Antivirus, Document, Hacking and Information Security

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. SecurityAffairs – Mitsubishi Electric, hacking).

Antivirus

Antivirus Hacking Advertising Media

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The gang also published several pictures of passports and company documents as proof of the hack. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. Cactus Ransomware has just posted Schneider Electric.

Ransomware

Ransomware Digital transformation Retail Antivirus

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

As proof of the data breach, the extortion group published data samples, including passport images, NDAs, contracts, and other documents. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Data breaches

Data breaches Ransomware Manufacturing Encryption

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

Malwarebytes

FEBRUARY 12, 2024

Haddix, who launched his own cybersecurity training and consulting firm Arcanum Information Security this year, said he learned so much during his time at Ubisoft that he and his peers in the industry coined a new, humorous term for attacks that abuse internet-connected platforms: “A browser and a dream.”

Malware

Malware Ransomware Antivirus Information Security

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta ‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. SecurityAffairs – hacking, FIN7).

Cybercrime

Cybercrime Ransomware Antivirus Malware

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. “According to court documents and evidence introduced at trial, Oleg Koshkin, 41, formerly of Estonia, operated the websites “Crypt4U.com,” “fud.bz” and others.” Pierluigi Paganini.

Antivirus

Antivirus Malware Cryptocurrency Software

Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage

Security Affairs

MAY 6, 2021

Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. In the summer of 2019, a China-linked APT called Tick Group exploited two zero-days impacting Trend Micro’s Apex One and OfficeScan XG enterprise security products. . Pierluigi Paganini.

Antivirus

Antivirus Software Hacking Malware

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. The RTF documents were uncovered by Cybereason Nocturnus Team while investigating recent developments in the RoyalRoad weaponizer, also known as the 8.t t Dropper/RTF exploit builder.

Phishing

Phishing Malware Antivirus Encryption

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

Security Affairs

MARCH 20, 2023

Avast researchers reported that threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer. Adobe Acrobat Sign allows registered users to sign documents online and send a document signature request to anyone. ” reads the anaysis published by Avast.

Antivirus

Antivirus Malware Engineering Hacking

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

. “A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

New RTF Template Inject technique used by APT groups in recent attacks

Security Affairs

DECEMBER 1, 2021

The RTF template injection technique abuses legitimate RTF template functionality to subvert the plain text document formatting properties of the file and retrieve a malicious payload from a remote server instead of a file resource via an RTF’s template control word capability. SecurityAffairs – hacking, RTF template injection).

Phishing

Phishing Antivirus Engineering Hacking

Security Affairs newsletter Round 381

Security Affairs

AUGUST 28, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 381 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DDOS

DDOS Data breaches Malware Antivirus

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

The operators behind LockFile ransomware encrypt alternate blocks of 16 bytes in a document to evade detection. Instead, LockFile encrypts every other 16 bytes of a document. This means that a file such as a text document remains partially readable and looks statistically like the original. ” states Sophos.

Encryption

Encryption Ransomware Financial Services Antivirus

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

APOMacroSploit is a macro builder that was to create weaponized Excel documents used in multiple phishing attacks. Excel documents created with the APOMacroSploit builder are capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection.

Malware

Malware Antivirus Phishing Cryptocurrency

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. SecurityAffairs – hacking, seo poisoning).

Antivirus

Antivirus Security Intelligence Malware Insurance

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Security Affairs

NOVEMBER 30, 2021

“VirusTotal does not showcase the evolution of detections of antivirus products over time, but almost all campaigns have or had a 0/62 FUD score on VirusTotal at some point in time, confirming the difficulty of detecting dropper apps with a minimal footprint.” SecurityAffairs – hacking, banking Trojan). Pierluigi Paganini.

Banking

Banking Antivirus Malware Authentication

Foreign hackers breached Russian federal agencies, said FSB

Security Affairs

MAY 22, 2021

A joint report published by Rostelecom-Solar and the FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have stolen information from Russian federal agencies. ” Once compromised the networks of the targeted agencies, hackers gathered sensitive information from internal systems.

Computers and Electronics

Computers and Electronics Malware Antivirus Government

France national cyber-security agency warns of a surge in Emotet attacks

Security Affairs

SEPTEMBER 7, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Generally speaking, removal/cleaning by antivirus is not a sufficient guarantee.

Malware

Malware Advertising Antivirus Banking

DoubleFeature, post-exploitation dashboard used by Equation Group APT

Security Affairs

DECEMBER 28, 2021

DanderSpritz made the headlines on April 14, 2017, when it was leaked by the Shadow Broker hacking group along with other tools and exploits belonging to NSA’s arsenal. The tool also includes features to bypass Antivirus engines and perform other malicious activities. . SecurityAffairs – hacking, IKEA). Pierluigi Paganini.

Antivirus

Antivirus Malware Hacking Engineering

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

Test security of systems and networks regularly. Support information security within organizational policies and programs. Requirement 5: It is no longer sufficient to just have standard antivirus software. Restrict physical access to cardholder data. Log and monitor all access to system components and cardholder data.

Antivirus

Antivirus Retail Software Accountability

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. EXE which is responsible for the insertion and editing of equations (OLE objects) in documents. SecurityAffairs – hacking, industrial enterprises). The vulnerability affects the MS Office component EQNEDT32.EXE Pierluigi Paganini.

Encryption

Encryption Antivirus Malware Hacking

Ryuk ransomware operations already made over $150M

Security Affairs

JANUARY 7, 2021

“Both exchanges require identity documents in order to exchange cryptocurrencies for fiat or to make transfers to banks, however it isn’t clear if the documents they accept are scrutinized in any meaningful way. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. .

Ransomware

Ransomware Cryptocurrency Antivirus Banking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. SecurityAffairs – hacking, CISA). Pierluigi Paganini.

Government

Government Banking Advertising Malware

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

A bug in Google Drive could be exploited by threat actors to distribute malicious files disguised as legitimate documents or images. An unpatched weakness in Google Drive could be exploited by threat actors to distribute weaponized files disguised as legitimate documents or images. SecurityAffairs – hacking, Google Drive).

Malware

Malware Phishing Advertising Antivirus

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

On June 26, 2019, experts at eSentire Threat Intelligence discovered a C2 infrastructure pointing to a similar Dridex variant that was undetected by most of the antivirus listed in VirusTotal service. At the time of discovery, using data from VirusTotal, only six antivirus solutions of about 60 detected suspicious behavior [ 2 ].

Banking

Banking Antivirus Advertising Encryption

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

Upon opening the document, a malicious template file is downloaded and saved on the system. At the time of publication, this particular file is undetected by all antivirus vendors according to VirusTotal” The Base64 encoded payload, once decrypted, is a Windows 64-bit executable (1.7MB) called “msdllupdate.exe.”.

Malware

Malware DNS Antivirus Encryption

UHS hospitals hit by Ryuk ransomware attack

Security Affairs

SEPTEMBER 28, 2020

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. ” Some reports circulating online reveal that the ransomware added the “ ryk” extension to the filenames of encrypted documents, a circumstance that confirms a Ryuk ransomware infection.

Ransomware

Ransomware Healthcare Advertising Antivirus

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

JUNE 7, 2021

In February, the Ukraine ‘s government blamed a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). According to Ukrainian officials, the hackers aimed at disseminating malicious documents to government agencies. Pierluigi Paganini.

Phishing

Phishing Government Antivirus Passwords

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

The archive contains LNK (shortcut) files that extract and execute JavaScript code while displaying a decoy document (usually a photo of an ID, credit card, or a bill to prove the physical address). SecurityAffairs – hacking, Evilnum). The version 4.0 The image is stored in a file called SC4.P7D Pierluigi Paganini.

eCommerce

eCommerce Advertising Malware Spyware

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. . Across the years, the researchers found analyzed multiple backdoors and hacking tools composing the arsenal of the cyberespionage group.

Malware

Malware Hacking Government Telecommunications

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Once provided the login credentials, the user will be informed of a pending refund and will be asked to download a document, print and sign it. The signed document has to be sent or uploaded to the portal. SecurityAffairs – APT, hacking). The analysis published by Cofense includes the Indicators of Compromise (IoCs).

Phishing

Phishing Social Engineering Malware Advertising

JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East

Security Affairs

JANUARY 20, 2020

” This new RAT is dropped to the victims via malicious Microsoft Office documents.” “The dropper, along with the Python RAT, attempts to gather information on the victim’s machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB and Google Forms.”

Antivirus

Antivirus Malware Advertising Accountability

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Most of the stolen files (50%+) were text files, some of them containing software logs, passwords, personal notes, and other sensitive information. Experts found over 650,000 Word documents and.pdf files in the archive. SecurityAffairs – hacking, custom malware). png and 224,000.jpg million entries) Mozilla FireFox (3.3

Malware

Malware Computers and Electronics Software Financial Services

Trusted relationship attacks: trust, but verify

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. Attackers continue to refine their multi-step schemes and social engineering methods, often using attached documents and archives containing malware to penetrate the network.

VPN

VPN Accountability Passwords Antivirus

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

In the documented attack, once the backdoor is deployed, UNC2465 interactively established an NGROK tunnel and performed lateral movements in less than 24 hours. “A well-rounded security program is essential to mitigate risk from sophisticated groups such as UNC2465 as they continue to adapt to a changing security landscape.”

Cybercrime

Cybercrime Ransomware Antivirus Software

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

However, the use of an uncommon platform may have helped evade detection by antivirus software.” The Java downloader is obfuscated via Allatori in the bait document, the malware downloads the Node.js SecurityAffairs – Coronavirus, hacking). . “The use of Node.js malware file (either “qnodejs-win32-ia32.js”

Malware

Malware Phishing Advertising Antivirus

The Hacker Mind Podcast: Hacking Charity

ForAllSecure

JULY 28, 2021

His book, Hacking Google was a best seller, but after, he just wasn't feeling it. Welcome to the hacker mind in original podcast from for all secure, it's about challenging our expectations about the people who hack for a living. Either version, the idea here is to empower others to help themselves, to hack.

Hacking

Hacking Computers and Electronics InfoSec Technology

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event. It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event.

Antivirus

Antivirus Hacking Ransomware CISO

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus

Antivirus Malware Banking Internet

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

When malware initiates, it requests Google Drive documents for details on the C2’s IP address. This new threat takes advantage of google-sites and Google Drive documents to distribute the threat in Portugal. This is a mechanism that makes C2 persistence and dynamics. The high-level diagram of this threat is presented below.

Banking

Banking Malware Phishing Social Engineering

Dutch police arrested the author of Dryad and Rubella Macro Builders

Security Affairs

JULY 19, 2019

” Both macro builders allow crooks to easily create malicious Office documents that are usually involved in hacking campaigns as a first-stage loader for other malware. The macro might also purposely attempt to bypass endpoint security defenses. . “ concludes McAfee.

Malware

Malware Social Engineering Advertising Antivirus

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Apple). ” Kaspersky concludes. Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Adware Architecture Antivirus

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 This technology is stored in the Workbook OLE stream in Excel 97-2003 format which makes it very difficult to detect and parse by antivirus (AV) engines. macro code.

Malware

Malware Antivirus Technology Phishing

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Webinars

Trending Sources

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Webinars

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

New RTF Template Inject technique used by APT groups in recent attacks

Security Affairs newsletter Round 381

LockFile Ransomware uses a new intermittent encryption technique

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

SEO poisoning campaign aims at delivering RAT, Microsoft warns

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Foreign hackers breached Russian federal agencies, said FSB

France national cyber-security agency warns of a surge in Emotet attacks

DoubleFeature, post-exploitation dashboard used by Equation Group APT

The Five-Step PCI DSS 4.0 Transition Checklist

Chinese actors behind attacks on industrial enterprises and public institutions

Ryuk ransomware operations already made over $150M

CISA alert warns of Emotet attacks on US govt entities

A Google Drive weakness could allow attackers to serve malware

New variant of Dridex banking Trojan implements polymorphism

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

UHS hospitals hit by Ryuk ransomware attack

Russia behind a massive spear-phishing campaign that hit Ukraine

Evilnum Group targets European and British fintech companies

Purple Lambert, a new malware of CIA-linked Lambert APT group

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East

Mysterious custom malware used to steal 1.2TB of data from million PCs

Trusted relationship attacks: trust, but verify

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

QNodeService Trojan spreads via fake COVID-19 tax relief

The Hacker Mind Podcast: Hacking Charity

On the Irish Health Services Executive Hack

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Brazilian trojan banker is targeting Portuguese users using browser overlay

Dutch police arrested the author of Dryad and Rubella Macro Builders

New variant for Mac Malware XCSSET compiled for M1 Chips

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Stay Connected