Tag: antivirus
-
Agentic AI der neue Horror für Sicherheitsentscheider?
Tags: ai, antivirus, api, breach, ciso, compliance, cyberattack, cybersecurity, cyersecurity, detection, governance, law, mail, malware, monitoring, risk, service, supply-chain, tool, vulnerabilityKI ist mittlerweile in den meisten Unternehmen gesetzt. Im Trend liegen aktuell vor allem Systeme mit autonomen Fähigkeiten bei denen die potenziellen Sicherheitsrisiken besonders ausgeprägt sind.KI-Agenten werden im Unternehmensumfeld immer beliebter und zunehmend in Workflows und Prozesse integriert. Etwa in den Bereichen Softwareentwicklung, Kundenservice und -Support, Prozessautomatisierung oder Employee Experience. Für CISOs und ihre Teams…
-
Sophos Threat-Hunter-Analyse: Neue Ransomware-Gruppe sorgt für Aufsehen
Darüber hinaus umging die Gruppe eine EDR-Lösung mithilfe der BYOVD-Technik (Bring Your Own Vulnerable Driver). Konkret setzten sie einen anfälligen Baidu-Antivirus-Treiber (umbenannt in googleApiUtil64.sys) ein, der das Beenden beliebiger Prozesse erlaubt (CVE-2024-51324) und damit auch den Stopp des EDR-Agenten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-threat-hunter-analyse-neue-ransomware-gruppe-sorgt-fuer-aufsehen/a42049/
-
HybridPetya Crypto-Locker Outsmarts UEFI Secure Boot
Malware Not Yet Deployed in the Wild, Says Eset. New malware dubbed HybridPetya spotted on VirusTotal is adding to steadily growing pile of bootkits, creating more opportunities for hackers to infect desktops before the operating system and antivirus programs load. No telemetry exists showing HybridPetya has been deployed in the wild. First seen on govinfosecurity.com…
-
‘Gentlemen’ Ransomware Abuses Vulnerable Driver to Kill Security Gear
By weaponizing the ThrottleStop.sys driver, attackers are disrupting antivirus and endpoint detection and response (EDR) systems. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/gentlemen-ransomware-vulnerable-driver-security-gear
-
AI-Enhanced Malware Sports Super-Stealthy Tactics
With legit sounding names, EvilAI’s productivity apps are reviving classic threats like Trojans while adding new evasion capabilities against modern antivirus defenses. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ai-backed-malware-hits-companies-worldwide
-
ChillyHell macOS Malware: Three Methods of Compromise and Persistence
A new wave of macOS-targeted malware has emerged under the radar”, despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoint profiling and established persistence using several different mechanisms. The malware, dubbed ChillyHell, has evaded popular antivirus detections even…
-
Windows Defender Vulnerability Lets Hackers Hijack and Disable Services Using Symbolic Links
A newly demonstrated attack technique has revealed a flaw in how Windows Defender manages its update and execution mechanism. By exploiting symbolic links, attackers can hijack Defender’s service folders, gain full control over its executables, and even disable the antivirus entirely. How the Exploit Works Windows Defender stores its executables inside versioned folders underProgramData\Microsoft\Windows Defender\Platform.…
-
SHARED INTEL QA: Is your antivirus catching fresh threats, or just echoing VirusTotal?
In cybersecurity, trust often hinges on what users think their software is doing, versus what’s actually happening under the hood. Related: Eddy Willem’s ‘Borrowed Brains’ findings Take antivirus, for example. Many users assume threat detection is based on proprietary… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-is-your-antivirus-catching-fresh-threats-or-just-echoing-virustotal/
-
SHARED INTEL QA: Is your antivirus catching fresh threats, or just echoing VirusTotal?
In cybersecurity, trust often hinges on what users think their software is doing, versus what’s actually happening under the hood. Related: Eddy Willem’s ‘Borrowed Brains’ findings Take antivirus, for example. Many users assume threat detection is based on proprietary… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-is-your-antivirus-catching-fresh-threats-or-just-echoing-virustotal/
-
SHARED INTEL QA: Is your antivirus catching fresh threats, or just echoing VirusTotal?
In cybersecurity, trust often hinges on what users think their software is doing, versus what’s actually happening under the hood. Related: Eddy Willem’s ‘Borrowed Brains’ findings Take antivirus, for example. Many users assume threat detection is based on proprietary… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-is-your-antivirus-catching-fresh-threats-or-just-echoing-virustotal/
-
New Malware Exploits Windows Character Map to Evade Defender and Mine Crypto
A sophisticated cryptojacking campaign that hijacks Windows’ native Character Map utility (“charmap.exe”) to evade Windows Defender and covertly mine cryptocurrency on compromised machines. First detected in late August 2025, this attack exploits legitimate system binaries to load a custom cryptomining payload directly into memory, thwarting traditional antivirus signatures and curtailing forensic artifacts. Security researchers have…
-
Colombian Malware Exploits SWF and SVG to Evade Detection
A sophisticated malware campaign targeting Colombian institutions through an unexpected vector: weaponized SWF and SVG files that successfully evade traditional antivirus detection. The discovery emerged through VirusTotal’s newly enhanced Code Insight platform, which added support for analyzing these vector-based file formats just as attackers began exploiting them to impersonate the Colombian justice system. Despite Adobe…
-
Colombian Malware Exploits SWF and SVG to Evade Detection
A sophisticated malware campaign targeting Colombian institutions through an unexpected vector: weaponized SWF and SVG files that successfully evade traditional antivirus detection. The discovery emerged through VirusTotal’s newly enhanced Code Insight platform, which added support for analyzing these vector-based file formats just as attackers began exploiting them to impersonate the Colombian justice system. Despite Adobe…
-
Agentic AI: A CISO’s security nightmare in the making?
Tags: access, ai, antivirus, api, attack, automation, ciso, compliance, cybersecurity, data, defense, detection, email, endpoint, exploit, framework, governance, law, leak, malicious, malware, open-source, privacy, risk, service, strategy, supply-chain, tool, vulnerabilityFree agents: Autonomy breeds increased risks: Agentic AI introduces the ability to make independent decisions and act without human oversight. This capability presents its own cybersecurity risk by potentially leaving organizations vulnerable.”Agentic AI systems are goal-driven and capable of making decisions without direct human approval,” Joyce says. “When objectives are poorly scoped or ambiguous, agents…
-
Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor
Silver Fox APT abuses Microsoft-signed drivers to kill antivirus and deploy ValleyRAT remote-access backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/silver-fox-deploy-valleyrat/
-
Silver Fox Hackers Use Driver Vulnerability to Evade Security on Windows Systems
A sophisticated campaign by the Silver Fox APT group that exploits a previously unknown vulnerable driver to bypass endpoint detection and response (EDR) and antivirus solutions on fully updated Windows 10 and 11 systems. Check Point Research (CPR) revealed on August 28, 2025, that the advanced persistent threat group has been leveraging the WatchDog Antimalware…
-
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
-
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
-
New Android Spyware Masquerading as Antivirus Targets Business Executives
Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware, designated Android.Backdoor.916.origin, which has been evolving since its initial detection in January 2025. This multifunctional spyware primarily targets representatives of Russian businesses through targeted attacks rather than mass distribution. Attackers disseminate the malicious APK file via private messages in popular messengers, disguising it as…
-
Android.Backdoor.916.origin malware targets Russian business executives
New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams.…
-
10 Best Endpoint Detection And Response (EDR) Companies in 2025
In 2025, the endpoint remains the primary battleground for cyber attackers, making the implementation of EDR solutions a critical necessity for robust cybersecurity defenses. Laptops, desktops, servers, mobile devices, and cloud workloads are critical entry points and data repositories, making them prime targets for sophisticated cyber threats. While traditional antivirus (AV) software offers a baseline…
-
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a technical write-up.”The payload isn’t hidden inside the file content or a…
-
Macs May Not Be Safe from Modern Malware
If you want extra protection, this antivirus has a lifetime subscription available for $59.99 (reg. $387). First seen on techrepublic.com Jump to article: www.techrepublic.com/article/siyanoav-antivirus-pro/
-
Fake Antivirus App Spreads Android Malware to Spy on Russian Users
Doctor Web warns of Android.Backdoor.916.origin, a fake antivirus app that spies on Russian users by stealing data, streaming… First seen on hackread.com Jump to article: hackread.com/fake-antivirus-app-android-malware-spy-russian-users/
-
Why email security needs its EDR moment to move beyond prevention
Email security is stuck where antivirus was a decade ago”, focused only on prevention. Learn from Material Security why it’s time for an “EDR for email” mindset: visibility, post-compromise controls, and SaaS-wide protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-email-security-needs-its-edr-moment-to-move-beyond-prevention/
-
SoupDealer Malware Evades Sandboxes, AVs, and EDR/XDR in Real-World Attacks
The SoupDealer malware has successfully bypassed nearly all public sandboxes and antivirus solutions, with the exception of Threat.Zone, while also evading endpoint detection and response (EDR) and extended detection and response (XDR) systems in documented real-world incidents. This advanced threat has inflicted significant damage across various sectors, including banks, internet service providers (ISPs), and mid-level…
-
Hackers Exploit Legitimate Drivers to Disable Antivirus and Weaken System Defenses
Tags: antivirus, cyber, defense, exploit, hacker, kaspersky, malware, ransomware, threat, vulnerabilityThreat actors have been deploying a novel antivirus (AV) killer since at least October 2024, leveraging the legitimate ThrottleStop.sys driver to execute Bring Your Own Vulnerable Driver (BYOVD) tactics. This malware, detected by Kaspersky as Win64.KillAV., systematically terminates AV processes, paving the way for ransomware deployment like the MedusaLocker variant (Trojan-Ransom.Win32.PaidMeme.). The incident began with…
-
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor
‘Plague’ malware has been around for months without tripping alarms First seen on theregister.com Jump to article: www.theregister.com/2025/08/05/plague_linux_backdoor/