Displaying items by tag: AntiMalware

Video editing software CapCut users are being targeted by attackers to push different strains of malware. For those that are not aware of that CapCut is, it is a video editor and maker for TikTok and is the official one at that (ByteDance also owns TikTok). With over 500 million downloads from Google Play alone it is clearly a very popular app for people to grab to feed their TikTok streams with. It was only a matter of time before someone decided to go after the poplar app and with the growing number of bans and lock outs for ByteDance and their services, offering what appears to be an alternative way to get this software makes sense (from an attacker perspective).

On February 23rd, 2017, Google published a paper on their security blog that showed how a SHA-1 collision was possible. It proved that the aging cryptographic and hashing standard was no longer a safe or secure method. Google showed that they could produce two different files yet have them show the same hash, thus causing a collision and getting around some of the file hashing systems in place at the time. The problem is that SHA-1 hashing is still in use today by many tools.

There was a time when the thought of secure infrastructure would bring items like properly configured IDS/IPS, Firewalls, Switches and Routers with hefty ACLs and 802.1x to mind. However, after Covid and even a bit before the traditional walled layout of the business network design was starting to become outdated. Remote workers and BYOD meant that not everyone could shelter safely inside the castle walls (not that they were safe before). Now IT and Security teams now had a much bigger area to observe and protect. The task becomes harder; much, much harder, but not impossible. The tools change and how you deploy, monitor, and update these tools also change. Let’s look at how to expand the concept of secure infrastructure into the modern distributed workforce.

As the title implies, we will be talking about Cylance PROTECT (now wholly owned by Blackberry). Our focus will not be on the inner workings, or any type of vulnerability. Our focus today will be all about Protect’s script control function and why many people do not enable it. If this sounds like a fun read, then you might be one of those security admins that have beat your head against the wall figuring out just how to get this working right in your environment.

Black Hat USA 2017 - Las Vegas, NV
When you think of Dell you might get many different images that come to mind. For some they might think about the 90s and the “you’re getting a Dell Dude” guy. Others might think about servers, or corporate desktops. In recent years, you might think about Dell’s push back into the performance market. However, for a large number of people you would not think about Security when the Dell name gets tossed out. This would be a mistake though as Dell does have a large team of people that work on security. This is not just for Dell products, but also for other products that are outside of the Dell realm. While at Black Hat 2017 I had the chance to site down with Brett Hansen, VIce President of Dell Data Security and we talked about some of the security offerings that Dell has.

If you have been paying attention to the technical news lately you might have noticed more than a few articles pointing fingers back and forth between the AntiMalware company Cylance and the… well the industry. The argument (if you have not already read about it) goes something like this; the big AV/AM companies are accusing Cylance of stacking the deck in their favor when they demo their product against the competition. Cylance, for their part, claims that they provide a realistic test in comparison to what is usually done when it comes to AV/AM testing. Both sides have their points and it calls into question something that exists in all levels of the technical press and testing bodies; real world vs scripted testing.

About a week ago we brought you news that Enigma Software had filed a lawsuit against BleepingComputer alleging that they were posting items that were defamatory in nature. At the time of the article we linked the page that BC (BleepingComputer) stated was at issue. This page shows, in our opinion, a fair and accurate representation of multiple malware scanners available to the consumer. BC used multiple references and posted specific comments about each of the three being discussed. Now Enigma Software has reached out to use to tell their side of the story…

The term SLAPP is one that most people might not be aware of. To put it bluntly SLAPP (Strategic Lawsuits Against Public Participation) lawsuits are ones that attempt to censor information or public discourse on a particular topic. The most common ones are from corporate entities that are trying to stop negative information about their products or other areas from getting out. The negative information is not slanderous or libelous in nature and in most cases can be backed up with documentation. Still the corporate minds try the threat of litigation to remove the information.