Archive for the ‘antivirus’ Category

A sampling of networking gear from CES: TP-Link goes Wi-Fi 6, D-Link goes 5G

January 10th, 2019
The Deco X10.

Enlarge / TP-Link's Deco X10 Wi-Fi 6 mesh product. (credit: TP-Link)

The halls of CES might be filled with voice assistants and OLED televisions, but few things make a bigger impact on your day-to-day experience with technology than your networking solution. And there were a bunch of announcements on that front this year.

5GHz routers, smart home, and mesh Wi-Fi systems are where most of the movement is, and many companies like D-Link and TP-Link are offering similar options—but of course, each has its own unique value propositions.

To get a sense of the landscape for home and office networking products (the consumer ones, mind you), let's look at what those two companies showed at CES this year.

Read 18 remaining paragraphs | Comments

Posted in 5G, antivirus, CES, d-link, ethernet, networking, routers, smart home, Tech, TP-Link, WiFi | Comments (0)

Four months after its debut, sneaky Mac malware went undetected by AV providers

December 21st, 2018
Screenshot of virus-detecting program.

Enlarge / A screenshot of VirusTotal showing only two AV providers detected malware, four weeks after it was outed. (credit: Patrick Wardle)

Four months after a mysterious group was outed for a digital espionage operation that used novel techniques to target Mac users, its macOS malware samples continued to go undetected by most antivirus providers, a security researcher reported on Thursday.

Windshift is what researchers refer to as an APT—short for "advanced persistent threat"—that surveils individuals in the Middle East. The group operated in the shadows for two years until August, when Taha Karim, a researcher at security firm DarkMatter, profiled it at the Hack in the Box conference in Singapore. Slides, a brief description, and a report from Forbes are here, here and here, respectively.

A few things make Windshift stand out among APTs, Karim reported in August. One is how rarely the group infects its targets with malware. Instead, it relies on links inside phishing emails and SMS text messages to track the locations, online habits, and other traits of the targets. Another unusual characteristic: in the extremely rare cases Windshift uses Mac malware to steal documents or take screenshots of targets' desktops, it relies on a novel technique to bypass macOS security defenses. (The above-linked Forbes article has more on how this technique, known as a custom URL scheme, allows attacker-controlled sites to automatically install their malware on targeted Macs.)

Read 5 remaining paragraphs | Comments

Posted in antivirus, apple, Biz & IT, MacOS, Macs, malware | Comments (0)

Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON

October 29th, 2018
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its

Posted in anti malware, Anti-virus, antimalware, antivirus, Antivirus Sandbox, Best Antivirus, cybersecurity, microsoft, Microsoft Antivirus, sandbox, sandbox bypass, sandboxing, windows antivirus, Windows Defender | Comments (0)

Microsoft Adding Artificial-Intelligence Based Advanced Antivirus to Windows 10

June 28th, 2017

Microsoft is making every effort to make its Windows operating system more secure and advanced than ever before by beefing up its security practices and hardening it against hackers and cyber attacks in its next release.

With the launch of its Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017, Microsoft is planning

Posted in AI Technology, antivirus, antivirus software, Artificial intelligence, Best Antivirus, malware protection software, secure windows 10, Windows 10, windows 10 antivirus | Comments (0)

Amenazas avanzadas demandan un nuevo abordaje para la seguridad del endpoint

June 28th, 2017

Una nueva onda de malware avanzado está buscando lagunas en las defensas de los endpoints convencionales y nuevas formas de explorarlas. Esos malwares usan técnicas como criptografía y polimorfismo para mascarar su verdadera intención, alcanzando las empresas con ataques de “día-cero”, los cuales las herramientas de seguridad basadas en firma no consiguen identificar.

Esos ataques usan ejecutables ​​sofisticados capaces de reconocer cuando están siendo analizados en herramientas de sandbox ​​y, así, atrasar la ejecución. Ellos también incluyen archivos legítimos y aplicativos que aparecen limpios en la superficie, pero que contienen código malicioso embutido y accionado por gatillos posteriores.

Los responsables por la seguridad en las empresas corren contra el reloj para detectar, contener y remediar las nuevas amenazas y muchas veces no lo consiguen. Cuando varios productos de defensa de endpoint no se comunican unos con los otros, eso exige etapas extras y gran esfuerzo manual de los administradores. Muchos recursos son necesarios para filtrar tantas alertas, generadas por varias soluciones en varios puntos diferentes. Y el tiempo entre la detección y la remediación solo aumenta.

Es necesario pensar en un abordaje de seguridad diferente para aumentar la protección del endpoint. Imagine un sistema unificado, totalmente integrado, con varias capas de defensa que pudiese responder a nuevos eventos inmediatamente, sin intervención humana. En vez de depender de diversas herramientas de seguridad diferentes, usar técnicas de machine learning para parar la mayoría de las amenazas antes que ellas alcancen los endpoints.

Para contener amenazas avanzadas y de día-cero es necesario incluir análisis de estructura y comportamiento de malwares en el sistema de seguridad. Los ciber-criminosos pueden alterar el aspecto del código, pero aún será un malware. Por lo tanto, es probable que comparta muchos atributos con ataques ya conocidos, lo que torna posible analizar el código binario estático para comparar la estructura de los ejecutables sospechosos con las amenazas ya conocidas.

De la misma forma, incluso siendo desconocido, el malware va siempre a seguir cierto comportamiento. Al comparar el comportamiento real del código con perfiles de centenares de millones de muestras de malware es posible identificar y bloquear el archivo si este empieza a comportarse maliciosamente, como sustituir archivos o hacer alteraciones de registro que correspondan al comportamiento de otro malware conocido.

Con esos recursos es posible reducir las etapas manuales e interrumpir la mayoría de las amenazas antes que esas puedan damnificar el endpoint. Al usar defensas integradas y automatizadas, el resultado es un modelo en constante evolución, cada nueva amenaza detectada mejora las defensas de la organización como un todo.


*Bruno Zani es gerente de ingeniería de sistemas de McAfee en Brasil

The post Amenazas avanzadas demandan un nuevo abordaje para la seguridad del endpoint appeared first on McAfee Blogs.

Posted in Advanced Persistent Threats, Advanced Threat Defense, antivirus, endpoint security, Español | Comments (0)

Webroot ‘mistakenly’ flags Windows as Malware and Facebook as Phishing site

April 25th, 2017

Popular antivirus service Webroot mistakenly flagged core Windows system files as malicious and even started temporarily removing some of the legit files, trashing user computers around the world.

The havoc caused after the company released a bad update on April 24, which was pulled after approximately 15 minutes. But that still hasn’t stopped some PCs from receiving it, causing serious

Posted in antimalware, antivirus, antivirus software, webroot antivirus, windows antivirus, windows crash | Comments (0)

New Versions of Cloud Workload Discovery and McAfee MOVE AntiVirus Now Available!

April 20th, 2017

As part of our continued enhancements to our server security solutions, Cloud Workload Discovery 4.5.1 was released on March 27, 2017 and the McAfee MOVE AntiVirus 4.5.1 release followed on April, 20 2017.  These solutions have some valuable new features and benefits that I’d like to share with you.

Cloud Workload Discovery 4.5.1

Let’s start with Cloud Workload Discovery 4.5.1.  Cloud Workload Discovery, covering VMware, OpenStack, AWS and Microsoft Azure, provides end-to-end visibility into cloud workloads and their underlying platforms. You can get an in-depth description of Cloud Workload Discovery in our previous blog, “New Server Security Release Makes Borderless Cloud Security a Reality”.  Prior to version 4.5.1, Cloud Workload Discovery was available to work with two of Intel Security’s antivirus solutions, McAfee VirusScan Enterprise and McAfee MOVE AntiVirus.

Cloud Workload Discovery 4.5.1 extends visibility to McAfee Endpoint Security for AWS and Microsoft Azure workloads.  McAfee Endpoint Security is a collaborative, extensible framework for protecting Microsoft Windows and Linux servers against zero-day exploits and advanced attacks. Now that Cloud Workload Discovery supports McAfee Endpoint Security, we are adding two of its modules, Threat Prevention and Firewall, to all three of our server security suites, McAfee Server Security Suite Essentials and McAfee Server Security Suite Advanced for hybrid cloud protection and McAfee Public Cloud Security Suite.

Threat Prevention scans for viruses, spyware, unwanted programs and other threats – automatically with user access or on demand at any time.  The Firewall module monitors communication between the computer and resources on the network and the Internet to intercept suspicious communications.

 McAfee MOVE AntiVirus 4.5.1

McAfee MOVE AntiVirus is a key component of McAfee Server Security Suite Essentials and  McAfee Server Security Suite Advanced.  McAfee MOVE AntiVirus can now protect Linux virtual machines in agentless deployments as part of the 4.5.1 release, including 64-bit versions of SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7 and Ubuntu 14.04 LTS.  This includes all the Linux distributions supported by VMware NSX 6.3. In addition, McAfee MOVE Antivirus (Agentless) is now certified for VMware NSX 6.3 so that customers can be sure that these solutions work seamlessly together.

Learn More

Here’s some links for our server security suites and McAfee MOVE AntiVirus if you’d like to find out more about these solutions:

McAfee Server Security Suite Essentials

McAfee Server Security Suite Advanced

McAfee Public Cloud Server Security Suite

McAfee MOVE AntiVirus

The post New Versions of Cloud Workload Discovery and McAfee MOVE AntiVirus Now Available! appeared first on McAfee Blogs.

Posted in antivirus, Cloud security, endpoint security, Security Connected | Comments (0)

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking

February 28th, 2017

What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much?

One such easy-to-exploit, but critical vulnerability has been discovered in ESET’s antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system.

The critical security flaw, tracked

Posted in antivirus, Apple Mac OS, eset antivirus, Google Security, hacking news, Mac security, remote code execution, Vulnerability | Comments (0)

RansomFree Tool Detects Never-Seen-Before Ransomware Before It Encrypts Your Data

December 20th, 2016

Ransomware has risen dramatically since last few years, so rapidly that it might have already hit you or someone you know.

With hundred of thousands of ransomware variants emerging every day, it is quite difficult for traditional signature-based antivirus tools to keep their signature database up-to-date.

So, if signature-based techniques are not enough to detect ransomware infection, then

Posted in anti-ransomware, antivirus, computer virus, Malware removal tool, RansomFree, ransomware, virus Removal | Comments (0)

How to Protect All Your Internet-Connected Home Devices From Hackers

December 12th, 2016

How many Internet-connected devices do you have in your home? I am surrounded by around 25 such devices.

It’s not just your PC, smartphone, and tablet that are connected to the Internet. Today our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks.

However, when it comes to security, people generally ignore to

Posted in antivirus, Bitdefender, Bitdefender BOX, Internet of things, iot devices, IoT security, secure smart devices, smart home | Comments (0)