Security News

Researchers claim Windows Defender can be fooled into deleting databases
2024-04-22 04:29

BLACK HAT ASIA Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. Speaking at the Black Hat Asia conference in Singapore, SafeBreach's VP of Security Research Tomer Bar and security researcher Shmuel Cohen explained that Microsoft Defender and Kaspersky's Endpoint Detection and Response can be made to detect false positive indicators of malicious files - and then to delete them.

Hackers used new Windows Defender zero-day to drop DarkMe malware
2024-02-13 20:52

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan.The hacking group was spotted using the zero-day in attacks on New Year's Eve day by Trend Micro security researchers.

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload
2022-08-02 08:07

A threat actor associated with the LockBit 3.0 ransomware-as-a-service operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. "Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire, and a new way to side-load Cobalt Strike," researchers Julio Dantas, James Haughom, and Julien Reisdorffer said.

LockBit ransomware abuses Windows Defender to load Cobalt Strike
2022-07-29 14:29

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

LockBit operator abuses Windows Defender to load Cobalt Strike
2022-07-29 14:29

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender
2021-09-14 17:21

A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. To target victims, the malware is spread from a fake Google advertisement for various software, researchers found - an indirect alternative to social-engineering tactics like spear-phishing emails.

New Zloader attacks disable Windows Defender to evade detection
2021-09-14 15:02

An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus on victims' computers to evade detection. According to Microsoft's stats, Microsoft Defender Antivirus is the anti-malware solution pre-installed on more than 1 billion systems running Windows 10.

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
2021-07-20 01:48

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers said in a report shared with The Hacker News.

How to exclude files and folders from Windows Defender scans
2021-05-09 14:27

Windows 10's built-in antivirus tool Microsoft Defender uses threat signatures, behavioral detection, and machine learning models to automatically detect and block suspicious files, folders, and processes. Microsoft allows you to exclude files and folders, so they are not scanned by Microsoft Defender.

Windows Defender bug fills Windows 10 boot drive with thousands of files
2021-05-05 15:29

A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. The bug started with Windows Defender antivirus engine 1.1.18100.