Building an extended anti-virus protection system for a small enterprise. Part 3

Building an extended anti-virus protection system for a small enterprise. Part 3
 
In this part, we will continue to describe the solution of multi-stage protection based on the USG Performance Series gateways, in particular, Zyxel USG40W. Previous parts: first and the second is . But in the beginning it is worth remembering the reasons that encourage system administrators, IT security specialists to use such devices.
 
 
Next, we turn to the description of Zyxel USG40W, taking as a basis both versions of the web-interface: "Simple Mode" and "Experienced User Mode".
 
Page of USG Performance Series ...
+ 0 -

ESET discovered the BackSwap bailor using a new method of manipulating the browser

ESET discovered the BackSwap bailor using a new method of manipulating the browserBanking Trojans in recent years are losing popularity among cybercriminals. One of the reasons is the development of protection technologies for anti-virus vendors and web browser developers. It is difficult to conduct an attack using a banker, so many virus writers switch to simpler and more profitable tools: encryptors, miners, crypto currency theft software.
 
 
Many, but not all. We found a new family of bankers using new techniques to manipulate the browser. Instead of complex code injection into the browser process to monitor its activity, the malware captures Windows events in the message ...
+ 0 -

Cybergroup Turla uses Metasploit in the Mosquito campaign

Turla is a well-known cyber-spy group that has been active for at least ten years. The first mention of the group is dated 2008 and is associated with hacking. US Department of Defense . Subsequently, Turla attributed numerous incidents of information security - attacks on government and strategic industries, including defense industry .
 
 
Cybergroup Turla uses Metasploit in the Mosquito campaign  
 
In January 2018 we published first report about the new campaign Turla for the distribution of the ...
+ 0 -

Analysis of Zebrocy, malware of the first stage of the group Fancy Bear

Sednit, also known as APT2? Fancy Bear, Sofacy or STRONTIUM - a group of intruders working since 200? and maybe even earlier, the main purpose of which is stealing confidential information from selected objects.
 
 
Analysis of Zebrocy, malware of the first stage of the group Fancy Bear
 
Approximately from the end of 201? we are witnessing the deployment by this group of a new component - Zebrocy, the bootloader for Xagent (the main backdoor Sednit). Kaspersky Lab first mentions this component in 2017 in the report APT trend report and recently released ...
+ 0 -

How we cured the company from the Petya virus

How we cured the company from the Petya virusWhen we arrived at the company, on the checkpoint hung a large poster "COMPUTERS DO NOT INCLUDE!" This was an indication of the IT department for all employees. All the equipment was turned off from the sockets. The situation with the server infrastructure was similar: many servers were hit. Corporate databases were backed up on time, but on the whole it was, of course, a disaster.
 
 
The enterprise has an IT department, and at first the management wanted to try to cope on their own. Each specialist spent several hours on one computer, taking several others in parallel. One engineer could reinstall ...
+ 0 -

How to detect FinFisher. Manual ESET

Due to serious measures to counteract analysis, FinFisher spyware remained poorly understood. This is a well-known surveillance tool, however, only partial analysis has been published from previous samples.
 
 
The situation began to change in the summer of 2017 after the ESET analysis of cyber-espionage campaigns by FinFisher. In the course of the investigation, we identified attacks with participation in the compromise of the victims of the Internet provider .
 
 
How to detect FinFisher. Manual ESET  
 
When we started the analysis of Malware...
+ 0 -

Symbolic vulnerability: as a simple message results in errors in the phone

Symbolic vulnerability: as a simple message results in errors in the phone
 
Shot from the film "The Matrix" (1999)
 
 
Against the background of the capabilities of modern smartphones, it's easy to forget that mobile communication is a very old technology. The only concept of sending short text messages is was developed. more than 30 years ago. If people started creating SMS in 201? then probably would not limit one message to 160 characters (in 7-bit encoding).
 
 
Communication inherits not only the constraints inherent in the creation. Many errors, hidden and obvious, are waiting for their time for years, beginning with a distant mobile past. Over time, new hardware ...
+ 0 -

ESET: cybergroup Lazarus switched to Central America

The Lazarus group became famous after the cyberattack on Sony Pictures Entertainment in 2014. In 2017 the group remains active, using a wide range of malicious tools, including the KillDisk viper.
 
 
Our study showed that Lazarus is very likely to be behind the attack on online casinos in Central America and some other goals are at the end of 2017. In these incidents, attackers used the same tools, including KillDisk, which was run on compromised devices.
 
 
+ 0 -

Panda VPN for the house

Panda VPN for the house  
 
New home antivirus Panda Dome contains a module Panda VPN, which allows you to quickly connect to the VPN and use any website, various messengers, social networks and various forums to explore music, movies and software. Let's see what Panda VPN is and how it works. Panda Dome . And Panda VPN is present in all tariff plans of Panda Dome, starting from the free version of the antivirus Panda Dome FREE to the premium paid version of Panda Dome Premium.
 
 
Panda VPN is one of the easiest to use home VPNs that securely "tunnel" your Internet connection through one of thousands of available ...
+ 0 -

Pedro Uria: "The problem for information security will not be malicious programs, but hackers"

Pedro Uria: "The problem for information security will not be malicious programs, but hackers"  
 
Prior to the European summit on information security there are only a few weeks. On May 1? Madrid will host the Panda Security Summit (3r3r3? PASS2018
) - a landmark event for CIOs and heads of IS services.
 
 
At the summit, experts from companies such as Gartner or Deloitte will present their perspectives and analysis of the global panorama in the field of information security, as well as talk about the trends in the development of protection and threats. The summit participants will also be able to see the results of the PandaLabs antivirus laboratory, in which various information security techniques ...
+ 0 -