11, 2018

In June 2017, researchers at antivirus firm ESET discovered a new strain of malware, dubbed Industroyer, that was designed to target power grids. “In June 2017, when many large corporations worldwide were hit by the Diskcoder.C Security Affairs – instant messaging, hacking ). Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. Background of Latin American Trojans.

Antivirus

Antivirus Malware Banking Internet

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. More than 80% of all malicious files were disguised as .zip rar archive files. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

The German BSI agency recommends replacing Kaspersky antivirus software

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Trending Sources

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Chinese actors behind attacks on industrial enterprises and public institutions

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Kaspersky discovers long time Malware based espionage campaign

A Deep Dive Into the Residential Proxy Service ‘911’

Who’s Behind the RevCode WebMonitor RAT?

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs newsletter Round 261

Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak

DoubleFeature, post-exploitation dashboard used by Equation Group APT

Purple Lambert, a new malware of CIA-linked Lambert APT group

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs newsletter Round 224 – News of the week

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Wipro Intruders Targeted Other Major IT Firms

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

BotenaGo strikes again – malware source code uploaded to GitHub

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Could Your Company Survive a Ransomware Attack?

Breach Exposes Users of Microleaves Proxy Service

New APT ChamelGang Targets energy and aviation companies in Russia

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

On Chinese "Spy Trains"

Wannacry, the hybrid malware that brought the world to its knees

Hackers penetrated NEC defense business division in 2016

Microsoft: North Korea-linked Zinc APT targets security experts

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

A new variant of HawkEye stealer emerges in the threat landscape

Top-Tier Russian Hacking group Fxmsp claims hack of major AntiVirus Companies

VIPRE certified to withstand real-life threats, ATP test proves

A Closer Look at the Snatch Data Ransom Group

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Stay Connected