Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Anti Malware Tool. Show all posts

441K accounts Were Taken by RedLine Virus, according to Have I Been Pwned.

 

Have I Been Pwned may now search the RedLine data for 441,657 unique email addresses taken by RedLine. RedLine is viewed as right now the most generally utilized data-taking malware. It is conveyed through phishing efforts with pernicious connections, YouTube tricks, and warez/break locales. The RedLine malware, once introduced, will endeavor to take qualifications, treats, Visas, and auto-complete data put away in programs. 

The Have I Been Pwned information on data breach notice currently allows you to browse in the event that your email and secret phrase are one of 441,000 records taken in a data-taking effort utilizing RedLine malware. 

The illegally taken information is gathered into a file, called "logs," and transferred to a distant server from where the aggressor can later gather them. Aggressors utilize these logs to think twice about records or sell them on dull web criminal commercial centers for just $5 per log. 

RedLine is a trojan that may be purchased individually or as part of a membership-based on underground forums. This spyware collects information from applications such as saved accreditations, autocomplete data, and Mastercard information. When executing on an objective system, a framework inventory is taken to include details such as the username, location information, equipment setup, and information about installed security programming. Later versions of RedLine included the ability to accept digital currency. This malware can transfer and download records, execute orders, and occasionally send back data about the infected PC. FTP and IM customers are also clearly identified by this family, and this malware can transfer and download records, execute orders, and occasionally send back data about the infected PC. 

Bob Diachenko, a security researcher, discovered a site with over 6 million RedLine logs from August and September 2021 last weekend. This server was most likely utilized by the threat actor to store stolen data, although it was not effectively secured. The server is still accessible, according to Diachenko, but it does not appear to be used by threat actors because the amount of logs has not increased. 

Diachenko shared the data with Troy Hunt, who added it to his Have I Been Pwned service to make it simpler for others to check if a hacker got their data in the exposed RedLine malware operation. 

Have I Been Pwned assuming an organization you have a record with, has experienced an information break it's conceivable your email might have been pwned; presented to cybercriminals haveibeenpwned.com(link is outside) is a site that checks assuming a record has been compromised 

RedLine is attempting to steal cryptocurrency wallets, you should transfer any tokens you hold to another wallet and reset the passwords for all accounts used on the machine, including work VPN and email accounts, as well as other personal accounts.

Ultimately, if your email address appears in the RedLine data, you should run an antivirus scan on your computer to detect and remove any malware.

Microsoft Defender Log4j Scanner Prompts False Positive Alarm


Microsoft Defender for Endpoint is presently displaying "sensor tampering" alarms for Log4j processes, which are related to the company's newly created Microsoft 365 Defender scanner.

Windows has been experiencing a variety of other alert difficulties with Defender for Endpoint since October 2020. This includes an alert that incorrectly identified Office documents as Emotet malware payloads, another that incorrectly identified network devices as Cobalt Strike infected, and still another that incorrectly identified Chrome upgrades as PHP backdoors. 

Microsoft 365 Defender not only unifies your perspective on security events across many advancements but also offers a slew of advanced connectivity and automation capabilities. 

This increases the effectiveness and viability of having a security investigator on staff. Microsoft has been working on the secret foundations for Microsoft 365 Defender for quite some time now, employing Microsoft 365 Defender will assist you with running inquiries that can recognize any or the entirety of the accompanying:

  •  Machines tainted with a particular payload.
  •  Altered letter drops.
  •  Malevolent action and the personalities in question. 
  • Weaknesses brought about by an uncovered CVE. 
Microsoft 365 Defender consolidates the telemetry and bits of knowledge drawn from the accompanying items: 
  • Microsoft Defender for Office 365 (recently known as Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (recently known as Azure Advanced Threat Protection) 
  • Microsoft Defender for Endpoint (recently known as Microsoft Defender Advanced Threat Protection) 
  • Microsoft Cloud App Security (MCAS) 
  • Purplish blue Identity Protection (AIdP) 

Microsoft 365 Defender brings all of these advancements together in a single security task center. You can see how Microsoft 365 Defender associates and provides information from these advancements in the control center, and you may use crucial automated exercises to address them. 

Although the behavior of this Defender process is categorized as malicious, there is no need to be concerned because these are false positives, as per Tomer Teller, Principal Group PM Manager at Microsoft, Enterprise Security Posture,

Microsoft is presently researching the Microsoft 365 Defender issue and working on a patch that should be available to affected PCs soon. "This is a result of our efforts to detect Log4J instances on disc." "The team is looking into why this is causing the warning," Teller further added. 

FileWall, a Content Disarm and Reconstruction Solution for Microsoft 365 by Odix

In recent months, there has been an exponential surge in malware attacks. According to the checkpoint, the last quarter itself has seen an increase of 50% in malware attacks. “In the last 3 months, there has been a 50% increase in the daily average of attacks, compared to the first half of 2020. US ransomware and malware attacks doubled (~98% increase) in the last 3 months, making it the #1 most targeted country for ransomware, followed by India, Sri Lanka, Russia, and Turke”, reports checkpoint. 

CSO Online recently published a report and the results are staggering, as per the sample 92% of malware is delivered by email. Another report by Symantec quotes that 48% of malicious email attachments are office files. With these numbers, it is not a question of will you suffer a malware attack rather when you will suffer a malware attack? 

So, ehackingnews did some research into cybersecurity products for email and phishing malware as well as file protection, and one company stood out with their promising technology and competent product- Odix and their patented Content Disarm and Reconstruction (CDR) tech.




Odix- CDR, and FileWall 

Odix, headquartered in Israel with clients from the US, Europe recently tapped into the Indian market. They specialize in anti-malware tools using their patented Content Disarm and Reconstruction (TrueCDR™) technology. What CDR does is it takes your file, removes any malicious harmful content, and provide you with a malware-free clean file instead of detecting attack vectors and malwares because trying to detect and learn every new malware vendor is impossible.

“Everybody is seeing a flood of malware and we see millions of new unique samples every day and the common method to deal with that is detection. You get something and you check it and determine whether it's malicious or not but the amount of new malware that we are seeing in the world every day makes it impossible for detection based solutions to keep up, we see them lagging behind and not being able to detect everything that comes out and the concept behind CDR is a bit different than it’s a detectionless method where the aim is to prevent the attack first and once we keep the attack out after that we go into layers of trying to analyze and disarm any active content that might serve as a vector to deliver malware and malicious playloads and by doing that you can provide a safe copy to the user without burning yourself to detect any new thing that comes out” said Mr.Omri, CTO at Odix in conversation with ehackingnews. 

“Normally CDR was something only large corporation was thinking about it because it requires a lot of effort, deployment, integration. With FileWall, you got the affordable service – a dollar per user per month, unseen in case of CDR and a game-changer,” says Ms.Revital, CMO Odix.  

Now, what differentiates FileWall and Odix’s CDR from other CDR providers is their efficiency and focus on particular file types that come in and go via mails in FileWall and hence their analysis of these particular files is very advanced and efficient. Odix is constantly working to add more filetypes in their operations and although it’s strictly file-based protection, they are working towards providing a third-party Url solution and Url re-writing for false links in the file. As CTO Mr.Omri says, “We used to look at CDR as a solution and preventive measure while now we’re starting to look at CDR as a vehicle that knows how to dive into files and so to partner with different players with security space” to give a more secure and encompassing solution. 

One thing to CDR is, although it’s exceedingly competent with database files, when it comes to executable files, “modifying them breaks them” and it’s better to have CDR plugins and FileWall as an additional layer of security for your files; also such files would already be scanned in Microsoft’s ATP (Advance Threat Protection). 

 Standing at 1 dollar per user per month, Odix’s FileWall with CDR technology is a promising file security solution for Microsoft 365 users.