Oleh Diposting pada

Hai sadayana,
Dinten ieu – sababaraha warta cybersecurity ngeunaan hiji kajadian anu urang nembé mendakan…

Ahli kami parantos mendakan serangan siber anu kompleks pisan sareng sasaran profésional nganggo alat sélulér Apple. Tujuan tina serangan éta nyaéta panempatan spyware anu teu jelas kana iPhone karyawan sahenteuna perusahaan urang – boh manajemén tengah sareng luhur.

Serangan éta dilaksanakeun nganggo iMessage anu teu katingali sareng kantétan jahat, anu ngagunakeun sababaraha kerentanan dina sistem operasi ios, dijalankeun dina alat sareng dipasang spyware. Panyebaran spyware lengkep disumputkeun sareng henteu peryogi tindakan ti pangguna. spyware lajeng surreptitiously ngirim inpo pribadi ka server jauh: rekaman mikropon, poto ti talatah instan, geolocations, sarta data ngeunaan sababaraha kagiatan sejenna nu boga alat nu kainféksi.

Sanajan serangan éta dipigawé cicingeun, inféksi dideteksi ku Kaspersky’s Integrated Monitoring and Analysis Platform (KUMA) – solusi SIEM aslina keur informasi kaamanan sarta manajemén acara; Sistem ngadeteksi anomali dina jaringan urang anu asalna tina alat Apple. Panaliti salajengna ku tim kami ngungkabkeun yén sababaraha belasan iPhones karyawan senior katépaan ku spyware énggal anu canggih anu kami namina “Triangulasi”.

Kusabab sifat katutup tina ios, teu aya (sareng teu kedah) alat sistem operasi standar pikeun ngadeteksi sareng ngahapus spyware ieu dina smartphone anu kainféksi. Jang ngalampahkeun ieu, hiji alat éksternal diperlukeun.

Indikasi teu langsung tina Triangulasi dina alat nganonaktipkeun kamampuan pikeun ngapdet ios. Pikeun pangakuan anu langkung akurat sareng dipercaya tina inféksi anu saleresna, anjeun kedah nyiptakeun salinan cadangan alat teras parios deui nganggo utilitas khusus. Rekomendasi anu langkung lengkep dijelaskeun dina tulisan téknis ieu ngeunaan Securelist. Kami ogé ngembangkeun utilitas deteksi gratis sareng bakal sayogi saatos tés.

Alatan peculiarities tangtu alamiah dina blocking apdet ios dina alat kainféksi, urang teu kapanggih cara éféktif pikeun miceun spyware tanpa kaleungitan data pamaké. Éta ngan ukur tiasa dilakukeun ku ngareset iPhone anu kainféksi kana setélan pabrik sareng masang versi panganyarna tina sistem operasi sareng sakumna lingkungan pangguna ti mimiti. Upami teu kitu, sanajan spyware dicabut tina mémori alat sanggeus reboot a, Triangulation masih bisa reinfect eta via vulnerabilities dina versi heubeul tina ios.

Laporan kami ngeunaan Triangulasi ngan ukur awal panalungtikan ngeunaan serangan canggih ieu. Dinten ieu kami nyebarkeun hasil analisa munggaran, tapi masih seueur padamelan anu kedah dilakukeun. Salaku kajadian terus ditalungtik, urang bakal ngamutahirkeun data anyar dina pos dedicated on Securelist, sarta baris babagi papanggihan lengkep urang dina Summit analis Kaamanan Internasional dina Oktober (tuturkeun warta dina situs).

Kami yakin Kaspersky sanes udagan utama serangan cyber ieu. Poé-poé anu bakal datang bakal langkung jelas sareng langkung rinci ngeunaan proliferasi spyware ieu di sakumna dunya.

Kami yakin yén alesan utama pikeun kajadian ieu nyaéta sifat proprietary ios. Sistem operasi mangrupikeun “kotak hideung”, dimana spyware sapertos Triangulation tiasa nyumput salami mangtaun-taun. Ngadeteksi sareng nganalisa ancaman sapertos kitu janten langkung hese ku monopoli Apple dina alat panalungtikan – ngajantenkeun éta tempat anu sampurna pikeun spyware. Kalayan kecap sanésna, sakumaha anu sering kuring nyarios, pangguna dibere ilusi kaamanan anu aya hubunganana sareng opacity pinuh ku sistem. Naon anu kajantenan dina ios teu dipikanyaho ku para ahli cybersecurity, sareng henteuna warta ngeunaan serangan henteu nunjukkeun yén mustahil – sakumaha anu ayeuna urang tingali.

Abdi hoyong ngingetkeun yén ieu sanés kasus serangan anu munggaran dina perusahaan kami. Kami sadar pisan yén kami damel di lingkungan anu agrésif pisan, sareng parantos ngembangkeun prosedur réspon kajadian anu pas. Hatur nuhun kana ukuran anu dilaksanakeun, perusahaan beroperasi sacara normal, prosés bisnis sareng data pangguna henteu kapangaruhan, sareng ancaman parantos nétralisasi. Urang terus ngajaga anjeun, sakumaha salawasna.

PS Naha “triangulasi”?

Pikeun mikawanoh spésifikasi parangkat lunak sareng hardware tina sistem anu diserang, Triangulasi nganggo téknologi Canvas Fingerprinting sareng ngagambar segitiga konéng dina mémori alat.


#Triangulasi #Trojan #pikeun #ios #Blog #resmi #Kaspersky

Oleh Diposting pada

Dina awal April, ahli Kaspersky manggihan kampanye e-mail massal ngirim pesen kalawan kantétan PDF jahat. Panyerang nargétkeun perusahaan: dokumén jahat anu dipasang dina korespondensi bisnis (urang ningal email anu ditulis dina basa Inggris, Jerman, Italia sareng Perancis). Tujuan tina kampanye ieu nyaéta pikeun nginféksi komputer korban ku malware QBot, ogé katelah QakBot, QuackBot, atanapi Pinkslipbot. Narikna, kira-kira sataun katukang spesialis kami niténan kanaékan ngadadak sarupa dina aliran surelek delivering malware (kaasup QBot).

Kumaha serangan ieu katingalina tina sudut pandang korban

Serangan dumasar kana taktik “pangbajak paguneman”. Peretas nampi aksés kana korespondensi bisnis anu asli (QBot, diantarana, nyolong e-mail anu disimpen sacara lokal tina komputer korban sateuacana) sareng gabung dina dialog, ngirim pesen saolah-olah aranjeunna gaduh paguneman anu lami. Surélék maranéhanana nyoba ngayakinkeun korban pikeun muka file PDF napel, presenting salaku daptar waragad atawa kertas bisnis séjén anu merlukeun sababaraha réaksi gancang.

Kanyataanna, PDF ngandung béwara bohongan ti Microsoft Office 365 atanapi Microsoft Azure. Bewara ieu nyobian ngajantenkeun korban klik tombol “Buka”. Upami korban ngalakukeunana, arsip anu ditangtayungan ku sandi diunduh kana komputer (kalayan kecap akses dina téks “bewara” sorangan). Salajengna, panarima diperkirakeun ngabongkar arsip tur ngajalankeun .wsf (Windows Script File) di jerona. Ieu mangrupikeun skrip jahat anu ngaunduh malware QBot tina server jauh. Katerangan téknis anu langkung rinci ngeunaan sadaya tahapan serangan, sareng indikator intrusion, tiasa dipendakan di dieu dina halaman wéb Securelist.

Naon anu tiasa disababkeun ku inféksi QBot?

Ahli kami mengklasifikasikan QBot salaku Trojan perbankan. Hal ieu ngamungkinkeun panyerang pikeun nambang kredensial (login sareng kecap akses) sareng cookies tina browser, maok korespondensi, nénjo kagiatan perbankan, sareng ngarékam keystrokes. Éta ogé tiasa masang malware sanés (contona ransomware).

Kumaha tetep aman?

Pikeun ngajagi perusahaan anjeun tina tindakan penjahat siber, kami nyarankeun masang solusi kaamanan siber anu dipercaya dina sadaya alat perusahaan anu gaduh aksés internét. Ogé mantuan nyaéta ngalengkepan gateway email sareng produk anu tiasa nyaring email jahat, phishing, sareng spam. Tungtungna, pikeun nguatkeun karyawan anjeun pikeun ngaidentipikasi trik panyerang sacara mandiri, penting pikeun rutin ningkatkeun kasadaran ngeunaan ancaman siber modern.


#QBot #Trojan #dina #email #bisnis

Oleh Diposting pada

A common problem that often occurs on a computer or laptop is being attacked by a virus. As a result of a virus attack, it can slow down laptop performance, unread or lose important files, and even hack accounts. However, with the development of the times, the technology to block viruses is also getting more sophisticated. That’s why it’s now rare for a shocking virus attack to occur.

virus computer

Types of Computer Viruses

  1. Virus Worm

Viruses that infect computers use email and are connected to the internet. This virus can reproduce itself, creating useless random files on the computer so that the storage memory fills up quickly and the computer system becomes fragile.

  1. Trojan Virus

This virus appears through the internet and received email agen piala dunia. Trojans have the ability to obtain information such as passwords, user habits recorded in the system log, data, and even control the target.

  1. Multipartite Virus

This virus infects certain operating systems and programs which, if left untreated, will compromise the health of RAM and hard disks.

  1. Web Scripting Virus

Web scripting appears when a computer is connected to the internet and interferes with programs on the computer. Actually, Web Scripting is a program code that is used to operate the content on the website and is not a virus. However, because it interferes with it, it is classified as a virus.

  1. FAT Virus

Viruses are hidden in private data storage and are capable of damaging certain files. This virus can hide files so that it appears that the files are lost or deleted.

  1. Memory Resident Virus

This virus infects RAM and computer programs, making laptop performance slow down. This virus is active when the computer is turned on and causes programs to run abnormally.

  1. Companion Virus

This virus interferes with your personal data and hides in the hard disk. It is very difficult to detect because this virus corrupts the fake data format.

  1. Backdoor Virus

This virus is similar to a trojan, but its shape is similar to ordinary files such as games. The name backdoor refers to the mechanism by which a virus can access a system, network, or application.

  1. Directory Virus

This virus makes the computer slow down and can not open the program. This virus also infects files with .exe extension so that files can be lost or error for no reason. When this .exe file works, the virus will be active and infect other files.

  1. Macro Virus

This type of virus with agen piala dunia 2022 the programming language of an operating system application. This virus usually comes from email and attacks .pps, .xls, or other files. For that, avoid clicking random messages that are not clear.

Around the 2000s, a lot of virus attacks are very detrimental. Some of them are called the most dangerous viruses.

Oleh Diposting pada
malware

Best Free Antivirus for Linux – Is you once worried that your computer that has system Linux operation will caught malware or virus attack ? is once you check it ?

Even though Linux is own more inclination small for got a virus than Windows, still just computer you possibility could caught its impact .

because of that , fixed antivirus app must installed on all device computer , no except computer with Linux OS.

But on Linux, no there is What is the name possible antivirus app already you recognize in Windows like Avast, Norton, or Avira.

However luckily , all this antivirus application slot online on Linux released for free and of course just still Keep going developed from day to day . Well direct just following This is the best antivirus on Linux.

Application Antivirus Best on Linux

  1. ClamAV

ClamAV is antivirus application that can used in various situation such as email scans, web scans and so on . This antivirus own many very features in it such as :

Built-in support for all standard mail file formats.

Virus database is updated multiple times per day.

Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip , Bzip2, OLE2, Cabinet, CHM, BinHex , SIS and others.

Advanced database updater with support for scripted updates and digital signatures.Built -in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack , wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others.

Military interface for sendmail .

Built-in support for popular document formats including MS Office and Mac Office files, HTML, Flash, RTF and PDF . Command -line scanner.

However deserve you know that ClamAV this is not a “real-time” antivirus, so the files you need have no will scanned by automatic every time you open it . So you should routine do a scan every day .

  • Sophos Antivirus

Shopos Antivirus this is one the best choice in Thing antivirus application on Linux.

Feature key like viruses, trojans and malware scanners work with very careful and the results are very satisfying be marked with detection of viruses that have percentage high .

more good again, this antivirus could work in real-time, no as ClamAV . Sophos can also remove virus from other devices such as Android, Mac and Windows.

So you Linux owners can feel safe from virus disorder originating from system operation other .

What makes Sophos more superior again from its competitors is the performance it has .

Application this really light and have small size at the time of update, namely only about 50KB.

Following this a number of feature the key in Sophos Antivirus:

Complete Email Protection.

Built-in Wi-Fi.

Proven Endpoint Antivirus.

Flexible Deployment.

Customizable Web Filtering.

Web Application Firewall Protection.

Easy Site-to-Site VPN.

On-access, on-demand, and scheduled scanning.

Lightning Performance

And still many again

  • Comodo AntiVirus for Linux

Comodo offers very free antivirus app good for Linux. No surprising indeed , Comodo has also known by Windows users because of this Comodo own powerful firewall application for Windows.

Besides that there is many Comodo products that have also been recognized his greatness all over system operation especially Windows.

Comodo Antivirus can works on 32-bit or 64 -bit systems and can used in many Linux distributions such as Ubuntu, Linux Mint, Debian, Fedora, Red Hat Server, CentOS, OpenSUSE.

In addition to antivirus, Comodo AntiVirus for Linux (CAVL) also has email filter feature and can work in real-time plus on-demand. Features other include:

Performs Cloud based Antivirus Scanning.

Scans and removes all types of viruses, and other malicious agen situs judi programs in all incoming and outgoing email messages including attachments.

Built in scheduler allows you to run scans at a time that suits you.

Employs heuristic techniques to identify previously unknown viruses and Trojans.

Rootkit scanner detects and identifies hidden malicious files stored by rootkits. Scans even Configuration files and Filesystem for possible spyware infection and cleans them.

Daily, automatic updates of virus definitions.

Isolates suspicious files in quarantine preventing further infection.

4. Chkrootkit

In accordance his name is Chkrootkit this used for scan for rootkits. Application this walk past command line display and application this really light , and could run on a live CD.

If you have a CD that doesn’t is used , then you could operate Chkrootkit direct through the CD . A number of features of Chkrootkit  among others are :

  • Can be run from a Live CD.
  • Rootkit detection.
  • Backdoor and botnet detection.
  • Malicious TinyNDS detection.
  • Linux.Xor.DDoS malware scanning

Oleh Diposting pada

Having the latest Antivirus or internet security on your computer may be something to be proud of and provide a sense of security from attacks such as malware, viruses, backdoors, worms, trojans and others. But are you sure the antivirus you are using is of high quality or provides the best security for your computer? Of course, you can check the quality of the Antivirus on your computer through that one website service, Av Test. Here’s how to check the quality of the antivirus through avtest.com:

antivirus komputer

Open one of your browsers, in this tip follow this tips using Google Chrome browser. Then you can access there
After you see the main page, you select the Home User button

This website will automatically check the operating system you are using, Jalantikus uses Windows 7 and the av-test also shows the best antivirus for Windows 7.

At the bottom of the operating system you can see that there is a month name indicating when the last test was carried out by Av-test. Here it was last shown in August 2014.

AV-Test is also useful for those of you who want to determine a quality antivirus before you buy a paid antivirus. For the free version, Av-test shows that avira has good enough quality for you to use on your computer.