SentinelOne specialists found bugs in Avast and AVG antiviruses related to their common anti-rootkit protection driver (aswArPot.sys). Vulnerabilities appeared in the code with the release of Avast 12.1, back in 2012, and all this time remained unnoticed.

Let me remind you that we also reported that Chinese hackers use McAfee antivirus for spreading the malware, and that ESET fixed a serious vulnerability in its products for Windows.

Bugs in Avast and AVG antiviruses were discovered in December 2021, received the identifiers CVE-2022-26522 and CVE-2022-26523, and affect Avast and AVG antiviruses. Since Avast acquired AVG in 2016, the problems appeared to be related to the [...]

Cysource experts discovered an RCE vulnerability that allowed “remotely executing commands on the VirusTotal platform and accessing various scanning capabilities.”

The researchers say that the bug was discovered a year ago, in April 2021, but Google, which owns VirusTotal, only recently gave permission to publish information about the vulnerability.

After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remotely within VirusTotal platform and gain access to its various scans capabilities.Cysource experts told.

Marlon Fabiano da Silva

Let me remind [...]

Security firm Claroty Uri Katz has published details of a now patched vulnerability in Snort’s intrusion detection and prevention system that could cause a denial of service (DoS) and render the system useless to reflect malicious traffic.

Vulnerability CVE-2022-20685 was rated 7.5 out of 10 on the threat rating scale. The problem is present in the Modbus preprocessor of the Snort discovery engine and affects all releases of the system up to version 2.9.19, as well as version 3.1.11.0.

Successful exploitation of vulnerabilities in network analysis tools like Snort can have a devastating impact on corporate and OT networks. Network analysis tools are an under-researched area [...]

The time that attackers go undetected on a victim’s network was declining for the fourth year in a row, according to the Mandiant M-Trends 2022 report.

Cyberthreat detection time has been reduced to 21 days in 2021 compared to 24 days in 2020. Ransomware was detected on average within five days, while other attacks went undetected for 36 days in 2021, compared to 45 days in 2020.

However, the overall situation is getting better as more companies partner with third-party cybersecurity firms, and government agencies and cybersecurity companies often notify victims of attacks, resulting in faster detection.

One more positive trend: let me remind you that we wrote [...]

Sophos developers have warned that the RCE vulnerability associated with Sophos Firewall is already being actively used in attacks.

The latest vulnerability has the identifier CVE-2022-1040 and is rated as critical on the CVSS scale (9.8 points out of 10 possible).

The bug reportedly allows remote attackers to bypass authentication through the firewall’s user portal or web admin and then execute arbitrary code. The vulnerability was discovered by an anonymous researcher who reported it through the official bug bounty program and stated that the issue affects Sophos Firewall 18.5 MR3 (18.5.3) and earlier.

So far, little is known about attacks that exploit this [...]

The US Federal Communications Commission (FCC) has listed the products of Kaspersky Lab, as well as the Chinese China Telecom (Americas) Corp and China Mobile International USA as those that can endanger the US national security.

Companies on this list are prohibited from purchasing telecommunications equipment and services, parts and components from US companies without specific government approval, and are not eligible for FCC funding. Let me remind you that such giants as Huawei and ZTE have already been included in this list.

According to the US authorities, the products of the banned companies pose a threat to US national security. The ban was imposed under a law that [...]

The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) warned companies against using Kaspersky Lab antivirus products because of the potential threats they could pose to the EU, NATO and Germany.

The BSI statement says that companies are better off replacing Kaspersky products with any other security solutions from non-Russian manufacturers. The department motivates this by the fact that antivirus software usually has high privileges on Windows systems, and also maintains a permanent, encrypted connection with its servers. In addition, antiviruses can upload suspicious files to remote servers for further analysis, which means [...]

NCC Group experts reported on the SharkBot malware, which was found in the Google Play Store and which disguises itself as an antivirus, actually stealing money from users who installed the application.

SharkBot, like its counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. Malware first appeared on the scene in November 2021.

A distinctive feature of SharkBot is its ability to perform unauthorized transactions through automatic transfer systems (ATS), that distinguishes it from, for example, TeaBot, which requires a live operator to [...]

Google has launched a new security feature, Virtual Machine Threat Detection (VMTD), designed for Google Cloud customers. This feature is used to detect and block cryptocurrency miners that can mine virtual money without users knowing.

According to last year’s statistics, miners account for more than 86% of all cloud node compromises.

VMTD works without the use of software agents and constantly scans the memory of virtual machines deployed in Google Cloud for signs of increased CPU or GPU load, that is, the characteristic signs of miners.

As part of the product roadmap, the Security Command Center Team sought to build better protection for its Virtual Machine users. [...]

Target (one of the largest e-commerce retailers in the US, which also owns a supermarket chain) has open-sourced an internal Merry Maker tool that the company has been using since 2018. The scanner allows determining whether the site has been compromised and whether it contains malicious code that steals customer payment card data.

Let me remind you that web skimmers are also called MageCart attacks. Initially, the name MageCart was given to one hack group, which was the first to inject malicious code into websites in order to steal bank card data. As part of such attacks, hackers break into websites and then inject malicious code on their pages that records and steals payment card [...]