Posts

Norton Internet Security 2014 (v21) test and review



This New Malware Family Using CLFS Log Files to Avoid Detection

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Malware Attack

Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms.

FireEye’s Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the identities of the threat actor or their motives remain unclear.

Although the malware is yet to be detected in real-world attacks aimed at customer environments or be spotted launching any second-stage payloads, Mandiant suspects that PRIVATELOG could still be in development, the work of a researcher, or deployed as part of a highly targeted activity.

CLFS is a general-purpose logging subsystem in Windows that’s accessible to both kernel-mode as well as user-mode applications such as database systems, OLTP systems, messaging clients, and network event management systems for building and sharing high-performance transaction logs.

“Because the file format is not widely used or documented, there are no available tools that can parse CLFS log files,” Mandiant researchers explained in a write-up published this week. “This provides attackers with an opportunity to hide their data as log records in a convenient way, because these are accessible through API functions.”

PRIVATELOG and STASHLOG come with capabilities that allow the malicious software to linger on infected devices and avoid detection, including the use of obfuscated strings and control flow techniques that are expressly designed to make static analysis cumbersome. What’s more, the STASHLOG installer accepts a next-stage payload as an argument, the contents of which are subsequently stashed in a specific CLFS log file.

Fashioned as an un-obfuscated 64-bit DLL named “prntvpt.dll,” PRIVATELOG, in contrast, leverages a technique called DLL search order hijacking in order to load the malicious library when it is called by a victim program, in this case, a service called “PrintNotify.”

“Similarly to STASHLOG, PRIVATELOG starts by enumerating *.BLF files in the default user’s profile directory and uses the .BLF file with the oldest creation date…

Source…

Antivirus detection is bypassed by a new family of Linux malware

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Some have been active for over three years

Upon closer inspection, the researchers at AT&T Alien Labs identified these binaries as modified versions of the open source Prism backdoor that has been used in multiple campaigns earlier.

Cybersecurity researchers have uncovered severalmalicious Linux binaries that have successfully managed to sneak past most antivirus products.

“We have conducted further investigation of the samples and discovered that several campaigns using these malicious executables have managed to remain active and under the radar for more than 3.5 years. The oldest samples Alien Labs can attribute to one of the actors date from the 8th of November, 2017,” note the researchers.

Calling Prism a “simplistic and straightforward” backdoor that’s easy to detect, the researchers note that the fact the modified binaries have managed to evade detection for several years is perhaps a result of the security infrastructure focussing its efforts on bigger campaigns, allowing smaller ones to slip through the gaps.

News Summary:

  • Antivirus detection is bypassed by a new family of Linux malware
  • Check all news and articles from the latest Security news updates.
Disclaimer: If you need to update/edit this news or article then please visit our help center. For Latest Updates Follow us on Google News

Source…

XDR: The Next Step in Threat Detection and Response

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The global EDR market (Endpoint Detection and Response) is growing rapidly. The Transparency Market Research team predicted that this market will increase at a CAGR of about 21% in the next decade, reported Help Net Security. If it happens, this growth will help the global EDR market surpass a valuation of $13.8 billion by 2030.

What’s Behind the Projected Growth of EDR?

One of the biggest reasons for these optimistic forecasts is the reality that organizations need a systemized approach to defend all their endpoints against digital threats. To put this into perspective, LogMeIn found that the average organization had approximately 750 servers, employee computers, mobile devices and other endpoints connected to the network. 

Such complexity makes it difficult for security teams to effectively manage those devices. In the absence of something like EDR, they’re limited in their ability to adequately defend their organization against both internal and external security threats that impact assets beyond the endpoint.

Not only that, but the number of endpoints will likely increase over the next few years as the world witnesses a surge in the number of connected devices over the next few years. Indeed, Gartner estimated that the number of PCs, tablets and mobile phones would total 6.2 billion units in 2021 before reaching 6.4 billion units a year later. 

“The COVID-19 pandemic has permanently changed device usage patterns of employees and consumers,” explained Ranjit Atwal, senior research director at Gartner, in a press release. “With remote work turning into hybrid work, home education changing into digital education and interactive gaming moving to the cloud, both the types and number of devices people need, have and use will continue to rise.”

Understanding the Pervasiveness of EDR Neglect

Notwithstanding the growing number of endpoints and devices, many organizations aren’t using EDR solutions. A majority (64%) of respondents to a 2020 study said they did not use EDR, reported TechRepublic. Those individuals went on to cite a lack of skilled security staff as one of the reasons why.

This issue in part ties back to the growing complexity of the corporate network…

Source…