2018, Antivirus and Information Security

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. ” reads the BSI announcement. Pierluigi Paganini.

Antivirus

Antivirus Software Manufacturing Information Security

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

.” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware

Malware Cryptocurrency Mobile Firmware

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom.

Architecture

Architecture Internet Internet Malware

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Firefox finally addressed the Antivirus software TLS Errors

Security Affairs

JULY 2, 2019

Firefox finally addressed the issues with antivirus apps crashing HTTPS websites starting with the release of Firefox 68. Mozilla announced that it will resolve the issues that caused antivirus apps crashing HTTPs websites with the release of Firefox 68 version. This is possible by installing root certificates on the device.

Antivirus

Antivirus Software Advertising Information Security

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

“While the Windows system is in safe mode antivirus software doesn’t work. The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus

Antivirus Cryptocurrency Malware Software

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. UDP ports 53, 8888 and TCP port 80 (HTTP POST /fgdsvc).

Encryption

Encryption Antivirus Advertising DNS

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. was used at the time of the attack), which enabled the attackers to exploit the CVE-2018-13379 vulnerability and gain access to the enterprise network.” ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn. Targeting enterprises Late 2018 – present day.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Kaspersky addressed multiple issues in online protection solutions

Security Affairs

NOVEMBER 26, 2019

Kaspersky has addressed several vulnerabilities in the web protection features implemented in its antivirus solutions, including Internet Security, Total Security, Free Anti-Virus , Security Cloud, and Small Office Security products. As in: under some circumstances, antivirus would still crash.

Antivirus

Antivirus Advertising Password Management Passwords

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Each of us have a responsibility to embrace best privacy and security practices. To be sure, it’s not as if the good guys aren’t also innovating.

Passwords

Passwords Password Management Internet Internet

Hackers penetrated NEC defense business division in 2016

Security Affairs

JANUARY 31, 2020

“In July 2018, we succeeded in decrypting encrypted communication with an infected server and an external server that was performing unauthorized communication, and stored it on our internal server for information sharing with other departments used by our defense business division 27,445 files were found to have been accessed illegally.

Advertising

Advertising Data breaches Antivirus Encryption

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The weaponized RTF documents generated with the exploit builder are able to trigger the CVE-2017-11882 , CVE-2018-0798 , CVE-2018-0802 vulnerabilities in Microsoft’s Equation Editor. This tool was widely adopted by several China-linked threat actors, including Tick , Tonto Team and TA428.

Phishing

Phishing Malware Encryption Antivirus

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018. The tools were published on a Telegram channel named Hack Boss that was created on November 26, 2018, and has over 2,500 subscribers.

Cryptocurrency

Cryptocurrency Hacking Malware Banking

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The second half of 2018 saw a drop in the number of malicious programs downloaded via browsers reaching its minimum at less than 5%, while in the first half of 2019 only every 19 th download was initiated via means other than email.

Ransomware

Ransomware Antivirus Malware Banking

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.

DNS

DNS Internet Internet Malware

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

The GandCrab ransomware-as-a-service first emerged from Russian crime underground in early 2018. The authors of the GandCrab RaaS also offers technical support and updates to its members, they also published a video tutorial that shows how the ransomware is able to avoid antivirus detection. Close of GandCrab Ransomware : 1-6-2019.

Ransomware

Ransomware Advertising Malware Hacking

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 CVE-2018-10088 XiongMai uc-httpd 1.0.0 BotenaGo was written in Golang (Go) and at the time of the report published by the experts, it had a low antivirus (AV) detection rate (6/62). Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

million Windows systems between 2018 and 2020. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte terabyte of stolen data. Threat actors used custom malware to steal data from 3.2

Malware

Malware Computers and Electronics Software Financial Services

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Related: ‘Cyber Pearl Harbor’ happens every day Some 15 months earlier, in March 2018, Atlanta was hit by a similar assault, and likewise refused to pay a $51,000 ransom, eating $17 million in damage. Baltimore refused to pay – choosing, instead, to absorb an estimated $18 million in recovery costs. mayors attending the U.S.

Ransomware

Ransomware Internet Internet Hacking

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint alert to warn of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. Install and regularly update antivirus and anti-malware software on all hosts.

Government

Government Passwords Accountability Firmware

Microsoft’s case study: Emotet took down an entire network in just 8 days

Security Affairs

APRIL 4, 2020

The virus avoided detection by antivirus solutions through regular updates from an attacker-controlled command-and-control (C2) infrastructure, and spread through the company’s systems, causing network outages and shutting down essential services for nearly a week.”

Antivirus

Antivirus Malware Phishing Advertising

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

Evilnum threat actor was first spotted in 2018 while using the homonym malware. Experts observed several variants of the script since May 2018, having different server-side code for the C&C and supporting different commands. Threat actors used a dedicated C2 server for each component that is installed via manual commands.

eCommerce

eCommerce Advertising Malware Spyware

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

” Security news site Bleeping Computer reported on the T-Systems Ryuk ransomware attack on Dec. When we looked at this in retrospect, during these three days the cybercriminals slowly compromised the entire network, disabling antivirus, running customized scripts, and deploying ransomware. Department of Homeland Security.

Passwords

Passwords Ransomware Password Management Malware

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

With the boom in digital commerce paired with the increased popularity of contactless payment and cloud-stored accountholder data, the Payment Card Industry (PCI) Security Standards Council decided to re-evaluate the existing standard. Test security of systems and networks regularly. The current version, PCI DSS v3.2.1,

Antivirus

Antivirus Retail Software Accountability

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

The malware is able to log the users’ keystrokes, collect information through hooking, access clipboard content, and monitor the keystate. The Astaroth Trojan was first spotted by security firm Cofense in late 2018 when it was involved in a campaign targeting Europe and Brazil.

Antivirus

Antivirus Malware Advertising Security Intelligence

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

A warning message from endpoint antivirus software when users try to visit malicious site redirected by Joomla and WordPress sites. htacccess file, including, in October 2018 a security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , in older versions of the jQuery File Upload plugin since 2010.

Advertising

Advertising Malware Software Antivirus

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

The name Fxmsp refers a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information. Since March 2019, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S.

Hacking

Hacking Antivirus Advertising Cybercrime

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

“The loader decrypts the malicious malware and executes it using memfd create (as described in this blog in 2018). “The authors use the open source tool Ezuri, to load its previously seen payloads and avoid antivirus detections on the file.” ” reads the post published by AT&T’s Alien Labs. .

Malware

Malware Encryption Passwords Antivirus

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. In the background, the malware disables Windows Defender, EDR, and antivirus tools before dropping the ransomware payload.

Cybercrime

Cybercrime Ransomware Antivirus Malware

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

“We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux machines in newer campaigns taking place since early June.” ” reads a blog post published by Intezer. ” continues the analysis.

Cryptocurrency

Cryptocurrency Internet Internet Malware

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Security Affairs

DECEMBER 29, 2019

The group that has been active since late 2015 targeted businesses worldwide to steal payment card information. In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft.

Cybercrime

Cybercrime Antivirus Identity Theft Advertising

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

The group that has been active since late 2015 targeted businesses worldwide to steal payment card information. In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. .

Identity Theft

Identity Theft Hacking Advertising DNS

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

The analysis of the attack revealed that approximately 80% of the observed victims were using Fortinet appliances, a circumstance that suggests the attackers may have compromised their network by exploiting the CVE-2018-13379 vulnerability.

Security Intelligence

Security Intelligence Hacking Antivirus Authentication

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

The name Fxmsp refers a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information. Since March 2019, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S.

Accountability

Accountability Cybercrime Hacking Retail

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. On January 17, 2018, the hacker shared exactly how many buyers he had at the time: 18. In late October 2018, Fxmsp and Lampeduza’s activity became threatened. Proxy seller.

Antivirus

Antivirus Advertising Hacking Banking

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

That file was delivered via malscam campaigns around the world and its source-code is obfuscated in order to evade antivirus detection and complicate its analysis. The latter leverages the WinRar/Ace vulnerability ( CVE-2018-20250 ) dropping the malware itself into the Windows startup folder.

Banking

Banking Malware Antivirus Cyber threats

Cloud-based security: SECaaS

eSecurity Planet

DECEMBER 30, 2020

To ease these burdens, SECaaS and SOCaaS vendors have emerged as cloud-based security as a service that can collect, analyze, and correlate your information from diverse systems and applications — turning former headaches into actionable information security intelligence. Security as a Service (SECaaS) .

Penetration Testing

Penetration Testing Cybersecurity Antivirus Network Security

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud.

Cybercrime

Cybercrime DNS Malware Advertising

Dutch police arrested the author of Dryad and Rubella Macro Builders

Security Affairs

JULY 19, 2019

The Rubella Macro Builder crimeware kit appeared in the threat landscape on April 2018 and rapidly gained popularity in the cybercriminal underground. The macro might also purposely attempt to bypass endpoint security defenses. .

Malware

Malware Social Engineering Advertising Antivirus

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Firefox finally addressed the Antivirus software TLS Errors. Magento fixed security flaws that allow complete site takeover. Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug. A cyberattack took offline websites of the Georgia agency. After 2 years under the radars, Ratsnif emerges in OceanLotus ops.

Scams

Scams Advertising Spyware DNS

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

However, at each step of the infection, this campaign uses trusted sources and the end user to help advance to the next stage, ultimately leading to an eventual exfiltration of sensitive information.” According to the experts, LOLbins are very effecting in evading antivirus software. .

Phishing

Phishing Malware Network Security Encryption

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

This technology is stored in the Workbook OLE stream in Excel 97-2003 format which makes it very difficult to detect and parse by antivirus (AV) engines. doc and.xlm) to evade antivirus detection and bypass spam filters as well. That malware is known as FlawedAmmyy RAT and was discovered by Proofpoint researchers in March 2018.

Malware

Malware Antivirus Technology Phishing

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

“According to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective measures employed by victims. Department of State’s Transnational Organized Crime (TOC) is offering a reward of up to $5 million as part of its Rewards Program for information that could allow arresting Yakubets.

Banking

Banking Malware Accountability Cybercrime

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

In March 2018, security researchers at Antivirus firm Dr. Web discovered that 42 models of low-cost Android smartphones are shipped with the Android.Triada.231 The only way to remove the threat is to wipe the smartphone and reinstall the OS. 231 banking malware. ” reads the analysis published by Trend Micro.

Mobile

Mobile Advertising Malware Cybercrime

The German BSI agency recommends replacing Kaspersky antivirus software

New Triada Trojan comes preinstalled on Android devices

Webinars

Trending Sources

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Webinars

Firefox finally addressed the Antivirus software TLS Errors

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Some Fortinet products used hardcoded keys and weak encryption for communications

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Kaspersky addressed multiple issues in online protection solutions

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Hackers penetrated NEC defense business division in 2016

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Crooks made more than $560K with a simple clipboard hijacker

Ransomware Revival: Troldesh becomes a leader by the number of attacks

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Belarussian authorities arrested GandCrab ransomware distributor

BotenaGo botnet targets millions of IoT devices using 33 exploits

Mysterious custom malware used to steal 1.2TB of data from million PCs

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Microsoft’s case study: Emotet took down an entire network in just 8 days

Evilnum Group targets European and British fintech companies

The Hidden Cost of Ransomware: Wholesale Password Theft

The Five-Step PCI DSS 4.0 Transition Checklist

A new Astaroth Trojan Campaign uncovered by Microsoft

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Ezuri memory loader used in Linux and Windows malware

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

New variant of Linux Botnet WatchBog adds BlueKeep scanner

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

FIN7 Hackers group is back with a new loader and a new RAT

Microsoft blocked Polonium attacks against Israeli organizations

Hundreds of C-level executives credentials available for $100 to $1500 per account

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Cloud-based security: SECaaS

Chinese-speaking cybercrime gang Rocke changes tactics

Dutch police arrested the author of Dryad and Rubella Macro Builders

Security Affairs newsletter Round 221 – News of the week

Astaroth Trojan leverages Facebook and YouTube to avoid detection

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

US authorities charged Dridex gang members for stealing over $100 Million

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Stay Connected