2018 and Antivirus - Cyber Security Informer

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

According to §7 BSI law, the BSI warns against the use of Kaspersky Antivirus and recommends replacing it asap with defense solutions from other vendors. The alert pointed out that antivirus software operates with high privileges on machines and if compromised could allow an attacker to take over them. Pierluigi Paganini.

Antivirus

Antivirus Software Manufacturing Information Security

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

FEBRUARY 16, 2019

Researchers at Cybereason’s Nocturnus team have uncovered a new Astaroth Trojan campaign that is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and drop malicious modules. According to the experts, LOLbins are very effecting in evading antivirus software.

Antivirus

Antivirus Passwords Malware Advertising

Firefox finally addressed the Antivirus software TLS Errors

Security Affairs

JULY 2, 2019

Firefox finally addressed the issues with antivirus apps crashing HTTPS websites starting with the release of Firefox 68. Mozilla announced that it will resolve the issues that caused antivirus apps crashing HTTPs websites with the release of Firefox 68 version. This is possible by installing root certificates on the device.

Antivirus

Antivirus Software Advertising Information Security

Windows Defender is the first antivirus solution that can run in a sandbox

Security Affairs

OCTOBER 30, 2018

Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers. This is probably the first case of a sandbox mechanism implemented for an antivirus solution that aims at protecting the Windows systems if it is compromised.

Antivirus

Antivirus Advertising Malware Software

On the Evolution of Ransomware

Schneier on Security

DECEMBER 30, 2020

The antivirus firm Emsisoft found that the average requested fee has increased from about $5,000 in 2018 to about $200,000 this year. Ransomware is a decades-old idea. Today, it’s increasingly profitable and professional.

Ransomware

Ransomware Antivirus

Microsoft Put Off Fixing Zero Day for 2 Years

Krebs on Security

AUGUST 16, 2020

In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018. Bernardo Quintero is the manager at VirusTotal , a service owned by Google that scans any submitted files against dozens of antivirus services and displays the results.

Antivirus

Antivirus Malware Software

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

The Hacker News

JUNE 25, 2021

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits.

Antivirus

Antivirus Hacking Malware Software

Antivirus Renegade John McAfee Found Dead in Spanish Prison Cell

SecureWorld News

JUNE 23, 2021

McAfee was arrested in Spain in October 2020 following the Western District of Tennessee's announcement of a 10-count indictment for skipping out on millions in incomes taxes from 2014 to 2018. He was also charged in a Manhattan federal court earlier this year for his alleged involvement in a pump-and-dump cryptocurrency scheme.

Antivirus

Antivirus Cryptocurrency Software

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

“While the Windows system is in safe mode antivirus software doesn’t work. The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus

Antivirus Cryptocurrency Malware Software

Antivirus Renegade John McAfee Found Dead in Spanish Prison Cell

SecureWorld News

JUNE 23, 2021

McAfee was arrested in Spain in October 2020 following the Western District of Tennessee's announcement of a 10-count indictment for skipping out on millions in incomes taxes from 2014 to 2018. He was also charged in a Manhattan federal court earlier this year for his alleged involvement in a pump-and-dump cryptocurrency scheme.

Antivirus

Antivirus Cryptocurrency Software

Multi-Platform Malware Framework ‘MATA’ On A Global Rampage

SecureBlitz

MARCH 5, 2024

” This framework has been targeting victims globally since at least April 2018. READ ALSO: 5 Top Cybersecurity Books You Must Read Kaspersky Lab's Analysis Early Detection: Kaspersky Lab identified the first traces of MATA in April 2018.

Malware

Malware Cybersecurity Antivirus

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. was used at the time of the attack), which enabled the attackers to exploit the CVE-2018-13379 vulnerability and gain access to the enterprise network.” ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

JULY 20, 2021

Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Severa ran several affiliate programs that paid cybercriminals to trick people into installing fake antivirus software. A native of St. The government argued that under U.S.

Antivirus

Antivirus Cybercrime Identity Theft Scams

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. UDP ports 53, 8888 and TCP port 80 (HTTP POST /fgdsvc).

Encryption

Encryption Antivirus DNS Advertising

New KryptoCibule Windows Trojan spreads via malicious torrents

Security Affairs

SEPTEMBER 2, 2020

Experts warn of the KryptoCibule Windows malware that has been active since late 2018 and has targeted users in the Czech Republic and Slovakia. The malware has been active since at least December 2018, it targets cryptocurrency users as a triple threat. ” concludes ESET.

Cryptocurrency

Cryptocurrency Antivirus Malware Advertising

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. The registration records for the website Cryptor[.]biz ” Crypt[.]guru’s

Malware

Malware Antivirus Cybercrime Hacking

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption. .

Software

Software Ransomware Antivirus Encryption

G Suite Ransomware Protection 2018

Spinone

NOVEMBER 11, 2018

With every new type of crypto or locker , the hash sum is changed, so an antivirus that is effective against one malware family will be ineffective a few months later against another type of ransomware. TRY IT FREE The post G Suite Ransomware Protection 2018 first appeared on SpinOne. How Can I Get Infected by Ransomware?

Ransomware

Ransomware Backups Encryption Antivirus

John McAfee found dead in prison cell ahead of extradition to US

Security Affairs

JUNE 23, 2021

One of the fathers of antivirus software, the entrepreneur John McAfee has been found dead in a Barcelona prison cell while he was waiting for extradition to the US. The authorities claim that the McAfee failed to file tax returns for incomes related to a period between 2014 and 2018. reads the press release published by DoJ.

Cryptocurrency

Cryptocurrency Banking Accountability Antivirus

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The software is broadly classified as malware by most antivirus companies, likely thanks to an advertised feature list that includes dumping the remote computer’s temporary memory; retrieving passwords from dozens of email programs; snarfing the target’s Wi-Fi credentials; and viewing the target’s Webcam.

Advertising

Advertising Antivirus Software Malware

Kaspersky addressed multiple issues in online protection solutions

Security Affairs

NOVEMBER 26, 2019

Kaspersky has addressed several vulnerabilities in the web protection features implemented in its antivirus solutions, including Internet Security, Total Security, Free Anti-Virus , Security Cloud, and Small Office Security products. As in: under some circumstances, antivirus would still crash. ” continues the analysis.

Antivirus

Antivirus Advertising Password Management Passwords

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These two software are currently unknown to most if not all antivirus companies.” “FUD” in the ad above refers to software and download links that are “Fully UnDetectable” as suspicious or malicious by all antivirus software. The Exe Clean service made malware look like goodware to antivirus products.

VPN

VPN Computers and Electronics Antivirus Software

New tech on SSDs to stop ransomware spread

CyberSecurity Insiders

SEPTEMBER 10, 2021

Presenting their find at the IEEE International Conference on Distributed Computing Systems in 2018, a team of researchers refined their invention even further that led to the innovation of a firmware that blocks ransomware from encrypting data on a computer network.

Ransomware

Ransomware Firmware Antivirus Encryption

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The weaponized RTF documents generated with the exploit builder are able to trigger the CVE-2017-11882 , CVE-2018-0798 , CVE-2018-0802 vulnerabilities in Microsoft’s Equation Editor. This tool was widely adopted by several China-linked threat actors, including Tick , Tonto Team and TA428.

Phishing

Phishing Malware Antivirus Encryption

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Security Affairs

SEPTEMBER 22, 2018

The Latvian expert Ruslans Bondars (37), who developed and run the counter antivirus service Scan4You has been sentenced to 14 years in prison. Scan4you is a VirusTotal like online multi-engine antivirus scanning service that could be used by vxers to test evasion abilities of their malware against the major antiviruses. billion.

Malware

Malware Antivirus Retail Advertising

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. In the background, the malware disables Windows Defender, EDR, and antivirus tools before dropping the ransomware payload.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018. The tools were published on a Telegram channel named Hack Boss that was created on November 26, 2018, and has over 2,500 subscribers.

Cryptocurrency

Cryptocurrency Malware Hacking Banking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn. Targeting enterprises Late 2018 – present day.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

million Windows systems between 2018 and 2020. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte terabyte of stolen data. Threat actors used custom malware to steal data from 3.2

Malware

Malware Computers and Electronics Software Financial Services

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 CVE-2018-10088 XiongMai uc-httpd 1.0.0 BotenaGo was written in Golang (Go) and at the time of the report published by the experts, it had a low antivirus (AV) detection rate (6/62). Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

Ransomware being spread through Fortinet VPN Devices

CyberSecurity Insiders

JANUARY 5, 2023

Though Fortinet that is into the business of selling security solutions such as firewalls and antivirus solutions has fixed the flaw, it appears to be too late, as hackers are buying and selling details of compromised devices on some hacking forums. But for reasons they made the information public in Jan 2023.

VPN

VPN Ransomware Antivirus Firewall

Hackers penetrated NEC defense business division in 2016

Security Affairs

JANUARY 31, 2020

“In July 2018, we succeeded in decrypting encrypted communication with an infected server and an external server that was performing unauthorized communication, and stored it on our internal server for information sharing with other departments used by our defense business division 27,445 files were found to have been accessed illegally.

Data breaches

Data breaches Advertising Antivirus Encryption

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

The Last Watchdog

APRIL 26, 2021

I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook.

B2C

B2C VPN Marketing Antivirus

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The second half of 2018 saw a drop in the number of malicious programs downloaded via browsers reaching its minimum at less than 5%, while in the first half of 2019 only every 19 th download was initiated via means other than email.

Ransomware

Ransomware Antivirus Banking Malware

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.

DNS

DNS Cryptocurrency Internet Internet

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

” Microleaves has long been classified by antivirus companies as adware or as a “potentially unwanted program” (PUP), the euphemism that antivirus companies use to describe executable files that get installed with ambiguous consent at best, and are often part of a bundle of software tied to some “free” download.

Advertising

Advertising Software Computers and Electronics Internet

A new variant of HawkEye stealer emerges in the threat landscape

Security Affairs

APRIL 17, 2019

The latest variant appeared in the cybercrime underground in December 2018, it was named HawkEye Reborn v9. Experts at Talos observed threat actors spreading the malware via malicious email campaigns starting with the second half of 2018 and continuing into 2019. ” reads the analysis published by Talos.

Antivirus

Antivirus Malware Advertising Passwords

Shade Ransomware gang shut down operations and releases 750K decryption keys

Security Affairs

APRIL 27, 2020

The Shade infections increased during October 2018, keeping a constant trend until the second half of December 2018, taking a break around Christmas, and then resuming in mid-January 2019 doubled in size. Moth of the victims belongs to high-tech, wholesale and education sectors.

Ransomware

Ransomware Advertising Antivirus Education

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

First launched in 2004 and updated most recently in 2018, the PCI Data Security (PCI DSS) standard is continually updated to reflect the evolving challenges of the cyberthreat landscape. Requirement 5: It is no longer sufficient to just have standard antivirus software. The current version, PCI DSS v3.2.1,

Antivirus

Antivirus Retail Software Accountability

New JNEC.a Ransomware delivered through WinRAR exploit

Security Affairs

MARCH 19, 2019

rar) spread by #WinRAR exploit ( #CVE -2018-20250). The vulnerability, tracked as CVE-2018-20250, was discovered by experts at Check Point in February, it could allow an attacker to gain control of the target system. At the moment of writing, 29 antivirus engines detect JNEC.a Possibly the first #ransomware (vk_4221345.rar)

Ransomware

Ransomware Antivirus Encryption Advertising

CISA warns of cyberespionage by Iranian APT “MuddyWater”

Malwarebytes

FEBRUARY 25, 2022

This APT group has conducted broad cyber campaigns in support of MOIS objectives since approximately 2018. Back it up with an effective antivirus solution , EDR and SIEM. . “MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS),” the advisory briefs its readers.

Government

Government Telecommunications Antivirus Phishing

BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver

Threatpost

FEBRUARY 10, 2020

The RobbinHood ransomware is using a deprecated Gigabyte driver as the tip of the spear for taking out antivirus products.

Antivirus

Antivirus Ransomware Malware

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Security Affairs

FEBRUARY 7, 2020

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Kobe identified unauthorized access to its network in August 2016 and in June 2017, Pasco had detected the intrusion in May 2018. According to people involved, Chinese hackers Tick may have been involved.

Manufacturing

Manufacturing Data breaches Advertising Antivirus

The German BSI agency recommends replacing Kaspersky antivirus software

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Trending Sources

Firefox finally addressed the Antivirus software TLS Errors

Windows Defender is the first antivirus solution that can run in a sandbox

On the Evolution of Ransomware

Microsoft Put Off Fixing Zero Day for 2 Years

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

Antivirus Renegade John McAfee Found Dead in Spanish Prison Cell

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Antivirus Renegade John McAfee Found Dead in Spanish Prison Cell

Multi-Platform Malware Framework ‘MATA’ On A Global Rampage

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Spam Kingpin Peter Levashov Gets Time Served

Some Fortinet products used hardcoded keys and weak encryption for communications

New KryptoCibule Windows Trojan spreads via malicious torrents

Why Malware Crypting Services Deserve More Scrutiny

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

G Suite Ransomware Protection 2018

John McAfee found dead in prison cell ahead of extradition to US

A Closer Look at the Snatch Data Ransom Group

Who’s Behind the RevCode WebMonitor RAT?

Kaspersky addressed multiple issues in online protection solutions

A Deep Dive Into the Residential Proxy Service ‘911’

New tech on SSDs to stop ransomware spread

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Crooks made more than $560K with a simple clipboard hijacker

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Mysterious custom malware used to steal 1.2TB of data from million PCs

BotenaGo botnet targets millions of IoT devices using 33 exploits

Ransomware being spread through Fortinet VPN Devices

Hackers penetrated NEC defense business division in 2016

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

Ransomware Revival: Troldesh becomes a leader by the number of attacks

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Breach Exposes Users of Microleaves Proxy Service

A new variant of HawkEye stealer emerges in the threat landscape

Shade Ransomware gang shut down operations and releases 750K decryption keys

The Five-Step PCI DSS 4.0 Transition Checklist

New JNEC.a Ransomware delivered through WinRAR exploit

CISA warns of cyberespionage by Iranian APT “MuddyWater”

BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Stay Connected