Blog Archives – The Best Antivirus Software for 2022

Blog

Sort

Offensive Security Releases Kali Purple for Security Specialists

Offensive Security has released Kali Linux 2023.1, the first version of 2023 (also dedicated to the tenth anniversary of the project) with the new Kali Purple distribution, which is designed for the blue and purple teams, that is, focused on defensive security.

Let me remind you that we also wrote that Researchers Created a TickTock Device to Detect Wiretapping, and also that OpenAI Introduced a Tool for Detecting Text Generated by Artificial Intelligence.

Also the media wrote that Linus Torvalds Uses Linux on an Apple MacBook Air with an M2 Processor.

In this release of Kali Linux, developers have introduced many new features, including:

mentioned Kali Purple for [...]

Search for Random Leaks of API Keys, Passwords and Tokens Earned for All GitHub Users

GitHub announced that a service for scanning public repositories for random leaks of sensitive data (API keys, account passwords, authentication tokens, and so on) is now available to all users and now it can search for forgotten secrets throughout the publication history.

Information security specialists also said that GitHub will remove exploits for vulnerabilities under attack.

Let me remind you that we also wrote that Samsung Message Guard Will Protect Galaxy Devices from Zero-Click Attacks, and also that OpenAI Introduced a Tool for Detecting Text Generated by Artificial Intelligence.

Since attackers actively search public repositories on GitHub for various secrets [...]

Samsung Message Guard Will Protect Galaxy Devices from Zero-Click Attacks

Samsung has developed a new security system called Samsung Message Guard for Galaxy devices.

The novelty should help Galaxy smartphone users protect themselves from so-called zero-click attacks that use malicious image files.

Let me remind you that we also wrote that Thousands of Android Apps Leak Data Due to Misconfigured Firebase, and also that Google introduces mandatory 2-Step Verification for Google Accounts.

Zero-click exploits are usually understood as attacks that use some kind of vulnerability without any user interaction. As a rule, such attacks include sending a malicious message or file to the victim that will exploit a vulnerability on the device. [...]

Emsisoft Says Hackers Are Spoofing Its Certificates

Experts from the information security company Emsisoft have warned that attackers are spoofing and using certificates for code signing, posing as Emsisoft. Attackers target a company’s customers using its products in the hope of bypassing their protection.

Let me remind you that we also wrote that Antivirus solution provider Emsisoft reported data leak, and we did a review: Emsisoft Anti-Malware Review 2022 – Is It Any Good?

Emsisoft says in its security bulletin that one of its customers was recently targeted by hackers who used an executable signed with a fake Emsisoft certificate.

We recently observed an incident in which a fake code-signing certificate [...]

OpenAI Introduced a Tool for Detecting Text Generated by Artificial Intelligence

OpenAI has released a tool that should determine whether the text was generated using artificial intelligence (for example, ChatGPT) or written by a person.

However, according to the developers themselves, this tool is “not entirely reliable” and correctly identifies text written by AI in only 26% of cases.

Information security specialists, by the way, said that Russian Cybercriminals Seek Access to OpenAI ChatGPT.

Let me remind you that we also wrote that Researchers Created a TickTock Device to Detect Wiretapping, and also that Apple Introduces Lockdown Mode to Protect against Spying.

The problem of using AI in general and ChatGPT in particular is currently a [...]

Over 4,000 Servers Are Still Vulnerable to Critical Bug in Sophos Firewall

Experts have warned that more than 4,000 Sophos Firewall devices available via the Internet are still vulnerable to a critical bug, a patch for which was released back in the fall of 2022.

We are talking about the CVE-2022-3236 issue (9.8 points on the CVSS vulnerability rating scale), which was found in the User Portal and the Sophos Firewall web admin. In fact, this bug allows attackers to achieve arbitrary code execution (RCE).

Hotfixes for all versions of Sophos Firewall affected by this bug (v19.0 MR1, 19.0.1 and older) were released back in September last year, and full patches were submitted in December. At the same time, back in the fall, the manufacturer warned that [...]

Gen Digital Warns of Attacks on Password Manager Users

Developers from Gen Digital (formerly Symantec Corporation and NortonLifeLock) sent notifications to customers about data leaks and attacks on Password Manager.

The company warned that hackers are successfully cracking Norton Password Manager accounts using credential stuffing attacks.

We also wrote about Student Found Bug in Cloudflare Email Routing Closed Beta, and also that Critical Bug in VMware Products Is Used to Install Miners and Ransomware.

Note also that the researchers report that only 26% of users agreed to change their password when they learned that it was compromised.

Let me remind you that the term credential stuffing usually refers to situations [...]

Free Decryptor Arrived for MegaCortex Ransomware

Bitdefender has released a decryptor for files affected by MegaCortex ransomware attacks: the utility will allow victims of this group to recover their data for free.

The creation of this tool for decrypting infected files is the result of the joint work of Bitdefender experts, Europol analysts, the NoMoreRansom project, the Zurich prosecutor’s office and the Swiss cantonal police.

Let me remind you that we also said that Avast introduced free decryptors for AtomSilo, Babuk and LockFile ransomware, and also that During five years of operation, the No More Ransom project helped to save $900 million from ransomware.

Although experts have published a guide on how to [...]

The Researcher Managed to Turn Antiviruses and EDR into Wipers

A specialist from SafeBreach has figured out how to turn the popular EDR (endpoint detection and response) and Microsoft, SentinelOne, TrendMicro, Avast and AVG antiviruses into wipers. To do this, the expert used the data deletion functionality built into security products.

Or Yair of SafeBreach writes that attackers can exploit the security solutions already in the target system for their destructive attacks.

Let me remind you that we also said about Critical Bug in VMware Products, and also that PoC Exploit for Critical Vulnerability in Fortinet Products Appeared.

Or Yair

This will make attacks stealthier, and hackers won’t have [...]

Let’s Encrypt issued over 3 billion certificates, protecting 309 million websites for free

The non-profit organization Internet Security Research Group (ISRG), behind Let’s Encrypt, revealed the statistics and said that this year the public certificate authority issued three billion certificates.

As a reminder, Let’s Encrypt has been providing sites with the X.509 digital certificates required to enable HTTPS (SSL/TLS) and encrypted communication for free since September 2015, when the first certificate for the helloworld.letsencrypt.org domain was issued.

Since August 2018, Let’s Encrypt has been trusted by all major browsers and operating systems, as well as by all major root certificate authorities (including those from Microsoft, Google, Apple, [...]

1 2 3 4

	8.4
	8.5
	8.3
	7.8
	7.1
	7.8

8.4

8.5

8.3

7.8

7.1

7.8