Search cyberveille.decio.ch

Found 6 bookmarks

Custom sorting

When Guardians Become Predators: How Malware Corrupts the Protectors

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.

#trellix #EN #2024 #research #Avast #Anti-Rootkit #driver #malware #aswArPot.sys #analysis

·trellix.com·Nov 27, 2024

When Guardians Become Predators: How Malware Corrupts the Protectors

Decrypted: DoNex Ransomware and its Predecessors

Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]

#avast #EN #2024 #Decrypted #DoNex #Ransomware #Muse #Darkrace

·decoded.avast.io·Jul 8, 2024

Decrypted: DoNex Ransomware and its Predecessors

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs

Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.

#avast #EN #2024 #GuptiMiner:#research #Hijacking #Antivirus #Updates

·decoded.avast.io·Apr 23, 2024

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs

The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.

#avast #EN #2024 #Lazarus #FudModule #CVE-2024-21338 #vulnerability

·decoded.avast.io·Feb 29, 2024

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs

Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data

Avast, the cybersecurity software company, is facing a $16.5 million fine from the FTC after its privacy extensions and antivirus software harvested and sold user data.

#theverge #EN #2024 #Avast #fined #privacy #antivirus

·theverge.com·Feb 23, 2024

Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data

Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police

Avast is releasing an updated version of the Avast Babuk decryption tool, capable of restoring files encrypted by the Babuk variant called Tortilla.

#avast #EN #2024 #Babuk #decryption #tool #Tortilla

·decoded.avast.io·Jan 9, 2024

Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police