Blog Archives – The Best Antivirus Software for 2022

Blog

Sort

LockBit Ransomware Uses Windows Defender to Download Cobalt Strike

LockBit 3.0 ransomware operators abuse the Windows Defender command line tool to download Cobalt Strike beacons on compromised machines and avoid detection.

It is worth recalling that Cobalt Strike is a legitimate commercial tool designed for pentesters and the red team and focused on exploitation and post-exploitation.

Unfortunately, it has long been loved by hackers ranging from government APT groups to ransomware operators. Although Cobalt Strike is quite expensive and inaccessible to ordinary users, attackers still find ways to use it (for example, rely on old, pirated and hacked versions).

Let me remind you that we also reported that Zloader Trojan Disables [...]

The No More Ransom Project Helped to Recover the Data of 1.5 Million Users

The No More Ransom project, thanks to which ransomware victims can recover their data, has summed up the results of six years of work.

Currently available in 37 languages, the project has helped more than 1.5 million people around the world recover their data.

Also note the following: Cybersecurity Specialists Created the Hopper Worm to Protect against Other Worms.

Let me remind you that No More Ransom was launched in 2016 as an initiative to combat ransomware and ransomware. Then only Europol, the Dutch police, McAfee and Kaspersky Lab took part in it.

Now the number of program partners has grown to 188, including companies from the private and public sectors, [...]

Much of the Cybersecurity Budget Is Wasted

According to a recent study, 73.48% of organizations believe that the majority of their cybersecurity budget is wasted due to a failure to mitigate threats despite the abundance of security tools at their disposal.

Let me remind you that we also wrote about such a trend as: Companies significantly improved cyberthreat detection time.

A survey conducted by Gurucul among 180 participants at the RSA 2022 conference was about their opinion on the effectiveness of security operations in their organizations.

Only 25% of organizations believe that their main threat comes from within the business.

And this despite the growth of internal threats by 47% over the past two [...]

MITER Security Advisory Exposed Data on Vulnerable Systems

The security advisories that MITER specialists publish for various CVEs contained links to remote administration consoles for a number of affected devices. Users accidentally noticed an error that has existed since April.

Journalists from Bleeping Computer report that a reader reported the problem to them, who was very surprised to find several references to vulnerable systems listed in the “references” section in the CVE bulletin.

Typically, this section provides links to primary sources (report, blog post, PoC demo) that explain the vulnerability. Sometimes security bulletins do include links confirming the existence of a vulnerability, but usually they lead to [...]

Apple Introduces Lockdown Mode to Protect against Spying

Apple has announced that iOS 16, iPadOS 16, and macOS Ventura will possess a new security feature called Lockdown Mode. This “extreme, extra protection” is intended for users who are most at risk of targeted spyware attacks: human rights activists, journalists, dissidents, and so on.

Let me remind you that we also talked about The New AI system thatDot Novelty Detector Speeds Up Detecting of Malicious Activity.

The developers promise that the Lockdown mode will protect users’ connections while they are messaging and browsing the web by blocking spyware (like NSO Group’s Pegasus spyware) that government hackers routinely use against Apple device [...]

Cybersecurity Specialists Created the Hopper Worm to Protect against Other Worms

The Cymulate development team announced that they created the Hopper worm to protect users from attacks by other worms.

Worms are the most destructive force in the field of information security, bringing multi-million-dollar damage to companies. Despite this, there are viruses that are beneficial. Hopper is such a virus.

Let me remind you that we also reported that The New AI system thatDot Novelty Detector Speeds Up Detecting of Malicious Activity.

Detection tools are not good at detecting non-exploit-based distribution, which is what worms do best. Most information security solutions are less resistant to worm attack methods, such as the use of an impersonation token [...]

Developers Can’t Fix a Serious Vulnerability in OpenSSL

OpenSSL 3.0.4, released on June 21 this year, contains a serious memory corruption vulnerability.

The issue poses a threat to 64-bit systems with Intel AVX-512 (Advanced Vector Extensions 512) support, but not all experts agree that this issue should be treated as a vulnerability at all.

Let me remind you that we also wrote that Experts Found Long-Standing Bugs in Avast and AVG Antiviruses.

It all started with the fact that in the new version of OpenSSL, released last week, a command injection vulnerability (CVE-2022-2068) was addressed, though it could not be completely fixed using the previous patch (CVE-2022-1292).

Alas, it turned out that this time the [...]

Adobe Acrobat Prevents Antiviruses from Examining PDF Files

Information security experts have noticed that Adobe Acrobat is trying to prevent antiviruses from studying PDF files opened by users, thereby creating a security risk.

It is reported that Adobe Acrobat checks whether components of about 30 security products are interested in its processes, and then blocks them, effectively making it impossible to track malicious activity.

You may also be interested to know that SharkBot malware disguises itself as an antivirus on the Google Play Store.

Minerva Labs analysts explain that security solutions usually require “visibility” of all processes in the system to work.

As a rule, this is achieved by injecting the [...]

Vulnerability in Sophos Firewall Was Attacked Long Before Release of the Patch

Volexity experts talked about how hackers exploited a 0-day vulnerability in Sophos Firewall, which was fixed by the manufacturer in March 2022. Researchers say that Chinese hackers from the DriftingCloud group exploited the bug.

Let me remind you that in March 2022, a patch was released for the CVE-2022-1040 vulnerability, which was rated as critical on the CVSS scale (9.8 points out of 10 possible). At the time, it was reported that the bug allows remote attackers to bypass authentication through the firewall’s user portal or through the web admin panel and then execute an arbitrary code.

The vulnerability was originally discovered by an anonymous researcher who [...]

Grouping LockBit Announced the Hacking of the Information Security Company Mandiant

On the website of the hack group LockBit, a message appeared in which hackers announced that Mandiant had been hacked and threatened to publish 356,841 files allegedly stolen from the information security company. It seems that the attackers did not like that in a recent study, Mandiant specialists linked their activities to the operations of Evil Corp.

Let me remind you that we also wrote that Attackers hacked cybersecurity company Qualys through Accellion FTA.

Bleeping Computer writes that LockBit did not report exactly which files were stolen from Mandiant systems, and the list of files on the leak page was empty. However, it showed a file named mandiantyellowpress.com.7z [...]

1 2 3 4

	8.4
	8.5
	8.3
	7.8
	7.1
	7.8

8.4

8.5

8.3

7.8

7.1

7.8