Antivirus, DNS, Information Security and Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . “While the Windows system is in safe mode antivirus software doesn’t work. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus

Antivirus Cryptocurrency Malware Software

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The operations behind the DirtyMoe botnet rapidly changed since the end of 2020, when the malware authors added a worm module that could increase their activity by spread via the internet to other Windows systems. ” concludes the analysis.”

DNS

DNS Cryptocurrency Internet Internet

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. The experts used passive DNS records to uncover Glupteba domains and hosts and analyzed the latest set of TLS certificates used by the bot to figure out the infrastructure used by the attackers. Pierluigi Paganini.

DNS

DNS Antivirus Cryptocurrency Software

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

IoT

IoT DNS Antivirus DDOS

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The group has been observed using new tactics, techniques, and procedures (TTPs), it is also using updated malware to evade detection. The malicious code is used by the hackers to deliver a Moner (XMR) crypto miner that is not detected by almost any antivirus solution. ” reads the analysis published by the security firm Anomaly.

Cybercrime

Cybercrime DNS Malware Advertising

Security Affairs newsletter Round 302

Security Affairs

FEBRUARY 21, 2021

If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 302 appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Firmware

Firmware DNS Data breaches Antivirus

Multiple Nation-State actors are exploiting Log4Shell flaw

Security Affairs

DECEMBER 16, 2021

In these attacks, HAFNIUM-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems.” In addition, HAFNIUM, a threat actor group operating out of China, has been observed utilizing the vulnerability to attack virtualization infrastructure to extend their typical targeting.

Ransomware

Ransomware DNS Antivirus Hacking

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

The new loader is able to drop the malware directly in memory, it was dubbed BOOSTWRITE and allows threat actors to load several malicious codes, including the Carbanak backdoor. In March, the group carried out attacks delivering a previously unseen malware tracked as SQLRat that drops files and executes SQL scripts on the host.

Identity Theft

Identity Theft Hacking Advertising DNS

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). We hypothesize that the general aim is to provide operators with “full-spectrum malware” in order to evade security products.

Malware

Malware DNS Government Software

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Surveillance

Surveillance Malware Authentication DNS

Matryosh DDoS botnet targets Android-Based devices via ADB

Security Affairs

FEBRUARY 4, 2021

Netlab researchers spotted a new Android malware, dubbed Matryosh , that is infecting devices to recruit them in a distributed denial-of-service (DDoS) botnet. The ADB could be abused by malware to target Android phones through port 5555. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

DDOS

DDOS DNS Antivirus Malware

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Server: Provides powerful computing and storage in local, cloud, and data center networks to run services (Active Directory, DNS, email, databases, apps). Next-generation firewalls (NGFWs): Improve the general security of a firewall with advanced packet analysis capabilities to block malware and known-malicious sites.

Architecture

Architecture Network Security Firewall Risk

Cyber mercenaries group DeathStalker uses a new backdoor

Security Affairs

DECEMBER 5, 2020

. “In strict accordance with DeathStalker’s traditions, the implant will try to evade detection or sandboxes execution with various tricks such as detecting mouse movements, filtering the client’s MAC addresses, and adapting its execution flow depending on detected antivirus products.”

DNS

DNS Phishing Antivirus Encryption

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

MalwareBytes has somehow won the battle of the best consumer anti-malware offering. Change your DNS to 1.1.1.2, Next, you can consider changing your DNS settings on all your devices to use those by Cloudflare. blocks just malware, and 1.1.1.3 blocks malware and adult content. or 1.1.1.3

Passwords

Passwords DNS Accountability IoT

Security Affairs newsletter Round 358 by Pierluigi Paganini

Security Affairs

MARCH 20, 2022

EU and US agencies warn that Russia could attack satellite communications networks Avoslocker ransomware gang targets US critical infrastructure Crooks claims to have stolen 4TB of data from TransUnion South Africa Exotic Lily initial access broker works with Conti gang Emsisoft releases free decryptor for the victims of the Diavol ransomware China-linked (..)

DNS

DNS Antivirus DDOS Hacking

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

Low AV detection of SFX malware. cmd” , which firstly checks for the presence of malware analysis tools. This document, written in Ukraine language, contains information about a criminal charge. Fake document to divert attention on malware execution. Information about C2 and relative DNS. Content of SFX.

Passwords

Passwords DNS Engineering Malware

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

It involves DNS cache poisoning as it redirects users to a malicious site even if they enter the correct web address. This link is the landing page to a malware which allows the host to access the account details of the person lending on the site. Tips to Prevent Phishing. Protect Your Device and Connection.

Phishing

Phishing Accountability Authentication Passwords

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Firefox finally addressed the Antivirus software TLS Errors. Cryptomining Campaign involves Golang malware to target Linux servers. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). A cyberattack took offline websites of the Georgia agency. Cyber Defense Magazine – July 2019 has arrived.

Scams

Scams Spyware DNS Advertising

Cyber Security Informer

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Webinars

Trending Sources

Symbiote, a nearly-impossible-to-detect Linux malware?

Webinars

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Linksys force password reset to prevent Router hijacking

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs newsletter Round 364 by Pierluigi Paganini

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs newsletter Round 302

Multiple Nation-State actors are exploiting Log4Shell flaw

FIN7 Hackers group is back with a new loader and a new RAT

Tomiris called, they want their Turla malware back

European firm DSIRF behind the attacks with Subzero surveillance malware

Matryosh DDoS botnet targets Android-Based devices via ADB

Top Cybersecurity Accounts to Follow on Twitter

Network Security Architecture: Best Practices & Tools

Cyber mercenaries group DeathStalker uses a new backdoor

A 3-Tiered Approach to Securing Your Home Network

Security Affairs newsletter Round 358 by Pierluigi Paganini

A month later Gamaredon is still active in Eastern Europe

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs newsletter Round 221 – News of the week

Stay Connected