“The Kneeling Man” – with Leta McCollough Seletsky
Leta McCollough Seletsky joins Andrew Hammond to share the story of her father, the famous “Kneeling Man” – The man knelt next to Dr. Martin Luther King Jr. at his assassination at the Lorraine Motel in 1968. Leta is a litigator turned essayist and memoirist. Read More
Malwarebytes Premium Security earns “Product of the Year” from AVLab
[[{“value”:”
After blocking 100% of “in-the-wild” malware samples that were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation, Malwarebytes Premium Security has earned “Product of the Year.”
The recognition cements Malwarebytes Premium Security’s perfectrecord of repeatable, trusted, and provenprotection for users. It also comes alongside an additional AVLab certification for “Top Remediation Time.”
The latest results are part of AVLab’s regular “Advanced In-The-Wild Malware Test.”
For the March 2024 evaluation, AVLab tested 459 unique malware samples against 13 cybersecurity products. Malwarebytes Premium Security detected 459/459 malware samples, with a remediation time of 20 seconds—a full 13 seconds faster than the industry average.
ThreatDown, powered by Malwarebytes, also participated in AVLab’s March evaluation, where it similarly blocked 100% of malware samples with a remediation time of 17 seconds.
Three cybersecurity vendors failed to block 100% of the malware samples deployed: Bitdefender, ESET, and Panda.
AVLab’s evaluations, which are performed every other month by a team of cybersecurity and information security experts, are constructed to test and compare cybersecurity vendors against the latest malware that is currently being used by adversaries and threat actors. To ensure that the organization’s evaluations reflect current cyberthreats, each round of testing follows three steps:
Collecting and verifying in-the-wild malware: AVLab regularly collects malware samples from malicious and active URLs, testing the malware samples to understand their impact to networks and endpoints.
Simulating a real-world scenario in testing: To recreate how a real-life cyberattack would occur, AVLab uses the Firefox web browser to engage with the known, malicious URLs collected in the step prior. In the most recent test, AVLab emphasized the potential for these URLs to be sent over instant messaging platforms, including Discord and Telegram.
Incident recovery time assessment: With the various cybersecurity products installed, AVLab measures whether the evaluated product detects a malware sample, when it detects a sample, and how long it took to detect that sample. The last metric is referred to as “Remediation Time.”
Malwarebytes is proud to receive “Product of the Year” and “Top Remediation Time” from AVLab, and is thankful to the third-party tester for its important work in the industry.
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the “Always-on VPN” feature was enabled with…
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
In this case, the threat actor purchased an ad falsely claiming to be the PuTTY homepage, appearing at the top of search results before the official site.
While the unrelated domain raised suspicions here, many advertisements closely mimic trusted brands, making them effective lures for distributing stealthy malware loaders that enable further exploitation.
Malicious ad (Source – Malwarebytes)
Potential victims from the United States are redirected to a fake putty.org, while others are shown a legitimate page that bypasses security checks.
This redirection chain is multi-staged and possibly probes for proxies as well as logs victims’ IPs before serving a final malware payload.
Acting like the PuTTY program, this dropper is written in Go, which provides the attackers with an entry point into compromised systems for future exploitation.
The deceptions of such a campaign and the complexity of its payload delivery scheme reveal the extent to which threat actors can spread malware without being noticed.
Fake PuTTY site (Source – Malwarebytes)
This is done to show that, the victim did follow the deceptive ad campaign and downloaded it from a fake PuTTY site.
In case IP matches, it fetches a follow-on payload from the CnC server; as a result, it further propagates the multi-stage infection chain.
As such, this process of IP verification helps them distinguish potential researchers or honeypots who may have been lured into participating in this campaign.
This keeps additional payloads from being sent to any other system violated through their fraudulent advertisement campaigns.
Rhadamanthys IP (Source – Malwarebytes)
The Go-based dropper uses SSH protocol in secret to pull the following-stage payload, probably Rhadamanthys malware, from some command and control server, reads the report.
This multiple-component infection chain, which offers malware deployment services ranging from malicious ads to loaders and final payloads, demonstrates a sophisticated malvertising infrastructure controlled by the same bad actor.
Although this particular campaign was reported to Google, it shows how threat actors are always changing their techniques to evade security controls.
To counter such stealthy malware distribution schemes, proactive defense mechanisms like strong malware detection and ad-blocking are crucial.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.