Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket. This article has been indexed from Security Blog G Data Software AG Read the original article: Malware by the (Bit)Bucket:…
Tag: Security Blog G Data Software AG
Exploring GenAI in Cybersecurity: Gemini for Malware Analysis
How useful are Generative AI technologies when it comes to being used in a security context? We have taken the plunge and gave it a try. This article has been indexed from Security Blog G Data Software AG Read the…
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell
We break down the full infection chain of the Brazilian-targeted threat BBTok and demonstrate how to deobfuscate the loader DLL using PowerShell, Python, and dnlib. This article has been indexed from Security Blog G Data Software AG Read the original…
Sandbox scores are not an antivirus replacement
Automatic sandbox services should not be treated like “antivirus scanners” to determine maliciousness for samples. That’s not their intended use, and they perform poorly in that role. Unfortunately, providing an “overall score” or “verdict” is misleading. This article has been…
Ailurophile: New Infostealer sighted in the wild
We discovered a new stealer in the wild called ‘”Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the…
Opinion: More layers in malware campaigns are not a sign of sophistication
Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so? This article…
SocGholish: Fake update puts visitors at risk
The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the…
Turla: A Master’s Art of Evasion
Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this. Learn more about the details in this article! This article has been indexed from Security Blog G Data…
Fortinet: CVE 2024-21754: Passwords on a Silver Platter
Matthias Barkhausen and Hendrik Eckardt have discovered a flaw in the firmware of Fortinet firewalls. This flaw potentially reveals sensitive information to attackers, such as passwords. This article has been indexed from Security Blog G Data Software AG Read the…
New backdoor BadSpace delivered by high-ranking infected websites
Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, there’s an unwelcome surprise: the BadSpace backdoor. What is this new…
In Bad Company: JScript RAT and CobaltStrike
Remote Access Trojans (RATs) that are based in JScript are gaining traction. We have looked at a recent example that emerged in mid-May. It turns out that this RAT has some companions on the way that we are familiar with.…
Multifactor Authentication: Great tool with some limitations
Multifactor authentication (MFA) stands as a stalwart defence in today’s cybersecurity landscape. Yet, despite its efficacy, MFA is not impervious to exploitation. Recognizing the avenues through which hackers bypass these defences is crucial for fortifying cybersecurity measures. This article has…
GoTo Meeting loads Remcos RAT via Rust Shellcode Loader
Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…
GoTo Meeting loads Remcos RAT via Rust Shellcode Loader
Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…
Sharp-Project: New Stealer Family on the Market
Infostealers are one of the most lucrative types of malware employed by criminals. And because this is a tried and tested approach, there are still new players entering this illegal game. The new kid on the block is called “Sharp…
Android: Banking trojan masquerading as Chrome
Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets…
RisePro stealer targets Github users in “gitgub” campaign
RisePro resurfaces with new string encryption and a bloated MSI installer that crashes reversing tools like IDA. The “gitgub” campaign already sent more than 700 archives of stolen data to Telegram. This article has been indexed from Security Blog G…
Let the “Mother of all Breaches” Be a Wake-up Call
At the end of January, a database with an allegedly unprecedented amount of personal information of billions of people appeared online. What does that mean for every one of us? What are the ramifications? Or is it all “more bark…
My 6 Security Predictions for 2024…
The beginning of January is traditionally the perfect month to look ahead to the new year. What can we expect in 2024 in the field of security? I present six predictions for this year. This article has been indexed from…
csharp-streamer: Peeking under the hood
An unusual attack tool has caught the attention and peaked the curiosity of G DATA analyst Hendrik Eckardt. The discovered RAT (Remote Access Tool) is apparently designed for networks where people take an annoyingly close – for the attackers –…
Cobalt Strike: Looking for the Beacon
During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like.…
New “Agent Tesla” Variant: Unusual “ZPAQ” Archive Format Delivers Malware
A new variant of Agent Tesla uses the uncommon compression format ZPAQ to steal information from approximately 40 web browsers and various email clients. But what exactly is this file compression format? What advantage does it provide to threat actors?…
Buyer beware: Phishing sites & Fake Shops still popular among criminals
Just in time for Black Friday, the number of phishing and scam websites is increasing. People on the lookout for a bargain are at risk of having there payment details and personal information stolen. This article has been indexed from…
Robots: Cybercriminals of the Future?
Artificial intelligence and adjacent technologies have been causing quite the stir lately. Many are concerned that AI is going to give rise to new and potentially completely machine-generated forms of criminal attacks. Let us look at some of those concerns.…
NIS-2: EU Directive Takes a Massive Step towards Increased Security
NIS-2 aims to establish an EU wide common security standard for critical infrastructures and adjacent industries as well as vital supply chains. Here is a brief recap – and also a good reason why even non critical industries should pay…
A little History: What Hacking and Model Train Sets Have in Common
Many people have an image that springs to mind when they hear the term “hacker”. This image is often the result of media reports about criminal activity. But: You might be surprised to hear that the world would be far…
Vulnerabilities: Understand, mitigate, remediate
As the value of data has grown managing vulnerabilities effectively is essential for the success of your organizations’ security and minimizing the impact of successful attacks. But: What are those vulnerabilities, anyway? Eddy Willems explains. This article has been indexed…
ChatGPT: The real Evil Twin
The clamor and viral use of a very human-sounding, artificial technology chatbot named, ChatGPT gave rise to some new and interesting activities in the cybercrime world. This article has been indexed from Security Blog G Data Software AG Read the…
Verdict-as-a-Service moves malware scanning from the endpoint to the cloud
Today, no one can do without data at work. However, malware often lurks in shared resources. Stefan Hausotte and his team have developed a solution for this with G DATA Verdict-as-a-Service. He reveals more in an interview. This article has…
Recovering from Attacks: Getting Back to Normal
An all-out attack on a company network usually causes havoc. Normal operation ceases for the most part, and the entire organisation switches to “emergency mode”. Bouncing back from that can be a challenge that might take weeks or months. Here…
ChatGPT: What AI holds in store for security
ChatGPT has made quite a splash in recent weeks. The AI-supported chatbot impresses with its convincingly human-looking way of answering questions and interacting with users. This arouses enthusiasm as well as concerns – including in the world of IT security.…
IT security trends 2023 (part 2): Why iPhones are hackers’ best friends, rootkits are celebrating a renaissance, and uncertainty is bad for IT security
In the second part of the blog series, Tim Berghoff, Stefan Decker and Karsten Hahn explore current trends in IT security. Their views focus on the effects on IT security of the past years of crisis, the importance of smartphones…
IT security trends 2023 (part 1): On the shortage of skilled workers, social engineering attacks and companies refusing to learn
Every year in November, we at G DATA CyberDefense ask our IT security experts the same question: “What risks will threaten the IT security of companies and private individuals in the coming year?” In the first part of this blog…
Building security: Protecting the crown jewels of your company
One of the important aspects of creating effective security is to make an assessment about what assets need most protection. This is a multi-faceted endeavour, as this blog article will line out. This article has been indexed from Security Blog…
Collaboration: Why working with competitors is crucial to combat cybercrime
Collaboration is an important factor for success. This has always been true for organisation internally. It may seem counterintuitive at first, but sometimes collaborating with a competitor is the best thing you can do. This article has been indexed from…
Identifying file manipulation in system files
Sometimes people send files to us that seem to be legitimate Microsoft system files at first glance, yet closer inspection reveals, that they have in fact been modified. Are those manipulations always malicious? And how can file manipulations be identified?…
Identifying file manipulation in system files
Sometimes people send files to us that seem to be legitimate Microsoft system files at first glance, yet closer inspection reveals, that they have in fact been modified. Are those manipulations always malicious? And how can file manipulations be identified?…
Printers: The underestimated danger inside your company
Printers are an often overlooked pathway into a company network. Whether it is a misconfiguration or a security flaw: There are ways to remedy both. This article has been indexed from Security Blog G Data Software AG Read the original…
The real reason why malware detection is hard—and underestimated
Researchers develop an AI with a 98% malware detection rate and 5% false positive rate. If you think this is a splendid technology for antivirus software, this article might change your mind. This article has been indexed from Security Blog…
The Psychology of Cybercrime
A good criminal needs to know what makes people tick. There is a great deal of psychology involved in criminal activities – especially when it comes to establishing contact with potential victims. This article has been indexed from Security Blog…
The Psychology of Cybercrime
A good criminal needs to know what makes people tick. There is a great deal of psychology involved in criminal activities – especially when it comes to establishing contact with potential victims. This article has been indexed from Security Blog…
Cybercrime: The Dangerous World of QR Codes
This article has been indexed from Security Blog G Data Software AG QR codes are everywhere these days. People use them to open websites, download apps, collect loyalty points, make payments and transfer money. This is very convenient for people,…
Criminals provide Ginzo stealer for free, now it is gaining traction
This article has been indexed from Security Blog G Data Software AG We identified more than 400 samples for Ginzo stealer within 10 days since 20th March and the numbers are rising. What is behind the free stealer? Read the…
Criminals provide Ginzo stealer for free, now it is gaining traction
This article has been indexed from Security Blog G Data Software AG We identified more than 400 samples for Ginzo stealer within 10 days since 20th March and the numbers are rising. What is behind the free stealer? Read the…
An attacker’s toolchest: Living off the land
This article has been indexed from Security Blog G Data Software AG If you’ve been keeping up with the information security world, you’ve certainly heard that recent ransomware attacks and other advanced persistent threats are sometimes using special kind of…
An attacker’s toolchest: Living off the land
This article has been indexed from Security Blog G Data Software AG If you’ve been keeping up with the information security world, you’ve certainly heard that recent ransomware attacks and other advanced persistent threats are sometimes using special kind of…
Research Project: SmartVMI
This article has been indexed from Security Blog G Data Software AG SmartVMI is getting off the ground: Alongside the University of Passau and innowerk, G DATA is conducting research into improving the state of virtual machine introspection for memory…
Android Malware: An underestimated problem?
This article has been indexed from Security Blog G Data Software AG Is Android malware dangerous? How can I prevent my phone from an being infected? How can I remove a malicious app from my phone? What’s the real reason…
Allcome clipbanker is a newcomer in underground forums
This article has been indexed from Security Blog G Data Software AG The malware underground market might seem astoundingly professional in marketing and support. Let’s take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome. Read the…
Allcome clipbanker is a newcomer in underground forums
This article has been indexed from Security Blog G Data Software AG The malware underground market might seem astoundingly professional in marketing and support. Let’s take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome. Read the…
QR codes on Twitter deliver malicious Chrome extension
This article has been indexed from Security Blog G Data Software AG ISO file downloads are advertised via QR codes on Twitter and on supposedly free gaming sites, but they don’t contain what they promise. Read the original article: QR…
Merck wins Not Petya claim – but the future of cybersecurity insurance is complicated
This article has been indexed from Security Blog G Data Software AG Pharmaceutical company Merck & Co won its case for coverage of losses incurred during the Not Petya cyberattack, securing a payment of 1.4 billion US-Dollars from its insurance…
Malware vaccines can prevent pandemics, yet are rarely used
This article has been indexed from Security Blog G Data Software AG Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against…
Malware vaccines can prevent pandemics, yet are rarely used
This article has been indexed from Security Blog G Data Software AG Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against…
Germanys National Cybersecurity Agency declares red alert: Wave of attacks possibly imminent due to Log4Shell vulnerability
This article has been indexed from Security Blog G Data Software AG The remaining days before Christmas will not be relaxing ones for IT and IT security managers in companies around the world: The Log4Shell security vulnerability is currently keeping…
Malicious USB drives: Still a security problem
This article has been indexed from Security Blog G Data Software AG A malicious USB drive dropped in a parking lot – this image has become a bit of a trope in IT security circles. Still, the threat is very…
Cybersicherheit – Zahl der Woche: Jeder Zweite hält Banken für besonders gefährdet
This article has been indexed from Security Blog G Data Software AG Das Risiko einer Cyberattacke ist branchenabhängig. Das belegt die aktuelle Umfrage „Cybersicherheit in Zahlen“ von G DATA in Zusammenarbeit mit Statista und brand eins. Nach Ansicht der Befragten…
To pay or not to pay?
This article has been indexed from Security Blog G Data Software AG Recently, several magazines have repeatedly covered how to protect against and recover from ransomware attacks. However, many companies and individuals are left with the question of whether they…
An overview of malware hashing algorithms
This article has been indexed from Security Blog G Data Software AG VirusTotal’s “Basic Properties” tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as…
Is it “Fool Us”, or is it “Us Fools”?
This article has been indexed from Security Blog G Data Software AG The annual Virus Bulletin International Conference has been running since 1991 and is one of the highlights in the calendar of events for IT security experts. I attended…
How can we get rid of them and why law enforcement is not really the answer
This article has been indexed from Security Blog G Data Software AG Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the…
How can we get rid of them and why law enforcement is not really the answer
This article has been indexed from Security Blog G Data Software AG Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the…
Microsoft signed a malicious Netfilter rootkit
This article has been indexed from Security Blog G Data Software AG What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a…
A Tale of Two Floppies – The Basics of Cyber Security
This article has been indexed from Security Blog G Data Software AG I was thrilled when I was approached and asked to give a talk at TEDx in Leuven – in this talk I am sharing some anecdotes that have…
Plans for iOS15 put victims of stalking and abuse at risk
This article has been indexed from Security Blog G Data Software AG Apple has announced some innovations for iOS 15 are a cause for concern among victims of abuse and organizations that support survivors. Among other things, it will be…
Is it good, bad or something in between?
This article has been indexed from Security Blog G Data Software AG There has been a lot said about data scraping. Here is a breakdown of what it is, why it might be problematic and how we might deal with…
Malware Hides in Steam Profile Images
This article has been indexed from Security Blog G Data Software AG SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The…
Malware Hides in Steam Profile Images
This article has been indexed from Security Blog G Data Software AG SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The…
Malware family naming hell is our own fault
This article has been indexed from Security Blog G Data Software AG EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The…
Perform simple security tests yourself – using Metasploit Framework and nmap
This article has been indexed from Security Blog G Data Software AG Even with little effort, the security of your own network can be put to the test. We present two tools that make this possible. The best thing about…
Perform simple security tests yourself – using Metasploit Framework and nmap
This article has been indexed from Security Blog G Data Software AG Even with little effort, the security of your own network can be put to the test. We present two tools that make this possible. The best thing about…
11 Biggest cyber security threats in 2021
Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article covers a unique insight to the 11 biggest cyber security threats…
11 Biggest cyber security threats in 2021
Read the original article: 11 Biggest cyber security threats in 2021 Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article…
To patch or not to patch
Read the original article: To patch or not to patch As the infosec world was in turmoil following a total of seven zero-day vulnerabilities in MS Exchange and the so-called Hafnium attack, one thing came to my mind – and…
To patch or not to patch
Read the original article: To patch or not to patch As the infosec world was in turmoil following a total of seven zero-day vulnerabilities in MS Exchange and the so-called Hafnium attack, one thing came to my mind – and…
Creating a safer online world together with the Cybersecurity Tech Accord
Read the original article: Creating a safer online world together with the Cybersecurity Tech Accord At G DATA we always are providing our customers with the confidence that our solutions always meet high standards to operate safely throughout their lifecycle…
The danger inside your phone
Read the original article: The danger inside your phone SIM swapping targets people from various areas of life. A taxi driver is technically not less vulnerable to this attack as a business owner. In this article we cover how it…
Apple takes serious measures in action against zero-click exploits in iOS
Read the original article: Apple takes serious measures in action against zero-click exploits in iOS Following concerns expressed by users as well as security experts, Apple announced that they will take steps to make zero-click exploits a lot more difficult.…
Spying on your Exchange Server
Read the original article: Spying on your Exchange Server Microsoft have patched four highly critical security flaws in their Exchange mail server application. Those flaws allowed an attacker to access confidential information. No passwords are needed to exploit the vulnerabilities.…
Spying on your Exchange Server
Read the original article: Spying on your Exchange Server Microsoft have patched four highly critical security flaws in their Exchange mail server application. Those flaws allowed an attacker to access confidential information. No passwords are needed to exploit the vulnerabilities.…
New version adds encrypted communication
Read the original article: New version adds encrypted communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version…
New version adds encrypted communication
Read the original article: New version adds encrypted communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version…
Hey there! I am not using WhatsApp.
Read the original article: Hey there! I am not using WhatsApp. The new WhatsApp terms and policy are on everyone’s lips right now. People move to alternatives like Telegram and Signal. While Telegram is arguably more popular than Signal, it…
How secure are smart contracts?
Read the original article: How secure are smart contracts? Smart contracts are related to cryptocurrencies and offer more efficiency than usual contracts in certain areas. Meanwhile, they are only as secure as the programmer’s best knowledge. Due to bad programming…
The emerging trend of security token offerings
Read the original article: The emerging trend of security token offerings This article covers a fundraising method called STOs(security token offerings). While the benefits are clear, low usage and security risks may put a damper on things. We are likely…
IceRat evades antivirus by running PHP on Java VM
Read the original article: IceRat evades antivirus by running PHP on Java VM IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article…
IceRat evades antivirus by running PHP on Java VM
Read the original article: IceRat evades antivirus by running PHP on Java VM IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article…
Criminal Activities in Times of a Global Pandemic
Read the original article: Criminal Activities in Times of a Global Pandemic The beginning of 2020 has been appalling for most parts of the world being affected by Coronavirus disease 2019 (COVID-19). This brought about a change in the everyday…
Babax stealer rebrands to Osno, installs rootkit
Read the original article: Babax stealer rebrands to Osno, installs rootkit Babax not only changes its name but also adds a Ring 3 rootkit and lateral spreading capabilities. Furthermore it has a ransomware component called OsnoLocker. Is this combination as…
The TRUMP crypto derivative – An insight into crypto derivatives
Read the original article: The TRUMP crypto derivative – An insight into crypto derivatives Crypto derivatives offer unique advantages over traditional ones. But at what cost? In this article we look at what they are and what kind of security…
The TRUMP crypto derivative – An insight into crypto derivatives
Read the original article: The TRUMP crypto derivative – An insight into crypto derivatives Crypto derivatives offer unique advantages over traditional ones. But at what cost? In this article we look at what they are and what kind of security…
“The investment in new technologies has paid off.” (Update)
Read the original article: “The investment in new technologies has paid off.” (Update) G DATA Internet Security ensures that users are well protected against cyber attacks. This has been repeatedly confirmed in tests by two independent test institutes, AV-Test and…
Malware control via smartphone
Read the original article: Malware control via smartphone Malware sellers want to attract customers with convenience features. Now criminals can remote control malware during their bathroom routine by just using a smartphone and Telegram app. Become a supporter of…
Malware control via smartphone
Read the original article: Malware control via smartphone Malware sellers want to attract customers with convenience features. Now criminals can remote control malware during their bathroom routine by just using a smartphone and Telegram app. Become a supporter of…
A modern Sample Exchange System
Read the original article: A modern Sample Exchange System We open sourced a system to exchange malware samples between partners in the AV industry. In the following post, we explain our motivation, technical details and usage of the system. …
Happy Birthday Virus Bulletin Conference, you’re 30 years old!
Read the original article: Happy Birthday Virus Bulletin Conference, you’re 30 years old! The annual Virus Bulletin International Conference has been running since 1991 and is one of the annual highlights in the calendar of events for IT security experts.…
Happy Birthday Virus Bulletin Conference, you’re 30 years old!
Read the original article: Happy Birthday Virus Bulletin Conference, you’re 30 years old! The annual Virus Bulletin International Conference has been running since 1991 and is one of the annual highlights in the calendar of events for IT security experts.…
DLL Fixer leads to Cyrat Ransomware
Read the original article: DLL Fixer leads to Cyrat Ransomware A new ransomware uses an unusual symmetric encryption method named “Fernet”. It is Python based and appends .CYRAT to encrypted files. Advertise on IT Security News. Read the original…
DLL Fixer leads to Cyrat Ransomware
Read the original article: DLL Fixer leads to Cyrat Ransomware A new ransomware uses an unusual symmetric encryption method named “Fernet”. It is Python based and appends .CYRAT to encrypted files. Advertise on IT Security News. Read the original…
Reverse Engineering and observing an IoT botnet
Read the original article: Reverse Engineering and observing an IoT botnet IoT devices are everywhere around us and some of them are not up to date with todays security standard. A single light bulb exposed to the internet can offer…