Accountability, Antivirus and Information Security

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Security Boulevard

JANUARY 16, 2022

Norton 360, a popular antivirus product, has installed a cryptocurrency mining program on its customers’ computers, some cities in Texas have been hit with a phishing scam designed to get users to pay through fraudulent QR code stickers on public parking meters, and how Facebook is still collecting data about you even if you deactivate […].

Accountability

Accountability Antivirus Cryptocurrency Scams

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. An attempted attack requires user authentication.”

Antivirus

Antivirus Hacking Advertising Media

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

Feedback message data contained Account id, feedback rating given, and users’ email addresses. Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. What Data Was Leaked?

Data breaches

Data breaches Accountability Mobile Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Bank logs : These are sets of data containing sensitive information about a bank account. Cashout : The term “cashout” refers to the process of extracting money from compromised bank accounts.

Banking

Banking Cybercrime Malware Accountability

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now protects users against attacks exploiting Exchange Server vulnerabilities. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. .

Antivirus

Antivirus Small Business Security Intelligence Hacking

Grandoreiro Banking Trojan is back and targets banks worldwide

Security Affairs

MAY 19, 2024

In each attack observed by the experts, threat actors instructed recipients to click on a link to view an invoice, fee, account statement, or make a payment, depending on the impersonated entity. It also prevented infections on Windows 7 machines in the US without antivirus.

Banking

Banking Malware Antivirus Accountability

Trusted relationship attacks: trust, but verify

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. Having compromised the service provider’s infrastructure, intruders can obtain user accounts or certificates issued by the target organization, and thereby connect to their systems.

VPN

VPN Accountability Passwords Antivirus

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Following initial access, threat actors were observed exploiting domain controller’ functions by generating new domain accounts to establish persistence. In some attacks, threat actors created an administrative account named itadm. The operators frequently disable security software to evade detection and for lateral movement.

Ransomware

Ransomware Encryption Antivirus VPN

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

SharkBot, the new generation banking Trojan distributed via Play Store

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. SharkBot is a banking trojan that has been active since October 2021, it allows to steal banking account credentials and bypass multi-factor authentication mechanisms. sellsourcecode.supercleaner).

Banking

Banking Antivirus Mobile Malware

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. .” ” reads the analysis published by the experts.

Banking

Banking Antivirus Malware Accountability

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Digital transformation Retail Antivirus

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. ” reads the report published by the experts.

Cybercrime

Cybercrime Antivirus Marketing Accountability

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Security Affairs

OCTOBER 19, 2023

The Onyx Sleet APT used a different attack chain, threat actors exploited JetBrains TeamCity flaw to create a new user account named krtbgt that’s likely intended to impersonate the Kerberos Ticket Granting Ticket. Use Microsoft Defender Antivirus to protect from this threat. Ensure that “ Safe DLL Search Mode ” is set.

Artificial Intelligence

Artificial Intelligence Accountability Antivirus Authentication

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

First launched in 2004 and updated most recently in 2018, the PCI Data Security (PCI DSS) standard is continually updated to reflect the evolving challenges of the cyberthreat landscape. is clearly failing to protect cardholder account details effectively in today’s environment. Install and maintain network security controls.

Antivirus

Antivirus Retail Software Accountability

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Data breaches

Data breaches Ransomware Manufacturing Encryption

ESET releases fixes for local privilege escalation bug in Windows Applications

Security Affairs

FEBRUARY 2, 2022

Antivirus firm ESET addressed a local privilege escalation vulnerability, tracked CVE-2021-37852, impacting its Windows clients. Antivirus firm ESET released security patches to address a high severity local privilege escalation vulnerability, tracked CVE-2021-37852, impacting its Windows clients.

Antivirus

Antivirus Internet Internet Hacking

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

Security Affairs

MARCH 9, 2021

Now Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions that are affected by the above vulnerabilities, collectively tracked as ProxyLogon. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Antivirus

Antivirus Accountability Software Hacking

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Each of us have a responsibility to embrace best privacy and security practices. And once they do, they swiftly try to gain access to accounts on other popular services.

Passwords

Passwords Password Management Antivirus Internet

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Security Affairs

OCTOBER 13, 2022

Kaspersky researchers discovered an unofficial WhatsApp Android application named ‘YoWhatsApp’ that steals access keys for users’ accounts. “To use the WhatsApp mod, users need to log in to their account of the legitimate app. steals WhatsApp keys, allowing threat actors to take over users’ accounts.

Mobile

Mobile Accountability Advertising Antivirus

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

In case a system was compromised through the Windows Remote Desktop feature, the experts recommend changing all passwords of all users that are allowed to login remotely and check the local user accounts for additional accounts the attacker might have added. ” reads the guide.

Ransomware

Ransomware Encryption Malware Accountability

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The FBI is seeking any information that can be shared related to the operations of the BlackCat ransomware operation. Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Implement network segmentation.

Ransomware

Ransomware Antivirus Passwords Malware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install and regularly update antivirus software on all hosts, and enable real time detection. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware DDOS Passwords Backups

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. ”The websites promised to render malicious software fully undetectable by nearly every major provider of antivirus software. . ” reads the press release published by DoJ.”The

Antivirus

Antivirus Malware Cryptocurrency Software

John McAfee found dead in prison cell ahead of extradition to US

Security Affairs

JUNE 23, 2021

One of the fathers of antivirus software, the entrepreneur John McAfee has been found dead in a Barcelona prison cell while he was waiting for extradition to the US. The investigators suppose that the income was directed into bank accounts and cryptocurrency exchange accounts in the names of nominees.

Cryptocurrency

Cryptocurrency Banking Accountability Antivirus

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

“What’s more concerning is that a large portion of antivirus software has proven ineffective against the Meduza stealer binary, either failing to detect it statically or dynamically” reads the analysis published by Uptycs. ” The administrator offers access to the stolen data through a management console.

Password Management

Password Management Passwords Malware Antivirus

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install and regularly update antivirus software on all hosts, and enable real time detection. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Firmware Antivirus Accountability

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

The investigation into the incident revealed that threat actor used a public-facing Citrix server as a point of entry, they likely used a valid account to access this server and perform lateral movements inside the victim’s network. The ransomware was employed in a targeted attack against one of the company’s customers.

Ransomware

Ransomware Encryption Accountability Antivirus

Tens of malicious NPM packages caught hijacking Discord servers

Security Affairs

DECEMBER 9, 2021

The libraries allow stealing Discord access tokens and environment variables from systems running giving the attackers full access to the victim’s Discord account. JFrog researchers have discovered 17 malicious packages in the NPM (Node.js package manager) repository that were developed to hijack Discord servers. ” concludes the report.

Antivirus

Antivirus Malware Accountability Firewall

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software. The advisory also recommends organizations exercise, test, and validate their security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. Notepad++, RDP Scanner, and 7zip.

Ransomware

Ransomware System Administration Antivirus Malware

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Babadeda is able to bypass antivirus solutions. According to the researchers, this crypto-malware was recently employed in several campaigns to deliver information stealers, RATs, and ransomware like LockBit. Threat actors are attempting to exploit the booming market for NFTs and crypto games.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. The binary is deployed using a specific flag that allows its execution, while the ZIP archive is removed.

Ransomware

Ransomware VPN Antivirus Encryption

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

“The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension. The post Experts spotted a variant of the Agenda Ransomware written in Rust appeared first on Security Affairs.

Ransomware

Ransomware Encryption Healthcare Education

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” In one confirmed case, the actors used a legitimate admin account to remotely log on to the domain controller [T1078].

Ransomware

Ransomware Healthcare Antivirus Encryption

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. “The lack of timely antivirus database updates for the security solution used on attacked systems also played a key role, preventing the solution from detecting and blocking the threat.

VPN

VPN Ransomware Antivirus Firmware

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. Once the banking Trojan is installed on the victim’s device, threat actors can steal sensitive banking information through the abuse of Accessibility Services (i.e.

Banking

Banking Mobile Social Engineering Malware

A new SharkBot variant bypassed Google Play checks again

Security Affairs

SEPTEMBER 5, 2022

While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, this new one asks the victim to install the malware as a fake update for the antivirus. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts.

Banking

Banking Malware Mobile Accountability

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Install and regularly update antivirus software on all hosts, and enable real time detection. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Accountability Firmware Antivirus

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

“All active accounts requiring a password reset are being notified directly with instructions. For information on password resets at any time, please visit our Help Centre: [link] ” concludes the advisory.

Passwords

Passwords Password Management Antivirus Encryption

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Links account for 29%, while attachments—for 71%. rar archive files.

Ransomware

Ransomware Antivirus Malware Banking

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

ransomware include remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and exploitation of public-facing applications. is capable of bypassing User Account Control (UAC) to execute code with elevated privileges via elevated Component Object Model (COM) Interface.

Ransomware

Ransomware Penetration Testing Encryption Accountability

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

. “TAG observed a North Korean government-backed attacker group that previously targeted security researchers posing as recruiters at Samsung and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.”

Malware

Malware Phishing Antivirus Hacking

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the report issued by the CERT-FR, operators behind the Pysa ransomware launched brute-force attacks against management consoles and Active Directory accounts. Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. newversion file extension instead of .

Education

Education Ransomware Encryption Antivirus

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Webinars

Trending Sources

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Webinars

Info stealers and how to protect against them

Microsoft Defender can now protect servers against ProxyLogon attacks

Grandoreiro Banking Trojan is back and targets banks worldwide

Trusted relationship attacks: trust, but verify

Akira ransomware received $42M in ransom payments from over 250 victims

Cactus ransomware gang claims the Schneider Electric hack

SharkBot, the new generation banking Trojan distributed via Play Store

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

15 billion credentials available in the cybercrime marketplaces

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

The Five-Step PCI DSS 4.0 Transition Checklist

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

ESET releases fixes for local privilege escalation bug in Windows Applications

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

BlackCat Ransomware gang breached over 60 orgs worldwide

Avoslocker ransomware gang targets US critical infrastructure

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

John McAfee found dead in prison cell ahead of extradition to US

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Ranzy Locker ransomware hit tens of US companies in 2021

New Agenda Ransomware appears in the threat landscape

Tens of malicious NPM packages caught hijacking Discord servers

FBI and CISA published a new advisory on AvosLocker ransomware

Threat actors target crypto and NFT communities with Babadeda crypter

New CACTUS ransomware appeared in the threat landscape

Experts spotted a variant of the Agenda Ransomware written in Rust

The U.S. CISA and FBI warn of Royal ransomware operation

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

SharkBot, a new Android Trojan targets banks in Europe

A new SharkBot variant bypassed Google Play checks again

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Ransomware Revival: Troldesh becomes a leader by the number of attacks

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Stay Connected