Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for What is the most eff ...

 Business

Almost every developer of information security solutions claims their products repel ransomware attacks. That’s true: All of them do provide some degree of protection against ransomware. But how strong is that protection? How effective are those technologies? Those aren’t idle questions: Partial protection   show more ...

against ransomware is a dubious achievement. If a solution can’t stop a threat in its tracks, then where is the guarantee that it at least kept critical files safe? With that in mind, independent company AV-Test put 11 endpoint protection platform products through their paces in 113 different attacks to determine to what extent they actually protect users. AV-Test selected Kaspersky Endpoint Security Cloud for testing, and our product performed flawlessly throughout. The tests used three scenarios: Protection of user files against prevalent ransomware The first test scenario envisaged the most typical ransomware attack, one in which the victim runs malware on their computer, and the malware tries to get to local files. A positive result means the threat was neutralized (that is, all malware files deleted, execution of processes stopped, all attempts to gain a foothold in the system thwarted), with every single user file unencrypted and accessible. AV-Test performed a total of 85 tests in this scenario with the following 20 ransomware families: conti, darkside, fonix, limbozar, lockbit, makop, maze, medusa (ako), mountlocker, nefilim, netwalker (aka mailto), phobos, PYSA (aka mespinoza), Ragnar Locker, ransomexx (aka defray777), revil (aka Sodinokibi or Sodin), ryuk, snatch, stop, and wastedlocker. In this scenario, nearly every security solution did an excellent job, which is not surprising; it used well-known malware families. The next scenarios were more difficult. Protection against remote encryption In the second scenario, the protected machine held files that were accessible over the local network, and the attack came from another computer on the same network (the other computer had no security solution, leaving the attackers free to run the malware, encrypt local files, and then search for accessible information on neighboring hosts). The malware families were: avaddon, conti, fonix, limbozar, lockbit, makop, maze, medusa (ako), nefilim, phobos, Ragnar Locker, Ransomexx (aka defray777), revil (aka Sodinokibi or Sodin), and ryuk. The security solution, seeing a system process manipulating local files but unable to see the launch of the malware, could not check the reputation of the malicious process or the file that initiated it — or scan the file. As it turned out, of the 11 testees, only three offered any kind of protection against this type of attack, and only Kaspersky Endpoint Security Cloud handled it perfectly. Moreover, although Sophos’ product was triggered in 93% of cases, it fully protected the user’s files in only 7%. Protection against proof-of-concept ransomware The third scenario shows how products cope with malware that they cannot possibly have encountered before and that could not, even hypothetically, be present in malware databases. Because security can identify a yet-unknown threat only by means of proactive technologies that react to the malware’s behavior, the researchers created 14 fresh ransomware samples that employed methods and technologies that cybercriminals rarely use, as well as some original never-before-seen encryption techniques. As in the first scenario, they defined success as threat detection and blocking, including maintaining the integrity of all files on the victim’s machine and completely removing all traces of the threat from the computer. Results varied, with some (ESET and Webroot) not detecting the custom-made malware at all and others performing better (WatchGuard 86%, TrendMicro 64%, McAfee and Microsoft 50%). The only solution that demonstrated 100% performance was Kaspersky Endpoint Security Cloud. Test results To sum up, Kaspersky Endpoint Security Cloud outperformed its competitors in all of AV-Test’s scenarios, protecting users against threats both known in the wild and newly created. Aggregate results of all three test scenarios. Incidentally, the second scenario revealed another, somewhat unexpected fact: Most of the products that failed to protect users’ files nevertheless removed the ransom note files. Even leaving aside the failure, that’s not good practice; such files may contain technical information that could help incident investigators recover data. You can download the full report, with a detailed description of the test malware (both known and created by testers), after filling the form below. MktoForms2.loadForm("//app-sj06.marketo.com", "802-IJN-240", 27001, function(form) { form.onSuccess(function(values, tyURL){ //Take the lead to a different page on successful submit, ignoring the forms configured tyURL. location.href = "https://media.kasperskydaily.com/wp-content/uploads/sites/92/2021/10/04173946/AV-TEST_Kaspersky_Ransomware_Test_September_2021_EN.pdf"; dataLayer.push({ 'event': 'addEvents_makeConversions', 'event_id': 'd-n01-e11', 'conversion_name': 'Marketo Form', 'conversion_step': 'Form Fill Out', 'conversion_param': jQuery(location).attr("href"), 'eventCallback' : function() { jQuery(location).attr('href',"https://media.kasperskydaily.com/wp-content/uploads/sites/92/2021/10/04173946/AV-TEST_Kaspersky_Ransomware_Test_September_2021_EN.pdf"); } }); //return false to prevent the submission handler continuing with its own processing return false; }); }); .googleRecaptcha { padding: 20px !important; } var GOOGLE_RECAPTCHA_SITE_KEY = '6Lf2eUQUAAAAAC-GQSZ6R2pjePmmD6oA6F_3AV7j'; var insertGoogleRecaptcha = function (form) { var formElem = form.getFormElem().get(0); if (formElem && window.grecaptcha) { var div = window.document.createElement('div'); var divId = 'g-recaptcha-' + form.getId(); var buttonRow = formElem.querySelector('.mktoButtonRow'); var button = buttonRow ? buttonRow.querySelector('.mktoButton[type="submit"]') : null; var submitHandler = function (e) { var recaptchaResponse = window.grecaptcha && window.grecaptcha.getResponse(widgetId); e.preventDefault(); if (form.validate()) { if (!recaptchaResponse) { div.setAttribute('data-error', 'true'); } else { div.setAttribute('data-error', 'false'); form.addHiddenFields({ reCAPTCHAFormResponse: recaptchaResponse, }); form.submit(); } } }; div.id = divId; div.classList.add('googleRecaptcha'); if (button) { button.addEventListener('click', submitHandler); } if (buttonRow) { formElem.insertBefore(div, buttonRow); } if (window.grecaptcha.render) { var widgetId = window.grecaptcha.render(divId, { sitekey: GOOGLE_RECAPTCHA_SITE_KEY, }); formElem.style.display = ''; } } }; function onloadApiCallback() { var forms = MktoForms2.allForms(); for (var i = 0; i

image for Ransomware: what pro ...

 Business

What’s the No. 1 most unpleasant pain in the xxx thorn in the side of the modern-day cyber-world in terms of damage, evil sophistication, and headline-grabbing the world over? Can you guess?… Ah, the title of this post may have given it away, but yes, of course, it’s ransomware (aka cryptomalware,   show more ...

but I’ll stick with the simpler, less tongue-twisting, and professional term ‘ransomware’). So: ransomware. Bad. How bad?… Well, it’s actually so bad, and has been so consistently bad for years, so deeply embedded in all things digital, and has so overwhelmed so many large organizations (even indirectly being followed by human deaths), which (large organizations) have forked out so much money to pay ransoms for, that the world’s news media has become almost indifferent to it. It’s stopped being headline news, having been transformed into an every-day casual event. And that’s what’s most worrying of all: it means the cyber-scumbags (apologies for such a strong language, but it’s really the best way to describe these folks) are winning; cyber-extortion is becoming a seemingly inevitable reality of today’s digital world and it seems there’s nothing can be done about it. And they’re winning for three reasons: Third (I’ll start at the end): the ‘big boys’ are still playing their schoolyard geopolitical games, which blocks national cyber-polices exchanging operational information for coordinated searching, catching, arresting and charging of ransomware operators. Second: users aren’t prepared – resilient – enough to respond to such attacks. And first (most important): not all washing powders are the same anti-ransomware technologies are equally effective – by a long way. Often, ‘on the tin’, anti-ransomware technologies featured in cybersecurity solutions are claimed to be effective. But in practice they don’t quite do exactly what it says on the tin, or – if they do, consistently. And what does this mean? That users are scandalously unprotected against very professional, technically sophisticated ransomware attacks. But don’t just take my word for it. Check what the trusted German testing institute – AV-TEST – say. They’ve just published complex research on the ability of cybersecurity products to tackle ransomware. They paid no attention whatsover to marketing claims (à la ‘this deodorant is guaranteed to last for 48 hours’), and didn’t just use widely-know in-the-wild ransomware samples. They besieged several of the top cybersecurity solutions in real ‘battlefield’ conditions, firing at them all sorts of live-ammunition ransomware artillery that’s actually out there today. As mentioned, no in-the-wild samples, but those technically capable of weaponizing a ransomware attack. And what did they find? On the whole – something thoroughly shocking and scary: Now, simply checking fresh samples of, say, 20 regular ransomware families known to every security vendor (in other words, samples already in the cybersecurity vendors’ databases) – almost all cyber-protection copes well with this. However, the research objective was to see what happens when things are made tougher – to test as close to real life conditions as possible. How do the products react to new attack methods of ransomware malware? What happens if it covertly penetrates a corporate network and starts causing havoc? How well do the products prevent network attacks where user files in shared folders are encrypted remotely – including network attacks that use ransomware samples that were successfully detected and blocked in the basic initial scenario? Just three (3!) tested products out of 11 managed to deal with such kinds of new, tricky ransomware attacks. And among them, only our Kaspersky Endpoint Security Cloud protected user data with a 100% result. Note that attacks aimed at stealing user data are still among the most widespread – posing a serious threat to organizations whose project documentation, customer information, backups and other data are stored in networked locations. But that’s not all! Are you sitting down?… Most of the tested security solutions not only failed to detect attacks and protect user files, but also managed to delete the text messages from the cyber-extortionists containing the ransom demands! But those messages can contain the technical information for recovering the encrypted files! This information is what is used by cybersecurity experts in their attempts to help the victim: to identify the malware, find a vulnerability in the encryption algorithm, and either develop a decryptor for retrieving valuable data or suggest resorting to an existing decryptor from independent open sources (for example, No More Ransom). Not fallen off your chair yet? Good. Then we’ll add some more findings that may amaze you… AV-TEST also checked how well the security solutions do examining ‘entrails’ of ransomware still poorly used in-the-wild ransomware or even APTs, but which pose a threat to society as they may start being used soon. For example: abuse of legitimate Windows services, encryption via hard and symbolic links, delayed packet encryption, or encryption via memory-mapped files. Fourteen different techniques in total. And what do you think was found in the testing? Again, it was only our Kaspersky Endpoint Security Cloud that demonstrated a 100% result: every single user file was protected and all the threats were eliminated from the targeted system! Oh, and one last thing: only two products were able to roll back changes made to user data after a remote ransomware attack. Needless to say – our product was one of them. In general, while up in the higher-echelons of world power they’re still squabbling over whose economic-geopolitical model is best, and which products to allow or ban due to their origin and ‘national interests’ – regardless of their actual quality and usefulness for real users – fortunately, users can continue to decide for themselves by choosing the best solution. ‘Best’ as in: the most effective, efficient, reliable and fast, and with a no-compromise approach to stopping attacks of any kind and no matter where from. So there you have it. A short piece to show you that it’s not only the devil that can hide in the details, but also… a heavenly savior – in this case anti-ransomware tech that… actually works). You can find more details on the results of the testing in this post. May the Ransomware Protection Force be with you!

 Trends, Reports, Analysis

Mishcon de Reya is bringing a representative suit against DeepMind pertaining to the company’s data-sharing deal with the Royal Free London National Health Service (NHS) Foundation Trust.

 Malware and Vulnerabilities

Yoroi Malware ZLAB analyzed the new working model of LockBit 2.0 that has recently developed its custom tool specialized in data exfiltration. The RaaS group has been helping its partners by providing StealBit data exfiltration service. With the proliferation of such tools, protecting sensitive information has   show more ...

now become more challenging than ever. Organizations are recommended to focus more on protecting their data.

 Malware and Vulnerabilities

Kaspersky laid bare an eight-month-long investigation into FinSpy operations, revealing multiple insights about the new upgrades in the spyware. Using bootkits, attackers are able to control operating systems' boot process and disable the defenses by evading the Secure Boot mechanism of the system.

 Feed

Ubuntu Security Notice 5103-1 - Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges.

 Feed

Red Hat Security Advisory 2021-3723-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.

 Feed

Red Hat Security Advisory 2021-3724-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.

 Feed

Ubuntu Security Notice 5097-1 - It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code.

 Feed

Phrack Magazine Issue 70 - Articles include Phrack Prophile on xerub, Attacking JavaScript Engines, .NET Instrumentation via MSIL bytecode injection, a VM escape QEMU case study, and much more.

 Feed

Law enforcement agencies have announced the arrest of two "prolific ransomware operators" in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents. The joint exercise was undertaken on September 28 by officials from the French National

 Feed

Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.  "The image we uncovered was that of a state-sponsored campaign that plays on

 Feed

Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the

 Feed

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source

2021-10
Aggregator history
Tuesday, October 05
FRI
SAT
SUN
MON
TUE
WED
THU
OctoberNovemberDecember