security products Archives

Tech Optimizer

May 12, 2025

Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution

Defendnot is a tool that disables Windows Defender by using the Windows Security Center (WSC) API, presenting itself as a legitimate antivirus solution. It was created by a developer named “es3n1n” and follows the removal of a previous tool called “no-defender.” The tool engages directly with WSC, which disables Windows Defender when third-party antivirus software is installed to avoid conflicts. Defendnot was developed through reverse engineering of the WSC service and involves understanding how WSC verifies processes. It registers a phantom antivirus product using COM interfaces and undocumented Windows APIs, leading Windows to disable its built-in protection. The tool requires administrative privileges to operate and adds itself to autorun to maintain its functionality after a reboot. Security experts express concern about its potential misuse by malware authors, while it also provides insights into vulnerabilities in Microsoft’s security architecture.

Tech Optimizer

May 5, 2025

VIPRE Advanced Security Awarded Highest Ranking in AV-Comparatives’ Malware Protection Test 2025

VIPRE® Advanced Security received the Advanced+ award from AV-Comparatives in the March 2025 Malware Protection Test for its effectiveness against cyber threats. The test evaluated 19 security products using 10,030 malware samples on a Windows 11 system, focusing on both online and offline threats. VIPRE achieved a 98.7% detection rate in all scenarios, a 99.93% overall protection rate during execution testing, and had one of the lowest false positive counts among the products tested. VIPRE's security solutions are integrated into other Ziff Davis products, enhancing their protection capabilities. VIPRE is a subsidiary of Ziff Davis, Inc., specializing in cybersecurity solutions with over 25 years of experience.

Tech Optimizer

April 22, 2025

VIPRE Security Crushes Competition with 99.93% Protection Rate in Latest Test

VIPRE® Advanced Security received the Advanced+ distinction from AV-Comparatives in their March 2025 Malware Protection Test, demonstrating strong capabilities against cyber threats. The test evaluated 19 security products using 10,030 malware samples and included both online and offline scenarios. VIPRE achieved a 98.7% detection rate and a 99.93% overall protection rate during execution testing, with one of the lowest false positive counts among the products tested. VIPRE's security solutions also enhance other Ziff Davis consumer security products, utilizing its threat intelligence cloud to block malicious sites and improve overall protection.

Tech Optimizer

April 22, 2025

VIPRE Security Crushes Competition with 99.93% Protection Rate in Latest Test

VIPRE® Advanced Security received the Advanced+ distinction from AV-Comparatives in their March 2025 Malware Protection Test for its exceptional performance in detecting and preventing malware threats. The test evaluated 19 security products using 10,030 malware samples on a Windows 11 system, focusing on both online and offline threats. VIPRE achieved a 98.7% detection rate in all scenarios, a 99.93% overall protection rate during execution testing, and had one of the lowest false positive counts. VIPRE's security features also enhance other Ziff Davis products, utilizing its threat intelligence cloud to improve protection across various platforms. VIPRE is a subsidiary of Ziff Davis, Inc., and has over 25 years of experience in cybersecurity solutions.

Tech Optimizer

April 15, 2025

New ‘Waiting Thread Hijacking’ Malware Technique Evades Modern Security Measures

Security researchers have developed a new malware process injection technique called "Waiting Thread Hijacking" (WTH), which executes harmful code within legitimate processes while avoiding detection by security measures. This method improves upon traditional Thread Execution Hijacking by using a different sequence of operations that bypasses commonly monitored API calls. WTH involves allocating memory and injecting malicious payloads using standard functions, identifying dormant threads within the target process, acquiring thread context with less suspicious permissions, and overwriting the return address on the stack with the injected shellcode. The technique ensures stability by preserving the original state of the thread and allows it to resume normal operations after executing the malicious code. Additionally, WTH employs an obfuscation technique that distributes its steps across multiple child processes to evade behavioral detection systems. While WTH can avoid many conventional detection triggers, it is not completely immune, as some Endpoint Detection and Response (EDR) solutions can block unauthorized memory writes. Check Point Research has observed that WTH is effective against certain EDRs while others can block it but not older methods, illustrating the variability in EDR capabilities.

Tech Optimizer

March 31, 2025

Ransomware crews add EDR killers to their arsenal

Antivirus and endpoint security tools are increasingly challenged by ransomware groups that use sophisticated strategies to disable defenses early in attacks. Cisco Talos reported that in nearly half of the ransomware incidents they handled in 2024, attackers successfully employed "EDR killers" to neutralize endpoint detection and response (EDR) systems, achieving success 48 percent of the time. Tools such as EDRSilencer, EDRSandblast, EDRKillShifter, and Terminator pose significant threats to organizational security. EDRKillShifter exploits vulnerable drivers on Windows machines to terminate EDR products, a tactic observed in operations by rival gangs like Medusa, BianLian, and Play. The primary goal of these tools is to disable EDR protections, allowing attackers to operate undetected, complicating system recovery efforts. Recovery often requires wiping and rebuilding entire networks if robust backups are available. Some EDR killers, like HRSword, are legitimate software tools misused by ransomware actors to disable endpoint protection systems. Attackers have exploited misconfigured systems, particularly EDR products set to audit-only mode, which detect but do not block malicious activity. LockBit has remained the most active ransomware-as-a-service group for the third consecutive year, accounting for 16 percent of claimed attacks in 2024. Newcomer RansomHub secured the second position with 11 percent of posts to leak sites. The effectiveness of law enforcement actions plays a significant role in shaping the ransomware landscape.

Winsage

March 26, 2025

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

Russian threat actors are exploiting a zero-day vulnerability in the Microsoft Management Console (MMC), identified as CVE-2025-26633, allowing them to bypass security features and execute harmful code. The hacking group Water Gamayun, also known as EncryptHub and Larva-208, is behind this campaign, using a weaponized version of the vulnerability called “MSC EvilTwin” to deploy various malicious payloads, including information stealers and backdoors. The vulnerability affects multiple Windows versions, particularly older systems like Windows Server 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-26633 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by April 1, 2025. Microsoft included this vulnerability in its March 2025 Patch Tuesday update. Recommended mitigations include applying security patches, restricting network access to MMC ports, and monitoring for unusual MMC activity.

Winsage

March 12, 2025

March Patch Tuesday fixes 6 Windows zero-day exploits

A total of 57 unique vulnerabilities have been addressed in Microsoft's latest security updates, including six zero-day exploits that require immediate attention. The Windows operating system accounts for the majority of these vulnerabilities. Among them is a critical security feature bypass (CVE-2025-26633) with a CVSS rating of 7.0, which requires user interaction for exploitation. Three additional zero-day vulnerabilities are found in the Windows NTFS, including two information disclosure vulnerabilities (CVE-2025-24984 and CVE-2025-24991) and a critical remote-code execution vulnerability (CVE-2025-24993). Another zero-day vulnerability (CVE-2025-24985) affects the Windows Fast FAT driver with a CVSS score of 7.8 and also requires user interaction. The final zero-day vulnerability (CVE-2025-24983) is an elevation-of-privilege flaw with a CVSS score of 7.0. Additionally, a notable public disclosure involves a remote-code execution vulnerability in Microsoft Access (CVE-2025-26630) with a CVSS score of 7.8. Microsoft has also republished four older vulnerabilities with updates. Furthermore, Microsoft is preparing to implement stricter authentication measures for Windows machines, transitioning to mandatory "Enforcement" mode for certain vulnerabilities next month.

Tech Optimizer

February 23, 2025

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from

Researchers from Rapid7 disclosed that the breach of US Treasury workstations by suspected Chinese state-sponsored hackers was facilitated by two zero-day vulnerabilities, including a PostgreSQL flaw (CVE-2025-1094). Exploitation attempts targeting Palo Alto Networks firewalls have surged, focusing on CVE-2025-0108, an authentication bypass vulnerability. Apiiro security researchers introduced PRevent, an open-source tool to detect malicious code in pull requests, and Kunai, an open-source threat hunting tool for Linux, was also introduced. Chester Wisniewski from Sophos discussed the shifting ransomware landscape and quantum decryption threats, while Juliette Hudson from CybaVerse emphasized the importance of asset visibility in cybersecurity. The resurgence of BlackLock ransomware is anticipated in 2025, and XCSSET info-stealing malware has been observed targeting macOS users. Cybersecurity professionals are advised to consider the increasing use of artificial intelligence by malicious actors when making investment decisions for 2025. Various cybersecurity roles are currently available globally, reflecting the growing demand for expertise. New information security products were introduced by companies including 1Password, Fortinet, Pangea, Privacera, and Veeam Software.

Tech Optimizer

February 5, 2025

Avast Antivirus Statistics and Facts (2025)

Avast's global revenue for 2024 is projected to reach USD 950 million, with a growth rate of 4% compared to the previous year. The company has over 435 million active users globally, with 60% of its revenue coming from Europe and North America. Avast controls 6.5% of the global antivirus market and ranks among the top five providers in the cybersecurity industry. Its VPN services, using AES-256-bit encryption, saw a 12% increase in subscriptions. Additionally, 80% of Avast's products integrate AI and machine learning, and mobile security products account for 20% of its total revenue. Avast has raised USD 100 million in funding, bringing its valuation to USD 2,865.9 million, and partnerships with major tech companies contribute 10% of its total revenue. The company employs more than 1,800 individuals and has around 9 million weekly active users. Avast prevents nearly 1.5 billion attacks each month and has users in 59 countries. A total of 859 companies utilize Avast for organizational cybersecurity solutions, and the software is available in 45 different languages. Avast offers a 30-day free trial and has a highly accurate antivirus solution, with a 94.2% offline detection rate and a 99.5% online detection rate. Avast is compatible with Windows, macOS, Android, and iOS, and provides a 30-day money-back guarantee. The software features include real-time protection, Wi-Fi Inspector, CyberCapture, and email shield. Paid plans range from INR 4,144.79 (USD 49.99) to INR 6,632.17 (USD 79.99) per year. In Q1 2024, social engineering attacks were identified as the biggest threat, with scams increasing by 61% on mobile and 23% on desktop. Avast's global risk ratio was 31%, with a total of 3.52 billion blocked attacks. The company secured the fourth position in the antivirus market, with 8% paid users and 18% free users. As of July 2024, avast.com had 14.1 million visits, with the United States contributing 20.1% of the traffic. Male users made up 62.93% of visitors, and the highest percentage of users were aged 25 to 34. Organic search generated the highest traffic rate, accounting for 45.9%, while YouTube was the leading source of social media referrals.