Apple has announced that iOS 16, iPadOS 16, and macOS Ventura will possess a new security feature called Lockdown Mode. This “extreme, extra protection” is intended for users who are most at risk of targeted spyware attacks: human rights activists, journalists, dissidents, and so on.

Let me remind you that we also talked about The New AI system thatDot Novelty Detector Speeds Up Detecting of Malicious Activity.

The developers promise that the Lockdown mode will protect users’ connections while they are messaging and browsing the web by blocking spyware (like NSO Group’s Pegasus spyware) that government hackers routinely use against Apple device [...]

The Cymulate development team announced that they created the Hopper worm to protect users from attacks by other worms.

Worms are the most destructive force in the field of information security, bringing multi-million-dollar damage to companies. Despite this, there are viruses that are beneficial. Hopper is such a virus.

Let me remind you that we also reported that The New AI system thatDot Novelty Detector Speeds Up Detecting of Malicious Activity.

Detection tools are not good at detecting non-exploit-based distribution, which is what worms do best. Most information security solutions are less resistant to worm attack methods, such as the use of an impersonation token [...]

OpenSSL 3.0.4, released on June 21 this year, contains a serious memory corruption vulnerability.

The issue poses a threat to 64-bit systems with Intel AVX-512 (Advanced Vector Extensions 512) support, but not all experts agree that this issue should be treated as a vulnerability at all.

Let me remind you that we also wrote that Experts Found Long-Standing Bugs in Avast and AVG Antiviruses.

It all started with the fact that in the new version of OpenSSL, released last week, a command injection vulnerability (CVE-2022-2068) was addressed, though it could not be completely fixed using the previous patch (CVE-2022-1292).

Alas, it turned out that this time the [...]

Information security experts have noticed that Adobe Acrobat is trying to prevent antiviruses from studying PDF files opened by users, thereby creating a security risk.

It is reported that Adobe Acrobat checks whether components of about 30 security products are interested in its processes, and then blocks them, effectively making it impossible to track malicious activity.

You may also be interested to know that SharkBot malware disguises itself as an antivirus on the Google Play Store.

Minerva Labs analysts explain that security solutions usually require “visibility” of all processes in the system to work.

As a rule, this is achieved by injecting the [...]

Volexity experts talked about how hackers exploited a 0-day vulnerability in Sophos Firewall, which was fixed by the manufacturer in March 2022. Researchers say that Chinese hackers from the DriftingCloud group exploited the bug.

Let me remind you that in March 2022, a patch was released for the CVE-2022-1040 vulnerability, which was rated as critical on the CVSS scale (9.8 points out of 10 possible). At the time, it was reported that the bug allows remote attackers to bypass authentication through the firewall’s user portal or through the web admin panel and then execute an arbitrary code.

The vulnerability was originally discovered by an anonymous researcher who [...]

On the website of the hack group LockBit, a message appeared in which hackers announced that Mandiant had been hacked and threatened to publish 356,841 files allegedly stolen from the information security company. It seems that the attackers did not like that in a recent study, Mandiant specialists linked their activities to the operations of Evil Corp.

Let me remind you that we also wrote that Attackers hacked cybersecurity company Qualys through Accellion FTA.

Bleeping Computer writes that LockBit did not report exactly which files were stolen from Mandiant systems, and the list of files on the leak page was empty. However, it showed a file named mandiantyellowpress.com.7z [...]

The new patented technology thatDot Novelty Detector uses categorical variables to speed up real-time detection of malicious activity with fewer false positives and less operator involvement.

Traditional detection of abnormal network activity does not use categorical data, but numerical data and statistical analysis, which do not work due to the high dimensionality of the data and create a huge number of false positives. Malicious activity goes undetected or its detected occurs too late.

Let me remind you that the following messages from the news on the threat detection front may be interesting to you: Microsoft Defender Is Now Available with Built-In Troubleshooting Mode, as [...]

Microsoft Defender for Endpoint now comes with a new troubleshooting mode to help Windows administrators test Microsoft Defender Antivirus performance and run compatibility scripts without blocking intrusion protection.

The new antivirus mode is in early access and allows administrators to disable or change tamper protection settings when diagnosing applications or troubleshooting. The feature is only available for enterprises and is disabled by default. The service requires access to Microsoft 365 Defender.

Let me remind you that we also wrote that Windows Defender creates thousands of files in Windows 10 due to a bug, and also that Microsoft Defender for Endpoint and [...]

SentinelOne specialists found bugs in Avast and AVG antiviruses related to their common anti-rootkit protection driver (aswArPot.sys). Vulnerabilities appeared in the code with the release of Avast 12.1, back in 2012, and all this time remained unnoticed.

Let me remind you that we also reported that Chinese hackers use McAfee antivirus for spreading the malware, and that ESET fixed a serious vulnerability in its products for Windows.

Bugs in Avast and AVG antiviruses were discovered in December 2021, received the identifiers CVE-2022-26522 and CVE-2022-26523, and affect Avast and AVG antiviruses. Since Avast acquired AVG in 2016, the problems appeared to be related to the [...]

Cysource experts discovered an RCE vulnerability that allowed “remotely executing commands on the VirusTotal platform and accessing various scanning capabilities.”

The researchers say that the bug was discovered a year ago, in April 2021, but Google, which owns VirusTotal, only recently gave permission to publish information about the vulnerability.

After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remotely within VirusTotal platform and gain access to its various scans capabilities.Cysource experts told.

Marlon Fabiano da Silva

Let me remind [...]