Antivirus, Document and Information Security

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. Pierluigi Paganini.

Antivirus

Antivirus Hacking Advertising Media

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The gang also published several pictures of passports and company documents as proof of the hack. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. Cactus Ransomware has just posted Schneider Electric.

Ransomware

Ransomware Digital transformation Retail Antivirus

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

Malwarebytes

FEBRUARY 12, 2024

Haddix, who launched his own cybersecurity training and consulting firm Arcanum Information Security this year, said he learned so much during his time at Ubisoft that he and his peers in the industry coined a new, humorous term for attacks that abuse internet-connected platforms: “A browser and a dream.”

Malware

Malware Ransomware Antivirus Information Security

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. “According to court documents and evidence introduced at trial, Oleg Koshkin, 41, formerly of Estonia, operated the websites “Crypt4U.com,” “fud.bz” and others.”

Antivirus

Antivirus Malware Cryptocurrency Software

Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage

Security Affairs

MAY 6, 2021

Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. In the summer of 2019, a China-linked APT called Tick Group exploited two zero-days impacting Trend Micro’s Apex One and OfficeScan XG enterprise security products. . Pierluigi Paganini.

Antivirus

Antivirus Software Hacking Malware

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. The RTF documents were uncovered by Cybereason Nocturnus Team while investigating recent developments in the RoyalRoad weaponizer, also known as the 8.t t Dropper/RTF exploit builder.

Phishing

Phishing Malware Antivirus Encryption

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

The Sentinel Labs’s analysis revealed that Black Basta ransomware operators develop and maintain their own toolkit, they documented only collaboration with a limited and trusted set of affiliates. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

. “A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

Security Affairs

MARCH 20, 2023

Avast researchers reported that threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer. Adobe Acrobat Sign allows registered users to sign documents online and send a document signature request to anyone. ” reads the anaysis published by Avast.

Antivirus

Antivirus Malware Engineering Hacking

New RTF Template Inject technique used by APT groups in recent attacks

Security Affairs

DECEMBER 1, 2021

The RTF template injection technique abuses legitimate RTF template functionality to subvert the plain text document formatting properties of the file and retrieve a malicious payload from a remote server instead of a file resource via an RTF’s template control word capability. ” reads the analysis published by ProofPoint.

Phishing

Phishing Antivirus Engineering Hacking

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft.

Antivirus

Antivirus Security Intelligence Malware Insurance

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

APOMacroSploit is a macro builder that was to create weaponized Excel documents used in multiple phishing attacks. Excel documents created with the APOMacroSploit builder are capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection.

Malware

Malware Antivirus Phishing Cryptocurrency

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

The operators behind LockFile ransomware encrypt alternate blocks of 16 bytes in a document to evade detection. Instead, LockFile encrypts every other 16 bytes of a document. This means that a file such as a text document remains partially readable and looks statistically like the original. ” states Sophos.

Encryption

Encryption Ransomware Financial Services Antivirus

France national cyber-security agency warns of a surge in Emotet attacks

Security Affairs

SEPTEMBER 7, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Generally speaking, removal/cleaning by antivirus is not a sufficient guarantee.

Malware

Malware Advertising Antivirus Banking

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Security Affairs

NOVEMBER 30, 2021

“VirusTotal does not showcase the evolution of detections of antivirus products over time, but almost all campaigns have or had a 0/62 FUD score on VirusTotal at some point in time, confirming the difficulty of detecting dropper apps with a minimal footprint.” ” reads the analysis published by the experts.

Banking

Banking Antivirus Malware Authentication

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

Test security of systems and networks regularly. Support information security within organizational policies and programs. Requirement 5: It is no longer sufficient to just have standard antivirus software. Restrict physical access to cardholder data. Log and monitor all access to system components and cardholder data.

Antivirus

Antivirus Retail Software Accountability

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign.

Government

Government Banking Advertising Malware

Ryuk ransomware operations already made over $150M

Security Affairs

JANUARY 7, 2021

“Both exchanges require identity documents in order to exchange cryptocurrencies for fiat or to make transfers to banks, however it isn’t clear if the documents they accept are scrutinized in any meaningful way. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Ransomware

Ransomware Cryptocurrency Antivirus Banking

JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East

Security Affairs

JANUARY 20, 2020

” This new RAT is dropped to the victims via malicious Microsoft Office documents.” “The dropper, along with the Python RAT, attempts to gather information on the victim’s machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB and Google Forms.”

Antivirus

Antivirus Malware Advertising Accountability

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

A bug in Google Drive could be exploited by threat actors to distribute malicious files disguised as legitimate documents or images. An unpatched weakness in Google Drive could be exploited by threat actors to distribute weaponized files disguised as legitimate documents or images.

Malware

Malware Phishing Advertising Antivirus

Foreign hackers breached Russian federal agencies, said FSB

Security Affairs

MAY 22, 2021

. “The main goal of the hackers was to completely compromise the IT infrastructure and steal confidential information, including documents from closed segments and mail correspondence of key federal executive authorities.” Group to download the collected data.

Computers and Electronics

Computers and Electronics Malware Antivirus Government

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

On June 26, 2019, experts at eSentire Threat Intelligence discovered a C2 infrastructure pointing to a similar Dridex variant that was undetected by most of the antivirus listed in VirusTotal service. At the time of discovery, using data from VirusTotal, only six antivirus solutions of about 60 detected suspicious behavior [ 2 ].

Banking

Banking Antivirus Advertising Encryption

Navigating the complex world of Cybersecurity compliance

CyberSecurity Insiders

MAY 17, 2023

This can include measures such as firewalls , antivirus, access management and data backup policies, etc. ISO/IEC 27001 ISO/IEC 27001 is an international standard that provides a framework for information security management systems (ISMS). It outlines best practices for managing and protecting sensitive information.

Cybersecurity

Cybersecurity Risk Insurance Firewall

DoubleFeature, post-exploitation dashboard used by Equation Group APT

Security Affairs

DECEMBER 28, 2021

The tool also includes features to bypass Antivirus engines and perform other malicious activities. . The leak was by the experts as “ Lost in Translation ” leak. . DanderSpritz has a modular structure and includes a wide variety of tools for persistence, reconnaissance, lateral movement.

Antivirus

Antivirus Malware Hacking Engineering

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. EXE which is responsible for the insertion and editing of equations (OLE objects) in documents. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017.

Antivirus

Antivirus Encryption Malware Hacking

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

The archive contains LNK (shortcut) files that extract and execute JavaScript code while displaying a decoy document (usually a photo of an ID, credit card, or a bill to prove the physical address). The version 4.0 The image is stored in a file called SC4.P7D

eCommerce

eCommerce Advertising Malware Spyware

Security Affairs newsletter Round 381

Security Affairs

AUGUST 28, 2022

Twilio hackers also breached the food delivery firm DoorDash Unprecedented cyber attack hit State Infrastructure of Montenegro Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus Critical flaw impacts Atlassian Bitbucket Server and Data Center Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access GoldDragon (..)

DDOS

DDOS Data breaches Malware Antivirus

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Security Affairs

MAY 23, 2019

The first two are techniques related to Office documents, used to hide malicious payload and lure the users. The third one is related to binary payloads abusing code signature tricks to evade traditional security controls. External resource in the analyzed document. Corrupted document. Classic phishing document view.

Antivirus

Antivirus Malware Advertising Cyber Attacks

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

JUNE 7, 2021

In February, the Ukraine ‘s government blamed a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). According to Ukrainian officials, the hackers aimed at disseminating malicious documents to government agencies.

Phishing

Phishing Government Antivirus Passwords

Updated MATA attacks industrial companies in Eastern Europe

SecureList

OCTOBER 18, 2023

Each phishing document contains an external link to fetch a remote page containing a CVE-2021-26411 exploit. The attackers continued to send malicious documents via email until the end of September 2022. Next, they were able to access the control panels of two security solutions simultaneously.

Malware

Malware Phishing Internet Internet

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus

Antivirus Malware Banking Internet

UHS hospitals hit by Ryuk ransomware attack

Security Affairs

SEPTEMBER 28, 2020

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. ” Some reports circulating online reveal that the ransomware added the “ ryk” extension to the filenames of encrypted documents, a circumstance that confirms a Ryuk ransomware infection.

Ransomware

Ransomware Healthcare Advertising Antivirus

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

Upon opening the document, a malicious template file is downloaded and saved on the system. At the time of publication, this particular file is undetected by all antivirus vendors according to VirusTotal” The Base64 encoded payload, once decrypted, is a Windows 64-bit executable (1.7MB) called “msdllupdate.exe.”.

Malware

Malware DNS Antivirus Encryption

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Once provided the login credentials, the user will be informed of a pending refund and will be asked to download a document, print and sign it. The signed document has to be sent or uploaded to the portal. The analysis published by Cofense includes the Indicators of Compromise (IoCs).

Phishing

Phishing Social Engineering Malware Advertising

Topic-specific policy 4/11: information transfer

Notice Bored

OCTOBER 14, 2021

"Information transfer" is another ambiguous, potentially misleading title for a policy, even if it includes "information security". Transmission of information through broadcasting, training and awareness activities, reporting, policies, documentation, seminars, publications, blogs etc.,

Information Security

Information Security Risk Media Encryption

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Most of the stolen files (50%+) were text files, some of them containing software logs, passwords, personal notes, and other sensitive information. Experts found over 650,000 Word documents and.pdf files in the archive. More than 1 million images have been stolen by the malware, including 696,000.png png and 224,000.jpg

Malware

Malware Computers and Electronics Software Financial Services

Global Effort Seizes EMOTET Botnet

SecureWorld News

JANUARY 28, 2021

One way that EMOTET was so effective was due to its ability to spread via word documents. In the past, EMOTET email campaigns have also been presented as invoices, shipping notices and information about COVID-19. Most antivirus programs look for known malware codes, making a code change difficult to be detected.

Cybercrime

Cybercrime Malware Antivirus Banking

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

In the documented attack, once the backdoor is deployed, UNC2465 interactively established an NGROK tunnel and performed lateral movements in less than 24 hours. “A well-rounded security program is essential to mitigate risk from sophisticated groups such as UNC2465 as they continue to adapt to a changing security landscape.”

Cybercrime

Cybercrime Ransomware Antivirus Software

Adaptive protection against invisible threats

SecureList

DECEMBER 14, 2020

Detecting an exploit or trojan that explicitly runs on a device is not a problem for an antivirus solution. For example, when a phishing email document is opened in Microsoft Office, all actions will be performed by the office application. Fin7 document with DDE execution. Legitimate software can hide risks. gov/fonts.txt')).

Technology

Technology Malware Antivirus Software

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

When malware initiates, it requests Google Drive documents for details on the C2’s IP address. This new threat takes advantage of google-sites and Google Drive documents to distribute the threat in Portugal. This is a mechanism that makes C2 persistence and dynamics. The high-level diagram of this threat is presented below.

Banking

Banking Malware Phishing Social Engineering

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 This technology is stored in the Workbook OLE stream in Excel 97-2003 format which makes it very difficult to detect and parse by antivirus (AV) engines. macro code.

Malware

Malware Antivirus Technology Phishing

The Language and Nature of Fileless Attacks Over Time

Lenny Zeltser

OCTOBER 12, 2018

” Eugene was prophetic in predicting that fileless malware “will become one of the most widespread forms of malicious programs” due to antivirus’ ineffectiveness against such threats. Paul Rascagnères at G Data mentioned that Poweliks infected systems by using a boobietrapped Microsoft Word document.

Malware

Malware Antivirus Software Cybersecurity

The 5 C’s of Audit Reporting

Centraleyes

MARCH 12, 2024

Audit Focus: Review and assess documentation to verify compliance with industry standards (ISO 27001, NIST, GDPR, etc.) Evaluate the organization’s processes for staying informed about changes in regulations and promptly adapting to them. and applicable regulations.

Risk

Risk Cybersecurity Government Firewall

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Trending Sources

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

New RTF Template Inject technique used by APT groups in recent attacks

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

LockFile Ransomware uses a new intermittent encryption technique

France national cyber-security agency warns of a surge in Emotet attacks

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

The Five-Step PCI DSS 4.0 Transition Checklist

CISA alert warns of Emotet attacks on US govt entities

Ryuk ransomware operations already made over $150M

JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East

A Google Drive weakness could allow attackers to serve malware

Foreign hackers breached Russian federal agencies, said FSB

New variant of Dridex banking Trojan implements polymorphism

Navigating the complex world of Cybersecurity compliance

DoubleFeature, post-exploitation dashboard used by Equation Group APT

Chinese actors behind attacks on industrial enterprises and public institutions

Evilnum Group targets European and British fintech companies

Security Affairs newsletter Round 381

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Russia behind a massive spear-phishing campaign that hit Ukraine

Updated MATA attacks industrial companies in Eastern Europe

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

UHS hospitals hit by Ryuk ransomware attack

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Topic-specific policy 4/11: information transfer

Mysterious custom malware used to steal 1.2TB of data from million PCs

Global Effort Seizes EMOTET Botnet

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Adaptive protection against invisible threats

Brazilian trojan banker is targeting Portuguese users using browser overlay

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

The Language and Nature of Fileless Attacks Over Time

The 5 C’s of Audit Reporting

Stay Connected