Antivirus, DNS and Information Security

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

“While the Windows system is in safe mode antivirus software doesn’t work. The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus

Antivirus Cryptocurrency Malware Software

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. UDP ports 53, 8888 and TCP port 80 (HTTP POST /fgdsvc).

Encryption

Encryption Antivirus Advertising DNS

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

Change your DNS to 1.1.1.2, Next, you can consider changing your DNS settings on all your devices to use those by Cloudflare. Many security professionals stopped using antivirus many years ago, and more and more are doing so as native offerings from operating systems improve. or 1.1.1.3 blocks just malware, and 1.1.1.3

Passwords

Passwords DNS Accountability IoT

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address.

DNS

DNS Internet Internet Malware

Ransomware groups target Veeam Backup & Replication bug

Security Affairs

JULY 15, 2024

Indicators such as DNS queries to a Remmina-related domain suggest the attacker is likely a Linux-based user. “While NetScan ran on the primary Veeam backup server, antivirus (AV) protection was disabled on the virtual machine host, both through antivirus user interfaces (UI) and through the command line.”

Backups

Backups Ransomware Antivirus DNS

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

At the time of publication, this particular file is undetected by all antivirus vendors according to VirusTotal” The Base64 encoded payload, once decrypted, is a Windows 64-bit executable (1.7MB) called “msdllupdate.exe.”. “This technique works by sending an encrypted string appended to the DNS query set as a subdomain.

Malware

Malware DNS Antivirus Encryption

Cyber mercenaries group DeathStalker uses a new backdoor

Security Affairs

DECEMBER 5, 2020

. “In strict accordance with DeathStalker’s traditions, the implant will try to evade detection or sandboxes execution with various tricks such as detecting mouse movements, filtering the client’s MAC addresses, and adapting its execution flow depending on detected antivirus products.”

DNS

DNS Phishing Encryption Antivirus

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The malicious code is used by the hackers to deliver a Moner (XMR) crypto miner that is not detected by almost any antivirus solution. ” reads the analysis published by the security firm Anomaly. These records are accessed via normal DNS queries or DNS-over-HTTPs ( DoH ) if the DNS query fails.

Cybercrime

Cybercrime DNS Malware Advertising

Matryosh DDoS botnet targets Android-Based devices via ADB

Security Affairs

FEBRUARY 4, 2021

The Matryosh initially decrypts the remote hostname and uses the DNS TXT request to obtain TOR C2 and TOR proxy, then it connects with the TOR proxy. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” concludes the post. ” concludes the post.

DDOS

DDOS DNS Antivirus Malware

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The experts used passive DNS records to uncover Glupteba domains and hosts and analyzed the latest set of TLS certificates used by the bot to figure out the infrastructure used by the attackers. We also recommend monitoring DNS logs and keeping the antivirus software up to date to help prevent a potential Glupteba infection.”

DNS

DNS Antivirus Cryptocurrency Software

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

“Network telemetry can be used to detect anomalous DNS requests, and security tools such as antivirus and endpoint detection and response (EDR) should be statically linked to ensure they are not “infected” by userland rootkits.” ” concludes the report.

Malware

Malware DNS Antivirus Passwords

Security Affairs newsletter Round 302

Security Affairs

FEBRUARY 21, 2021

PayPal addresses reflected XSS bug in user wallet currency converter The kingpin behind Jokers Stash retires with a billionaire exit France agency ANSSI links Russias Sandworm APT to attacks on hosting providers French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine The malicious code in SolarWinds attack was the work (..)

Data breaches

Data breaches DNS Firmware Antivirus

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Security Affairs

DECEMBER 14, 2024

The malware remained undetected by VirusTotal antivirus engines as of December 2024. It employs DNS over HTTPS (DoH) to evade network monitoring tools and encrypts configurations with AES-256-CBC. The Iranian group claims to have compromised 200 gas stations in Israel and the U.S. d/S93InitSystemd.sh.

IoT

IoT Malware DNS Antivirus

Security Affairs newsletter Round 358 by Pierluigi Paganini

Security Affairs

MARCH 20, 2022

EU and US agencies warn that Russia could attack satellite communications networks Avoslocker ransomware gang targets US critical infrastructure Crooks claims to have stolen 4TB of data from TransUnion South Africa Exotic Lily initial access broker works with Conti gang Emsisoft releases free decryptor for the victims of the Diavol ransomware China-linked (..)

DNS

DNS Antivirus DDOS Hacking

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Raspberry Robin spreads via removable USB devices Malware campaign hides a shellcode into Windows event logs US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT How the thriving fraud industry within Facebook attacks independent media QNAP fixes multiple flaws, including a QVR RCE vulnerability Anonymous and Ukraine (..)

IoT

IoT DNS Antivirus Malware

Multiple Nation-State actors are exploiting Log4Shell flaw

Security Affairs

DECEMBER 16, 2021

In these attacks, HAFNIUM-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems.” In addition, HAFNIUM, a threat actor group operating out of China, has been observed utilizing the vulnerability to attack virtualization infrastructure to extend their typical targeting.

Ransomware

Ransomware DNS Antivirus Hacking

Using Proactive Intelligence Against Adversary Infrastructure

Security Boulevard

FEBRUARY 7, 2024

Germany-based independent security evaluators AV-TEST found that HYAS Protect Protective DNS is the most effective operational resiliency solution on the market today to drive business continuity and continued operations. While businesses’ entire security stacks do matter, it’s impossible to stop all nefarious activity beforehand.

DNS

DNS Architecture Marketing Cyber threats

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

FIN7 has been observed making small changes to this malware family using multiple methods to avoid traditional antivirus detection, including a BOOSTWRITE sample where the dropper was signed by a valid Certificate Authority. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic.

Identity Theft

Identity Theft Hacking Advertising DNS

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Server: Provides powerful computing and storage in local, cloud, and data center networks to run services (Active Directory, DNS, email, databases, apps). Domain name system (DNS) security: Protects the DNS service from attempts to corrupt DNS information used to access websites or to intercept DNS requests.

Architecture

Architecture Network Security Firewall Risk

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Firefox finally addressed the Antivirus software TLS Errors. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). A cyberattack took offline websites of the Georgia agency. After 2 years under the radars, Ratsnif emerges in OceanLotus ops. Cyber Defense Magazine – July 2019 has arrived. Bangladesh Cyber Heist 2.0:

Scams

Scams Advertising Spyware DNS

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Researchers from threat intelligence firm RiskIQ, using passive DNS data related to Knotweed attacks, linked the C2 infrastructure used by the malware since February 2020 to DSIRF. Confirm that Microsoft Defender Antivirus is updated to security intelligence update 1.371.503.0 or later to detect the related indicators.

Surveillance

Surveillance Malware Authentication Accountability

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

It involves DNS cache poisoning as it redirects users to a malicious site even if they enter the correct web address. Always look for HTTP secured web pages while entering your account details to save yourself from being the victim of pharming. Pharming is another fraudulent practice for getting illegal access to other person’s data.

Phishing

Phishing Accountability Authentication Passwords

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

Moreover, querying the services behind the latest associated DNS record the host responds with “403 Forbidden” message too, indicating the infrastructure may still be operative. Information about C2 and relative DNS. Indeed, the attacker has changed many time the domain names in the latest period.

Passwords

Passwords DNS Engineering Malware

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). In the grander scheme of things, this investigation reveals the pitfalls that the information security industry faces when working on cyberattacks.

Malware

Malware DNS Government Software

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Cyber Security Informer

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Linksys force password reset to prevent Router hijacking

Trending Sources

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Some Fortinet products used hardcoded keys and weak encryption for communications

A 3-Tiered Approach to Securing Your Home Network

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Ransomware groups target Veeam Backup & Replication bug

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Cyber mercenaries group DeathStalker uses a new backdoor

Chinese-speaking cybercrime gang Rocke changes tactics

Matryosh DDoS botnet targets Android-Based devices via ADB

Glupteba botnet is back after Google disrupted it in December 2021

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs newsletter Round 302

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Security Affairs newsletter Round 358 by Pierluigi Paganini

Security Affairs newsletter Round 364 by Pierluigi Paganini

Multiple Nation-State actors are exploiting Log4Shell flaw

Using Proactive Intelligence Against Adversary Infrastructure

FIN7 Hackers group is back with a new loader and a new RAT

Network Security Architecture: Best Practices & Tools

Security Affairs newsletter Round 221 – News of the week

European firm DSIRF behind the attacks with Subzero surveillance malware

5 Common Phishing Attacks and How to Avoid Them?

A month later Gamaredon is still active in Eastern Europe

Tomiris called, they want their Turla malware back

Top Cybersecurity Accounts to Follow on Twitter

Stay Connected