A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group […]
Trend Micro’s recent threat hunting efforts have uncovered active exploitation of CVE-2023-36025, a vulnerability in Microsoft Windows Defender SmartScreen, by a new strain of malware known as Phemedrone Stealer. This malware targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord, stealing data and sending it to attackers via Telegram or command-and-control […]
In a rapidly evolving digital landscape, it’s crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they’re reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats. To learn more, download the full report here. The New Paradigm […]
Mockingjay is the name of an innovative process injection approach that has the potential to enable threat actors to avoid being detected by EDR (Endpoint Detection and Response). Process injection is a well-known method that malicious software and attackers use to introduce and execute code into the memory area of a process. This may be […]
Threat actors have been relying on exploitable drivers an increasing amount in order to circumvent security measures. Drivers are low-level system components that provide access to important security structures stored in the memory of the kernel. Before allowing kernel-mode drivers to function, Windows utilizes a security technique by the name of Driver Signature Enforcement. This […]
Packers are becoming an increasingly important tool for cybercriminals to use in the commission of illegal acts. On hacker forums, the packer is sometimes referred to as “Crypter” and “FUD.” Its primary function is to make it more difficult for antivirus systems to identify malicious code. Malicious actors are able to disseminate their malware more […]
The security researchers at ESET found a new high-risk vulnerability in the UEFI firmware of Acer computers. Because to a security flaw that affects numerous types of Acer laptops, an adversary may be able to deactivate the Secure Boot function, allowing them to circumvent security measures and install malicious software. When the Secure Boot feature […]
The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. “This new dropper doesn’t rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware,” NCC Group’s Fox-IT said in a report. “Instead, this new version […]
Hackers are constantly looking for new ways to attack and infect PC users. And, for this, there is nothing better than taking advantage of the programs or services that are installed as standard in the operating system, such as Windows Defender, the most widely used antivirus today. In this way, a group of hackers has […]
Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. “This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys),” […]
A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name “Moshen Dragon,” with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka […]
Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines. The flaw, now patched, made it possible to “execute commands remotely within [through] VirusTotal platform and gain access to its various […]
While malware distributors may have a harder time getting their malicious apps through Google’s automatic scanning and flagging system, but, SharkBot shows that they can easily bypass the company’s security barriers and even human or manual verifications. Although the app was unpopular, its presence in Google Play Store shows that nobody but the distribution platform […]
ESET has recently published patches to fix a local privilege escalation vulnerability detected in all the clients of its Windows products that enables the threat actors to escalate privileges and execute arbitrary code. The cybersecurity analysts at Zero Day Initiative (ZDI) on November 18, 2021, have identified and tracked vulnerability as “CVE-2021-37852,” which is marked […]
In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group’s Pegasus surveillanceware. “Adversaries have set up a phony website […]
In its most recent report, the Cybersecurity and Infrastructure Security Agency (CISA) alerted users of Pulse Secure devices to the discovery of at least 13 malware samples found on affected devices. These devices have been the target of frequent security incidents at private companies and government organizations in the U.S. since at least 2020. These […]
A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. “Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection […]
Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed […]
EMSISOFT, Antivirus Firm revealed a data breach on one of their test systems. The company used the system to evaluate and benchmark possible solutions relating to the storage and management of the log data generated by their products and services. Quickly after becoming aware of the breach, the company took the affected system offline and […]
In most cyberattack variants threat actors use legitimate-looking documents loaded with malware, which is why researchers often say it all starts with a Word file, Power Point presentation, Excel spreadsheet, or even a book downloaded from a free PDF file website. This time, digital forensics experts from the International Institute of Cyber Security (IICS) will […]
Researchers observed a new ransomware family called “Robinhood” that using a digitally signed vulnerable driver to bypass the protection by killing files belonging to endpoint security products, bypassing tamper protection and antivirus software to encrypt the system files. Attackers using the Living off the Land technique for this ransomware attack to destructive file encryption portion […]