Archive for the ‘antivirus’ Category

Hackers breached 3 US antivirus companies, researchers reveal

May 9th, 2019
An infographic from Advanced Intelligence showing the hacking group Fxmsp's breach-selling business model.

Enlarge / An infographic from Advanced Intelligence showing the hacking group Fxmsp's breach-selling business model. (credit: AdvIntel)

In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. The collective, calling itself “Fxmsp,” is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims.

Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified “the potential victim entities” of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data “through a private conversation,” Boguslavskiy said. “However, they claimed that their proxy sellers will announce the sale on forums.”

Fxmsp has a well-known reputation in the security community for selling access to breaches, focusing on large, global companies and government organizations. The group was singled out in a 2018 FireEye report on Internet crime for selling access to corporate networks worldwide, including a global breach of a luxury hotel group—potentially tied to the Marriott/Starwood breach revealed last November. AdvIntel’s researchers say the group has sold “verifiable corporate breaches,” pulling in profits approaching $1 million. Over the past two years, Fxmsp has worked to create a network of proxy resellers to promote and sell access to the group’s collection of breaches through criminal marketplaces.

Read 3 remaining paragraphs | Comments

Posted in antivirus, Biz & IT, Data breaches, Fxmsp, Marriott breach, Podcasts, Policy | Comments (0)

Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

March 28th, 2019
Doing business in today's connected world means dealing with a continually evolving threat landscape. With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent. This puts extra onus on security IT teams, who are continuously left scrambling, looking for the best way to

Posted in antivirus, business security, cyber security software, cyber security tools, cyber security webinar, Enterprise Security, network security, webinar | Comments (0)

Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms

March 28th, 2019
An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday. Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 and targeted a wide

Posted in antivirus, computer virus, cyber espionage, hacking news, Malware attack, shamoon malware, WinRar, winrar exploit | Comments (0)

Microsoft Announces Windows Defender ATP Antivirus for Mac

March 22nd, 2019
Brace yourself guys. Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Sounds crazy, right? But it's true. Microsoft Thursday announced that the company is bringing its anti-malware software to Apple’s macOS operating system as well—and to more platforms soon, like Linux. As a result, the technology giant renamed its Windows Defender Advanced

Posted in anti malware, Anti-virus, antivirus, antivirus for macos, Antivirus protection, Best Antivirus software, Microsoft Defender ATP, Windows Defender, windows security | Comments (0)

Researchers use Intel SGX to put malware beyond the reach of antivirus software

February 12th, 2019
Intel Skylake die shot.

Intel Skylake die shot. (credit: Intel)

Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks.

The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with.

Read 15 remaining paragraphs | Comments

Posted in antivirus, DRM, Intel, malware, security, sgx, Tech | Comments (0)

A sampling of networking gear from CES: TP-Link goes Wi-Fi 6, D-Link goes 5G

January 10th, 2019
The Deco X10.

Enlarge / TP-Link's Deco X10 Wi-Fi 6 mesh product. (credit: TP-Link)

The halls of CES might be filled with voice assistants and OLED televisions, but few things make a bigger impact on your day-to-day experience with technology than your networking solution. And there were a bunch of announcements on that front this year.

5GHz routers, smart home, and mesh Wi-Fi systems are where most of the movement is, and many companies like D-Link and TP-Link are offering similar options—but of course, each has its own unique value propositions.

To get a sense of the landscape for home and office networking products (the consumer ones, mind you), let's look at what those two companies showed at CES this year.

Read 18 remaining paragraphs | Comments

Posted in 5G, antivirus, CES, d-link, ethernet, networking, routers, smart home, Tech, TP-Link, WiFi | Comments (0)

Four months after its debut, sneaky Mac malware went undetected by AV providers

December 21st, 2018
Screenshot of virus-detecting program.

Enlarge / A screenshot of VirusTotal showing only two AV providers detected malware, four weeks after it was outed. (credit: Patrick Wardle)

Four months after a mysterious group was outed for a digital espionage operation that used novel techniques to target Mac users, its macOS malware samples continued to go undetected by most antivirus providers, a security researcher reported on Thursday.

Windshift is what researchers refer to as an APT—short for "advanced persistent threat"—that surveils individuals in the Middle East. The group operated in the shadows for two years until August, when Taha Karim, a researcher at security firm DarkMatter, profiled it at the Hack in the Box conference in Singapore. Slides, a brief description, and a report from Forbes are here, here and here, respectively.

A few things make Windshift stand out among APTs, Karim reported in August. One is how rarely the group infects its targets with malware. Instead, it relies on links inside phishing emails and SMS text messages to track the locations, online habits, and other traits of the targets. Another unusual characteristic: in the extremely rare cases Windshift uses Mac malware to steal documents or take screenshots of targets' desktops, it relies on a novel technique to bypass macOS security defenses. (The above-linked Forbes article has more on how this technique, known as a custom URL scheme, allows attacker-controlled sites to automatically install their malware on targeted Macs.)

Read 5 remaining paragraphs | Comments

Posted in antivirus, apple, Biz & IT, MacOS, Macs, malware | Comments (0)

Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON

October 29th, 2018
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its

Posted in anti malware, Anti-virus, antimalware, antivirus, Antivirus Sandbox, Best Antivirus, cybersecurity, microsoft, Microsoft Antivirus, sandbox, sandbox bypass, sandboxing, windows antivirus, Windows Defender | Comments (0)

Microsoft Adding Artificial-Intelligence Based Advanced Antivirus to Windows 10

June 28th, 2017

Microsoft is making every effort to make its Windows operating system more secure and advanced than ever before by beefing up its security practices and hardening it against hackers and cyber attacks in its next release.

With the launch of its Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017, Microsoft is planning

Posted in AI Technology, antivirus, antivirus software, Artificial intelligence, Best Antivirus, malware protection software, secure windows 10, Windows 10, windows 10 antivirus | Comments (0)

Amenazas avanzadas demandan un nuevo abordaje para la seguridad del endpoint

June 28th, 2017

Una nueva onda de malware avanzado está buscando lagunas en las defensas de los endpoints convencionales y nuevas formas de explorarlas. Esos malwares usan técnicas como criptografía y polimorfismo para mascarar su verdadera intención, alcanzando las empresas con ataques de “día-cero”, los cuales las herramientas de seguridad basadas en firma no consiguen identificar.

Esos ataques usan ejecutables ​​sofisticados capaces de reconocer cuando están siendo analizados en herramientas de sandbox ​​y, así, atrasar la ejecución. Ellos también incluyen archivos legítimos y aplicativos que aparecen limpios en la superficie, pero que contienen código malicioso embutido y accionado por gatillos posteriores.

Los responsables por la seguridad en las empresas corren contra el reloj para detectar, contener y remediar las nuevas amenazas y muchas veces no lo consiguen. Cuando varios productos de defensa de endpoint no se comunican unos con los otros, eso exige etapas extras y gran esfuerzo manual de los administradores. Muchos recursos son necesarios para filtrar tantas alertas, generadas por varias soluciones en varios puntos diferentes. Y el tiempo entre la detección y la remediación solo aumenta.

Es necesario pensar en un abordaje de seguridad diferente para aumentar la protección del endpoint. Imagine un sistema unificado, totalmente integrado, con varias capas de defensa que pudiese responder a nuevos eventos inmediatamente, sin intervención humana. En vez de depender de diversas herramientas de seguridad diferentes, usar técnicas de machine learning para parar la mayoría de las amenazas antes que ellas alcancen los endpoints.

Para contener amenazas avanzadas y de día-cero es necesario incluir análisis de estructura y comportamiento de malwares en el sistema de seguridad. Los ciber-criminosos pueden alterar el aspecto del código, pero aún será un malware. Por lo tanto, es probable que comparta muchos atributos con ataques ya conocidos, lo que torna posible analizar el código binario estático para comparar la estructura de los ejecutables sospechosos con las amenazas ya conocidas.

De la misma forma, incluso siendo desconocido, el malware va siempre a seguir cierto comportamiento. Al comparar el comportamiento real del código con perfiles de centenares de millones de muestras de malware es posible identificar y bloquear el archivo si este empieza a comportarse maliciosamente, como sustituir archivos o hacer alteraciones de registro que correspondan al comportamiento de otro malware conocido.

Con esos recursos es posible reducir las etapas manuales e interrumpir la mayoría de las amenazas antes que esas puedan damnificar el endpoint. Al usar defensas integradas y automatizadas, el resultado es un modelo en constante evolución, cada nueva amenaza detectada mejora las defensas de la organización como un todo.


*Bruno Zani es gerente de ingeniería de sistemas de McAfee en Brasil

The post Amenazas avanzadas demandan un nuevo abordaje para la seguridad del endpoint appeared first on McAfee Blogs.

Posted in Advanced Persistent Threats, Advanced Threat Defense, antivirus, endpoint security, Español | Comments (0)