2014, Antivirus and Encryption - Cyber Security Informer

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. This cloud communication is used for the FortiGuard Web Filter feature, FortiGuard AntiSpam feature and FortiGuard AntiVirus feature.” Pierluigi Paganini.

Encryption

Encryption Antivirus DNS Advertising

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Ransomware Energy and Utilities Advertising

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering. Norton got ‘ demergered ’ from Symantec in 2014 and then acquired LifeLock for $2.3

Antivirus

Antivirus Marketing Identity Theft Social Engineering

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data.

Encryption

Encryption Small Business Risk Financial Services

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption. ” reads the report published by Sophos.

Software

Software Ransomware Antivirus Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

The Dridex banking Trojan that has been around since 2014, it was involved in numerous campaigns against financial institutions over the years and crooks have continuously improved it. At the time of discovery, using data from VirusTotal, only six antivirus solutions of about 60 detected suspicious behavior [ 2 ]. Pierluigi Paganini.

Banking

Banking Antivirus Advertising Encryption

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Ryuk infects computers by encrypting all local and shared files, not allowing the user’s access without paying the ransom. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. DOWNLOAD FULL REPORT.

Malware

Malware Advertising Retail Antivirus

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

Once gained the foothold in the target network, the attackers will attempt lateral movements to elevate the privileges and search for high-value machines to encrypt (i.e. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Education

Education Ransomware Antivirus Backups

Nemty Ransomware, a new malware appears in the threat landscape

Security Affairs

AUGUST 26, 2019

The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure. Below the ransom note dropped by the Nemty ransomware after the encryption process is completed. ” continues BleepingComputer.

Ransomware

Ransomware Malware Antivirus Encryption

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “On one of the compromised information systems, experts found encrypted files with the extension “ newversion.”

Government

Government Ransomware Encryption Penetration Testing

UHS hospitals hit by Ryuk ransomware attack

Security Affairs

SEPTEMBER 28, 2020

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. ” Some reports circulating online reveal that the ransomware added the “ ryk” extension to the filenames of encrypted documents, a circumstance that confirms a Ryuk ransomware infection.

Ransomware

Ransomware Healthcare Advertising Antivirus

Shade Ransomware gang shut down operations and releases 750K decryption keys

Security Affairs

APRIL 27, 2020

Shade was considered one of the most dangerous threats in the cyber crime scenario, it has been active at least since 2014 when a massive infection was observed in Russian. Unlike other ransomware strains that don’t encrypt victims in Russia and other CIS countries, Shade also targets computers in Russia and Ukraine.

Ransomware

Ransomware Advertising Antivirus Education

New JNEC.a Ransomware delivered through WinRAR exploit

Security Affairs

MARCH 19, 2019

The ransomware encrypts data on the victim’s machine and appends the.Jnec extension to the encrypted data asking a ransom 0.05 ransomware still has a low detection rate , it was identified as malicious by 31/71 antivirus of the VirusTotal services. At the moment of writing, 29 antivirus engines detect JNEC.a

Ransomware

Ransomware Antivirus Encryption Advertising

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. ” SEPTEMBER. In 2016, while the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Hackers penetrated NEC defense business division in 2016

Security Affairs

JANUARY 31, 2020

“In July 2018, we succeeded in decrypting encrypted communication with an infected server and an external server that was performing unauthorized communication, and stored it on our internal server for information sharing with other departments used by our defense business division 27,445 files were found to have been accessed illegally.

Data breaches

Data breaches Advertising Antivirus Encryption

New NextCry Ransomware targets Nextcloud instances on Linux servers

Security Affairs

NOVEMBER 18, 2019

NextCry is a new ransomware that was spotted by researchers while encrypting data on Linux servers in the wild. T he name comes from the extensions the ransomware appends to the filenames of encrypted files. The malicious code targets Nextcloud instances and it is currently undetected by antivirus engines. ” said xact64.

Ransomware

Ransomware Encryption Malware Advertising

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

JUNE 12, 2019

The flaw could be exploited by malicious programs trigger a denial of service condition by interrupting the encryption service for other programs. Obviously, lots of software that processes untrusted content (like antivirus) call these routines on untrusted data, and this will cause them to deadlock.” Pierluigi Paganini.

Encryption

Encryption Advertising Antivirus Hacking

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

’ In a first attack scenario, hackers leverage a Microsoft antivirus component to load mpsvc.dll that acts as a loader for Groza_1.dat. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Malware Advertising Antivirus

A new NAS Ransomware targets QNAP Devices

Security Affairs

JULY 11, 2019

The ransomware , tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali , is written in the Go programming language and uses AES encryption to encrypt files. encrypt extension to filenames of encrypted files. encrypt extension to the encrypted files.” onion websites.

Ransomware

Ransomware Encryption Malware Advertising

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

SEPTEMBER 23, 2020

Even today, less than half of the known antivirus engines are flagging the infection on VirusTotal , as observed by BleepingComputer: The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Antivirus

Antivirus Government Malware Advertising

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

Security Affairs

MARCH 21, 2019

Note that ransomware is probably detected during antivirus behavioral analysis — heuristic and signature-based detection are easily passed. Another interesting thing is that the ransomware sample launches itself with the -w argument and also spawned a new process for each file it encrypted. locker ” is appended. Let’s look.

Ransomware

Ransomware Encryption Malware Antivirus

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

The authors of the GandCrab RaaS also offers technical support and updates to its members, they also published a video tutorial that shows how the ransomware is able to avoid antivirus detection. ransom amount, individual bots and encryption masks). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Advertising Malware Hacking

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

Once encrypted files with the ransomware, threat actors were also infected by banking Trojans like Dridex trojan, a circumstance that suggests this malware was used as the initial attack vector. . In many cases, some machines run without standard safeguards, like security updates and cloud-delivered antivirus protection.”

Ransomware

Ransomware Cybercrime Social Engineering Banking

Malware researchers decrypted the Qrypter Payload

Security Affairs

MARCH 29, 2019

Sha256 4ede0d4787f2e5bc471de3490e5c9327b459985530e42def9cf5d94ea4c2cb2b Threat Qrypter-encrypted jRAT Brief Description Jar file contains jRAT Ssdeep 12288:vimJ+fjGuiwDBA19F7/8fDFsJTVjODmYae:vimkiwDB6z8fZsN3Yae. Encrypted file content. Encryption key used to decrypt all the other files. Technical Analysis. So, the “p14605.class”

Malware

Malware Encryption Advertising Engineering

Security Affairs newsletter Round 201 – News of the week

Security Affairs

FEBRUARY 17, 2019

Adiantum will bring encryption on Android devices without cryptographic acceleration. Astaroth Trojan relies on legitimate os and antivirus processes to steal data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Antivirus Malware Backups

A bug in the decryptor for the Ryuk ransomware could cause data loss

Security Affairs

DECEMBER 9, 2019

Experts from Antivirus maker Emsisoft discovered a bug in the decrypter app of the infamous Ryuk ransomware. megabytes) it will only encrypt certain parts of it in order to save time and allow it to work its way through the data as quickly as possible before anyone notices.” ” reads the post published by Emsisoft.

Ransomware

Ransomware Encryption Backups Advertising

API Security and Hackers: What?s the Need?

Security Affairs

MAY 30, 2020

Encryption. You and your partners can cipher all TLS (the successor to SSL) transfers, be it one-way encryption (also called standard one-way TLS) or even better, shared encryption (two-way TLS). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Just be cryptic. Call Security Experts.

Authentication

Authentication Firewall Encryption Passwords

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Another technique used by cybercriminals to bypass antivirus systems is a targeted attack, in which malicious email are delivered outside regular working hours. More than 80% of all malicious files were disguised as .zip

Ransomware

Ransomware Antivirus Malware Banking

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

The new variant of the malware is currently undetected by most of the antivirus firms, the incorporation of the BlueKeep scanner suggests that operators would explore financial opportunities on Windows platforms too. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. gooobb ” file. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Internet Internet Malware

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

According to the experts, LOLbins are very effecting in evading antivirus software. . The C2 data are encoded in base64 format as well as custom encrypted, attackers inserted them within posts on Facebook or the profile information about user accounts on YouTube. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Malware Network Security Encryption

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

At a first sight, the office document had an encrypted content available on OleObj.1 Those objects are real Encrypted Ole Objects where the Encrypted payload sits on “EncryptedPackage” section and information on how to decrypt it are available on “EncryptionInfo” xml descriptor. Stage1: Encrypted Content.

Malware

Malware Computers and Electronics Encryption Penetration Testing

Ursnif: Long Live the Steganography and AtomBombing!

Security Affairs

FEBRUARY 7, 2019

It is also known as GOZI, in fact, it is a fork of the original Gozi-ISFB banking Trojan that got its source code leaked in 2014 updating and evolving Gozi features over the years. The server responds to this request sending encrypted data, as show in the following figure. Part of network traffic containing some encrypted data.

Banking

Banking Malware Advertising Encryption

Emsisoft released a free decryption tool for Paradise ransomware

Security Affairs

OCTOBER 30, 2019

Researchers at Emsisoft firm has released a new free tool to decrypt files encrypted by the Paradise ransomware. Security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware. This ransomware family encrypts files using Salsa20 and RSA-1024 and it appends several extensions to theis filenames.

Ransomware

Ransomware Encryption Advertising Antivirus

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

The activity of the Zinc APT group, aka Lazarus, surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. In one case, attackers attempted to exploit, without success, the CVE-2017-16238 vulnerability in a vulnerable driver for the antivirus product called Vir.IT

Malware

Malware Antivirus Hacking Accountability

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

. “The first of FIN7’s new tools is BOOSTWRITE – an in-memory-only dropper that decrypts embedded payloads using an encryption key retrieved from a remote server at runtime. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – FIN7, hacking).

Identity Theft

Identity Theft Hacking Advertising DNS

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Security Affairs

APRIL 16, 2019

The malware spreads via Trojanized applications disguised as cracked software, or applications posing as legitimate software such as video players, drivers or even antivirus software. Browsing History Stealer Payload — This payload collects Chrome’s browsing history and sends it to the C&C in an encrypted form. Pierluigi Paganini.

Spyware

Spyware Adware Malware Accountability

Yoroi Welcomes “Yomi: The Malware Hunter”

Security Affairs

APRIL 10, 2019

Also several automated malware analysis are not equipped to deal with encrypted channels, leaving the effort of the communication inspection to the cyber security analysts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Engineering Encryption Advertising

The Ursnif Gangs keep Threatening Italy

Security Affairs

MARCH 26, 2019

The VBS code is obfuscated to evade antivirus detection and, in order to confuse the analyst, all the values are manipulated in different steps: using many mathematical operations, very long random variable names and other content encoded in Base64 format. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Antivirus Advertising Encryption

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Security Affairs

JANUARY 29, 2019

Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. AutoIt script’s main function.

Malware

Malware Advertising InfoSec Antivirus

TA505 is expanding its operations

Security Affairs

MAY 29, 2019

su”, using an SSL encrypted communication, and stores them in “C:UsersPublic” path: “ rtegre.exe ” and “ wprgxyeqd79.exe Analyzing it in depth, we discover it actually is the RMS (Remote Manipulator System) client by TektonIT , encrypted using the MPress PE compressor utility, a legitimate tool, to avoid antivirus detection.

Retail

Retail Banking Advertising Encryption

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

VPN also provides an encrypted tunnel for all your online activities and closes all doors for spies and cybercriminals. It is essential to install firewall and antivirus software on your routers and keep them up-to-date. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Secure Your Router.

Hacking

Hacking VPN Internet Internet

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

The ransomware encrypts files on compromised Windows host systems, including physical and virtual servers, the advisory noted, and the executable leaves a ransom note in all directories where encryption occurs, including ransom payment instructions for obtaining a decryption key. 7 SP1, 8, 8.1)

Ransomware

Ransomware Encryption Backups Accountability

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Security Affairs

MAY 23, 2019

Another interesting technique abused by cyber-criminals in the wild is the “ Certificate Spoofing “, allowing malware to easily bypass a relevant portion of anti-virus engines, even if they employ identification techniques theoretically able to detect encrypted and packed threats. Even Symantec AV didn’t detect the sample as malicious!

Antivirus

Antivirus Malware Advertising Cyber Attacks

Some Fortinet products used hardcoded keys and weak encryption for communications

Ragnar Ransomware encrypts files from virtual machines to evade detection

Trending Sources

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

Slack Launched Encryption Key Addon For Businesses

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

New variant of Dridex banking Trojan implements polymorphism

Report: Threat of Emotet and Ryuk

NCSC warns of a surge in ransomware attacks on education institutions

Nemty Ransomware, a new malware appears in the threat landscape

CERT France – Pysa ransomware is targeting local governments

UHS hospitals hit by Ryuk ransomware attack

Shade Ransomware gang shut down operations and releases 750K decryption keys

New JNEC.a Ransomware delivered through WinRAR exploit

Happy 13th Birthday, KrebsOnSecurity!

Hackers penetrated NEC defense business division in 2016

New NextCry Ransomware targets Nextcloud instances on Linux servers

Google expert disclosed details of an unpatched flaw in SymCrypt library

New KilllSomeOne APT group leverages DLL side-loading

A new NAS Ransomware targets QNAP Devices

Russia-linked APT28 targets govt bodies with fake NATO training docs

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

Belarussian authorities arrested GandCrab ransomware distributor

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Malware researchers decrypted the Qrypter Payload

Security Affairs newsletter Round 201 – News of the week

A bug in the decryptor for the Ryuk ransomware could cause data loss

API Security and Hackers: What?s the Need?

Ransomware Revival: Troldesh becomes a leader by the number of attacks

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Astaroth Trojan leverages Facebook and YouTube to avoid detection

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Ursnif: Long Live the Steganography and AtomBombing!

Emsisoft released a free decryption tool for Paradise ransomware

Microsoft: North Korea-linked Zinc APT targets security experts

FIN7 Hackers group is back with a new loader and a new RAT

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Yoroi Welcomes “Yomi: The Malware Hunter”

The Ursnif Gangs keep Threatening Italy

Sofacy’s Zepakab Downloader Spotted In-The-Wild

TA505 is expanding its operations

5 Ways to Protect Yourself from IP Address Hacking

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Stay Connected