The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Antivirus

Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus

Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus

May 05, 2022Ravie Lakshmanan
Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a  legitimate driver  that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researcher Kasif Dekel  said  in a report shared with The Hacker News. Tracked as CVE-2022-26522 and CVE-2022-26523, the flaws reside in a legitimate anti-rootkit kernel driver named aswArPot.sys and are said to have been introduced in Avast version 12.1, which was released in June 2016. Specifically, the shortcomings are rooted in a socket connection handler in the kernel driver that could lead to privilege escalation by running code in the kernel from a non-administrator user, potentially causing the operating system to crash and display a blue screen of death ( BSoD ) e
AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

May 02, 2022Ravie Lakshmanan
Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws.  "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys)," Trend Micro researchers, Christoper Ordonez and Alvin Nieto,  said  in a Monday analysis. "In addition, the ransomware is also capable of scanning multiple endpoints for the Log4j vulnerability (Log4shell) using Nmap  NSE script ." AvosLocker , one of the newer ransomware families to fill the vacuum left by  REvil , has been linked to a number of attacks that targeted critical infrastructure in the U.S., including financial services and government facilities. A ransomware-as-a-service (RaaS) affiliate-based group first spotted in July 2021, AvosLocker goes beyond double extortion
As State-Backed Cyber Threats Grow, Here's How the World Is Reacting

As State-Backed Cyber Threats Grow, Here's How the World Is Reacting

April 14, 2022The Hacker News
With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware attacks such as  Cyclops Blink ,  HermeticWiper , and  BlackCat . These target businesses as well as government institutions and nonprofit organizations. There have been cases of several attempts to shut down online communications and IT infrastructure. The ongoing list of  significant cyber incidents  curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. With the recent activities in cyberspace impacted by the emergence of the geopolitical tumult in February, it
FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List

FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List

March 26, 2022Ravie Lakshmanan
The U.S. Federal Communications Commission (FCC) on Friday  moved  to add Russian cybersecurity company Kaspersky Lab to the " Covered List " of companies that pose an "unacceptable risk to the national security" of the country. The development marks the first time a Russian entity has been added to the list that's been otherwise dominated by Chinese telecommunications firms. Also added alongside Kaspersky were China Telecom (Americas) Corp and China Mobile International USA. The block list includes information security products, solutions, and services supplied, directly or indirectly, by the company or any of its predecessors, successors, parents, subsidiaries, or affiliates. The FCC said the decision was made pursuant to a Binding Operational Directive (BOD)  issued  by the Department of Homeland Security on September 11, 2017 that barred federal agencies from using Kaspersky-branded products in their information systems. The security services provider,
German Government Warns Against Using Russia's Kaspersky Antivirus Software

German Government Warns Against Using Russia's Kaspersky Antivirus Software

March 16, 2022Ravie Lakshmanan
Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security (BSI) against using the company's security solutions in the country over "doubts about the reliability of the manufacturer." Calling that the decision was made on "political grounds," the company  said  it will "continue to assure our partners and customers of the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators' concerns." The statement from Kaspersky follows a warning from Germany's cybersecurity authority, the Bundesamt für Sicherheit in der Informationstechnik aka BSI, which recommended "replacing applications from Kaspersky's portfolio of antivirus software with alternative products" due to risks that they could be exploited by Russia for a cyber attack. "Companies and
If You're Not Using Antivirus Software, You're Not Paying Attention

If You're Not Using Antivirus Software, You're Not Paying Attention

November 25, 2021The Hacker News
Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.  Need help picking out antivirus software? Well, we've got you covered. Below you can find our picks for the best antivirus products of 2021. But before we get to that, let's set a few things straight so we're all on the same page.  When we talk about antivirus products, we're really talking about anti- malware  products. Malware is a catchall term that refers to any malicious program created to damage, disrupt, or take charge of a computer. Types of malware include not only viruses but spyware, trojan horses, ransomware, adware, and scareware. Any good antivirus product in 2021 must be ab
This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

July 20, 2021Ravie Lakshmanan
Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed " MosaicLoader " that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers said in a  report  shared with The Hacker News. "The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links." The malware has been so named because of its sophisticated internal structure that's orchestrated to prevent reverse-engineering and evade analysis. Attacks involving MosaicLoader rely on a well-established tactic for malware delivery called search engine optimization (SEO) poisoning, wherein cybercriminals purc
Antivirus Pioneer John McAfee Found Dead in Spanish Jail

Antivirus Pioneer John McAfee Found Dead in Spanish Jail

June 23, 2021Ravie Lakshmanan
Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters  reported . Security personnel at the Brians 2 prison tried to revive McAfee, but he was eventually declared dead, per  Associated Press . News of his death comes after Spain's National Court approved his extradition to the U.S. to face federal criminal tax evasion charges. McAfee worked for NASA, Xerox, and Lockheed Martin before launching the world's first commercial antivirus software in 1987. He later resigned from the namesake security firm in 1994. The former cybersecurity tycoon turned fugitive was detained in Spain last October for " willful failure to file tax returns ," with the U.S. Depar
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

June 01, 2021Ravie Lakshmanan
Researchers have disclosed significant security weaknesses in popular antivirus software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks,  detailed  by academics from the University of Luxembourg and the University of London, are aimed at circumventing the protected folder feature offered by antivirus programs to encrypt files (aka "Cut-and-Mouse") and disabling their real-time protection by simulating mouse "click" events (aka "Ghost Control"). "Antivirus software providers always offer high levels of security, and they are an essential element in the everyday struggle against criminals,"  said  Prof. Gabriele Lenzini, chief scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg. "But they are competing with cri
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

January 19, 2021Ravie Lakshmanan
Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after  FireEye ,  Microsoft , and  CrowdStrike . The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications with privileged access to Microsoft Office 365 and Azure environments." The discovery was made after Microsoft notified Malwarebytes of suspicious activity from a dormant email protection app within its  Office 365 tenant  on December 15, following which it performed a detailed investigation into the incident. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," the company's CEO Marcin Kleczynski  said  in a post. "We found no evidence of unauthorized access or compromise in any of o
New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

October 05, 2020Ravie Lakshmanan
Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk researcher Eran Shimony today and shared with The Hacker News, the high privileges often associated with anti-malware products render them more vulnerable to exploitation via file manipulation attacks, resulting in a scenario where malware gains elevated permissions on the system. The bugs impact a wide range of antivirus solutions, including those from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender, each of which has been fixed by the respective vendor. Chief among the flaws is the ability to delete files from arbitrary locations, allowing the attacker to delete any file in the system, as well as a file corruption vulnerability that permits a bad ac
VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection

VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection

June 23, 2020The Hacker News
VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm. VirusTotal provides a free online service that analyzes suspicious files and URLs to detect malware and automatically shares them with the security community. With the onslaught of new malware types and samples, researchers rely on the rapid discovery and sharing provided by VirusTotal to keep their companies safe from attacks. VirusTotal relies on a continuous stream of new malware discoveries to protect its members from significant damage. Cynet , the creator of the autonomous breach protection platform, has now integrated its Cynet Detection Engine into VirusTotal. The benefits of this partnership are twofold. First, Cynet provides the VirusTotal partner network cutting-edge threat intelligence from its ML-based detection engine (CyAI) that actively protects the company's clients around th
Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS

Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS

February 21, 2020Mohit Kumar
Almost within a year after releasing Microsoft Defender Advanced Threat Protection (ATP) for macOS computers , Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian. If this news hasn't gotten you excited yet... Microsoft is also planning to soon release Defender ATP anti-malware apps for smartphones and other devices running Google's Android and Apple's iOS mobile operating systems. "We know our customers' environments are complex and heterogeneous. Providing comprehensive protection across multiple platforms through a single solution and streamlined view is more important than ever," the company said . "Next week at the RSA Conference, we'll provide a preview of our investments in mobile threat defense with the work we're doing to bring our solutions to Android and iOS." I am sure you might have heard this many times that 'Linux doesn&#
How Organizations Can Defend Against Advanced Persistent Threats

How Organizations Can Defend Against Advanced Persistent Threats

December 25, 2019The Hacker News
Advanced persistent threats (APTs) have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time. They typically perform complex hacks that allow them to steal or destroy data and resources. According to Accenture , APTs have been organizing themselves into groups that enable them to share tactics and tools to carry out attacks at scale. Russian group Silence APT, for instance, has been reported to be actively targeting financial institutions and have successfully stolen millions of dollars from various banks worldwide. Smaller organizations also need to be wary of such threats. APT groups also use automated tools and botnets to gain access to networks, and these tactics don't discriminate based on size, industry, or value. Any vulnerable infrastructure can be breached. It is now critical for all organizations to understand how APTs operate and impleme
Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

December 10, 2019Mohit Kumar
Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software. Snatch has been active since at least the summer of 2018, but SophosLabs researchers spotted the Safe Mode enhancement to this ransomware strain only in recent cyber attacks against various entities they investigated. "SophosLabs researchers have been investigating an ongoing series of ransomware attacks in which the ransomware executable forces the Windows machine to reboot into Safe Mode before beginning the encryption process," the researchers say . "The ransomware, which calls it
Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

December 03, 2019Mohit Kumar
If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history. Most of you might not even remember downloading and installing these extensions on your web browser, and that's likely because when users install Avast or AVG antivirus on their PCs, the software automatically installs their respective add-ons on the users' browsers. Both online security extensions have been designed to warn users when they visit a malicious or phishing website; whereas, SafePrice extensions help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from variou
Hackers Breach ZoneAlarm's Forum Site — Outdated vBulletin to Blame

Hackers Breach ZoneAlarm's Forum Site — Outdated vBulletin to Blame

November 11, 2019Swati Khandelwal
ZoneAlarm, an internet security software company owned by Israeli cybersecurity firm Check Point Technologies, has suffered a data breach exposing data of its discussion forum users, the company confirmed The Hacker News. With nearly 100 million downloads, ZoneAlarm offers antivirus software, firewall, and additional virus protection solutions to home PC users, small businesses, and mobile phones worldwide. Though neither ZoneAlarm or its parent company Check Point has yet publicly disclosed the security incident, the company quietly sent an alert via email to all affected users over this weekend, The Hacker News learned. The email-based breach notification advised ZoneAlarm forum users to immediately change their forum account passwords, informing them hackers have unauthorizedly gained access to their names, email addresses, hashed passwords, and date of births. Moreover, the company has also clarified that the security incident only affects users registered with the "
Rogue TrendMicro Employee Sold Customer Data to Tech Support Scammers

Rogue TrendMicro Employee Sold Customer Data to Tech Support Scammers

November 07, 2019Wang Wei
Do you always uncomfortable trusting companies with your data? If so, you're not alone. While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company's data. Unfortunately, when we say companies can't eliminate insider threat completely, cybersecurity firms, who are meant to protect others, are not an exception. Cybersecurity firm Trend Micro has disclosed a security incident this week carried out by an employee who improperly accessed the personal data of thousands of its customers with a "clear criminal intent" and then sold it to a malicious third-party tech support scammers earlier this year. According to the security company, an estimated number of customers affected by the breach is 68,000, which is less than one percent of the company's 12 million customer base. Trend Micro first became aware of the incident in early August 2019 when it found that some of its consumer customers were r
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.