Antivirus, Encryption and Hacking - Cyber Security Informer

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. The post News alert: SquareX discloses nasty browser-native ransomware thats undetectable by antivirus first appeared on The Last Watchdog. Palo Alto, Calif.,

Antivirus

Antivirus Ransomware Social Engineering Engineering

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

26, Shadowserver saw an attempt to install a new type of backdoor in compromised Exchange Servers, and with each hacked host it installed the backdoor in the same place: “ /owa/auth/babydraco.aspx. Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious.

Hacking

Hacking Cybercrime DNS Internet

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Security Affairs

APRIL 2, 2025

Delivered via phishing and hosted on compromised SharePoint sites, it remains undetected by most antivirus solutions, posing a serious security risk. The backdoor, targeting Windows, uses AES-CBC encryption with base64 encoding and loads the payload via the exec function. ” concludes the report.

Antivirus

Antivirus Cybercrime Malware Encryption

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. This cloud communication is used for the FortiGuard Web Filter feature, FortiGuard AntiSpam feature and FortiGuard AntiVirus feature.” Pierluigi Paganini.

Encryption

Encryption Antivirus Advertising DNS

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Banshee Stealer)

Malware

Malware Advertising Antivirus Cybercrime

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

How is information stored in cloud secure from hacks

CyberSecurity Insiders

MAY 14, 2023

So, how is information stored in the cloud secured from hacks? One way to secure information in the cloud is through encryption. Encryption is the process of converting information into a code that only authorized parties can access. Antivirus software scans files for known viruses and malware.

Hacking

Hacking Antivirus Firewall Encryption

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Security Affairs

DECEMBER 1, 2024

Through Zyxel! Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter )

Malware

Malware Social Engineering Antivirus Engineering

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

The PowerShell code avoids antivirus detection by using Get-Command to execute the payload. This DLL acts as a loader, decrypting and executing the final Remcos payload from encrypted files within the ZIP. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine)

Phishing

Phishing Antivirus Encryption Hacking

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. SecurityAffairs – Ragnar Locker ransomware, hacking).

Encryption

Encryption Ransomware Energy and Utilities Advertising

4 Best Antivirus Software of 2021

eSecurity Planet

OCTOBER 27, 2021

What’s the best antivirus software? With the rise in malware and ransomware and a growing reliance on the internet, antivirus solutions are critical for protecting your data and applications. Top 4 antivirus software. Encryption. Bitdefender. Other AV contenders. Bitdefender Total Security. Ransomware protection.

Antivirus

Antivirus Software Malware Marketing

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic. A surprising 91.5

Encryption

Encryption Malware Ransomware Firewall

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

By engaging third-party experts to simulate real-world hacks, companies can proactively uncover potential weaknesses and address them promptly. Employ real-time antivirus scanning. Real-time antivirus scanning enhances the security of investor data by providing immediate protection against known and emerging threats.

Penetration Testing

Penetration Testing Antivirus Threat Detection Encryption

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus

Antivirus Malware Banking Internet

On the Irish Health Services Executive Hack

Security Boulevard

FEBRUARY 11, 2022

Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. The antivirus server was later encrypted in the attack). The post On the Irish Health Services Executive Hack appeared first on Security Boulevard.

Hacking

Hacking Antivirus CISO Ransomware

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

” But critics say WebMonitor is far more likely to be deployed on “pwned” devices, or those that are surreptitiously hacked. court to computer hacking and to creating, marketing and selling Blackshades , a RAT that was used to compromise and spy on hundreds of thousands of computers.

Advertising

Advertising Antivirus Software Malware

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

The discovered infected archives contained an additional executable, with a modified start script tricking victims into disabling antivirus protections. Its configuration is Base64-encoded and encrypted with AES-CBC. By December 2024, reports emerged of further miner-infected versions spreading via Telegram and YouTube.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Medusa Ransomware targeted over 40 organizations in 2025

Security Affairs

MARCH 7, 2025

“Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims’ data before encrypting networks in order to increase the pressure on victims to pay a ransom,” reads the report published by Symantec.

Ransomware

Ransomware Antivirus Healthcare Encryption

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware

Malware Spyware Antivirus VPN

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

It foreshadowed how encryption would come to be used as a foundation for Internet commerce – by companies and criminals. Today companies face a challenge of identifying and deflecting encrypted traffic leveraged by malicious actors. This was considered a significant win for the U.S. The Creeper Virus (1971).

Hacking

Hacking Cybersecurity Identity Theft Technology

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. ViperSoftX also checks for active antivirus products running on the machine. c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. Threat actors have published ID cards as proof of hack.

Retail

Retail Ransomware Encryption Hacking

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Related: Poll confirms rise of Covid 19-related hacks. A VPN encrypts all internet traffic so that it is unreadable to anyone who intercepts it. Use antivirus software. Your devices need excellent antivirus software to act as the next defense line by blocking and detecting known malware. Secure home router.

VPN

VPN Passwords Firewall Risk

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption. ” reads the report published by Sophos.

Software

Software Ransomware Antivirus Encryption

CoffeeLoader uses a GPU-based packer to evade detection

Security Affairs

MARCH 31, 2025

“The main module implements numerous techniques to evade detection by antivirus (AV) and Endpoint Detection and Response (EDRs) including call stack spoofing, sleep obfuscation, and leveraging Windows fibers.” For sleep obfuscation, CoffeeLoader encrypts its memory while inactive, decrypting only during execution.

Malware

Malware Encryption Antivirus Marketing

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The gang also published several pictures of passports and company documents as proof of the hack. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. Cactus Ransomware has just posted Schneider Electric.

Ransomware

Ransomware Digital transformation Retail Antivirus

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. It emerges that email marketing giant Mailchimp got hacked.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Ransomware groups target Veeam Backup & Replication bug

Security Affairs

JULY 15, 2024

An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts. Once data exfiltration was completed, the attackers deployed ransomware to encrypt the infected systems. The vulnerability CVE-2023-275327 (CVSS score of 7.5)

Backups

Backups Ransomware Antivirus DNS

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware

Ransomware Encryption Antivirus VPN

Can Cybersecurity Track You?

Hacker's King

OCTOBER 20, 2024

While cybersecurity primarily aims to protect users from threats like malware, hacking, and data breaches, some tools can monitor or track user activities in certain situations. Tools like firewalls, antivirus software, and encryption help safeguard information.

Cybersecurity

Cybersecurity Cyber threats Antivirus Firewall

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Rust variant has also been seen using intermittent encryption, one of the emerging tactics that threat actors use today for faster encryption and detection evasion.” The ransomware uses intermittent encryption to speed up the encryption process by partially encrypting the files depending on the values of certain flags.

Ransomware

Ransomware Encryption Healthcare Education

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Security Affairs

MAY 11, 2021

The ACSC also provided the following recommendations: Patch operating systems and applications, and keep antivirus signatures up to date. Maintain offline, encrypted backups of data and regularly test your backups. SecurityAffairs – hacking, Avaddon). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Backups Antivirus DDOS

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files. a-z0-9]{4} extension.

Ransomware

Ransomware Encryption Malware Accountability

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

Even if the activity of Dridex decreased in the last couple of years, crooks continued to updates it adding new features such the support of XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-and-control encryption. SecurityAffairs – Dridex, hacking). ” reads the analysis published by eSentire.

Banking

Banking Antivirus Advertising Encryption

Steps to Take If Your WordPress Site Is Hacked

SecureWorld News

MARCH 12, 2024

When a website gets hacked, the aftermath can be expensive and long-lasting, and the recovery process is often extremely difficult. But what happens if a hack has already occurred? Next, let's discuss the steps to take to recover from a hack. So, instead of panicking, relax and focus on fixing your hacked WordPress site.

Hacking

Hacking Passwords Backups Engineering

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

“On September 30, 2023, OVT became aware of a security incident that resulted in the encryption of certain OVT systems by an unauthorized third party. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Data breaches

Data breaches Ransomware Manufacturing Encryption

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security experts noticed that the Go-based ransomware was able to encrypt files at high speeds. Upon its execution, BianLian searches all available disk drives (from A: to Z:) and all files to encrypt.

Ransomware

Ransomware Malware Encryption Antivirus

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Antivirus Encryption Backups

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

No, I Did Not Hack Your MS Exchange Server

Webinars

Trending Sources

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Webinars

Some Fortinet products used hardcoded keys and weak encryption for communications

Banshee macOS stealer supports new evasion mechanisms

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

LockFile Ransomware uses a new intermittent encryption technique

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

How is information stored in cloud secure from hacks

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Cactus ransomware gang claims the Schneider Electric hack

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Ragnar Ransomware encrypts files from virtual machines to evade detection

4 Best Antivirus Software of 2021

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

On the Irish Health Services Executive Hack

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Who’s Behind the RevCode WebMonitor RAT?

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Medusa Ransomware targeted over 40 organizations in 2025

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

CoffeeLoader uses a GPU-based packer to evade detection

5 Ways to Protect Yourself from IP Address Hacking

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Happy 13th Birthday, KrebsOnSecurity!

Ransomware groups target Veeam Backup & Replication bug

Akira ransomware received $42M in ransom payments from over 250 victims

Can Cybersecurity Track You?

Experts spotted a variant of the Agenda Ransomware written in Rust

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

New variant of Dridex banking Trojan implements polymorphism

Steps to Take If Your WordPress Site Is Hacked

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Bitdefender released a free decryptor for the MegaCortex ransomware

Stay Connected