Latest news with #PositiveTechnologiesExpertSecurityCenter
TECHx
09-07-2025
- TECHx
High-Severity Windows Flaw Revealed by Security Expert
Home » Emerging technologies » Cyber Security » High-Severity Windows Flaw Revealed by Security Expert Positive Technologies has revealed a high-severity vulnerability affecting 37 desktop and server Windows operating systems. The flaw impacts Windows 11, Windows 10, Server 2025, Server 2022, and Server 2019 across various versions and architectures. The vulnerability, identified as CVE-2025-49689, was discovered by Sergey Tarasov, Specialist at the Positive Technologies Expert Security Center. It affects the NTFS file system driver and was assigned a CVSS 3.1 severity score of 7.8. The flaw could have enabled privilege escalation if a user opened a malicious virtual hard disk (VHD). This would allow attackers to bypass Windows security and gain full control of the system. Microsoft was notified under responsible disclosure protocols and released patches in July 2025. • Over 1.5 million devices are reportedly exposed • U.S. and China account for the largest number of affected systems StatCounter data shows Windows 11's market share rose from below 30% in 2024 to over 43% by May 2025. Tarasov explained that attackers often use VHD files in phishing campaigns. Many users treat these files like ordinary archives, increasing the risk of exploitation. Positive Technologies recommends users install the latest Windows updates. If updates cannot be applied, users should only open VHD files from trusted sources. The company also advises deploying its tools, including MaxPatrol VM and MaxPatrol EDR, to detect and prevent similar threats. In 2024, Tarasov helped address another vulnerability, CVE-2024-43629, affecting Windows 10, 11, and Server editions. In 2017, the PT Expert Security Center collaborated with Microsoft to resolve CVE-2017-0263.
TECHx
05-03-2025
- TECHx
New Malware Targets MENA Region, Steals Cryptocurrency Data - TECHx Media New Malware Targets MENA Region, Steals Cryptocurrency Data
Threat Intelligence specialists at Positive Technologies Expert Security Center (PT ESC) have uncovered a new malware campaign actively targeting individuals in the Middle East and North Africa (MENA) region. Since September 2024, attackers have been using a modified version of AsyncRAT to steal sensitive data, particularly focusing on cryptocurrency wallet information. The campaign is distributed through social media ads, with attackers posing as news outlets to lure victims to malicious file-sharing platforms or Telegram channels. The malware is designed to harvest cryptocurrency wallet data and send it to a Telegram bot operated by the attackers. PT ESC's investigation revealed approximately 900 potential victims, with most affected individuals being regular users from industries including oil and gas, construction, IT, and agriculture. Victims are primarily located in Libya (49%), Saudi Arabia (17%), Egypt (10%), Turkey (9%), UAE (7%), and Qatar (5%). The group behind the campaign has been named Desert Dexter, a reference to one of the suspected operators. During the investigation, researchers discovered the attackers were using temporary accounts and fake news channels on Facebook to bypass ad filters and spread their malicious posts. Although a similar campaign was documented in 2019, the current operation introduces new techniques to make the malware more effective. Denis Kuvshinov, Head of Threat Intelligence at Positive Technologies, explained that the attack follows a multi-stage process, beginning with victims being lured to file-sharing services or Telegram channels, where they unknowingly download a RAR archive containing malicious files. These files install AsyncRAT, collect system information, and send the data to a Telegram bot controlled by the attackers. The modified AsyncRAT includes an updated IdSender module, which specifically targets cryptocurrency wallet extensions, two-factor authentication extensions, and software used to manage cryptocurrency wallets. While the tools used by Desert Dexter are not particularly sophisticated, their use of social media ads and legitimate services has made the campaign effective. The attackers exploit geopolitical tensions in the MENA region, targeting both individual users and high-ranking officials. Researchers have noted that the region remains a prime target for cyberattacks due to ongoing political instability, with phishing campaigns increasingly using political themes to lure victims.
Zawya
05-03-2025
- Zawya
Positive Technologies experts uncover new malware campaign in the Middle East
Dubai - Threat Intelligence specialists at the Positive Technologies Expert Security Center (PT ESC) have identified and analyzed a new malware campaign targeting individuals in the Middle East and North Africa. Active since September 2024, the campaign uses a modified version of AsyncRAT to target victims. To spread the malware, the attackers posed as news outlets on social media, creating promotional posts with links to file-sharing platforms or Telegram channels. The modified malware is designed to steal cryptocurrency wallet data and communicate with a Telegram bot. The investigation revealed approximately 900 potential victims, most of whom are everyday users. Among those affected are employees working in industries such as oil and gas, construction, IT, and agriculture. Analysis showed that most victims are located in Libya (49%), Saudi Arabia (17%), Egypt (10%), Turkey (9%), the UAE (7%), Qatar (5%), and other countries. The group behind the campaign was dubbed Desert Dexter, named after one of the suspected authors. During the investigation, researchers found that the attackers rely on temporary accounts and fake news channels on Facebook [1] to bypass the platform's ad filters. A similar attack was documented by Check Point researchers in 2019, but the campaign described here introduces new techniques to the attack chain. Denis Kuvshinov, Head of Threat Intelligence, Positive Technologies Expert Security Center, said:"This attack follows a multi-stage process. The victim is lured from a promotional post to a file-sharing service or a Telegram channel operated by the attackers, which imitates a media outlet. From there, the victim receives a RAR archive containing malicious files. These files download and execute AsyncRAT, gather necessary system information, and send it to the attackers' Telegram bot. The AsyncRAT version used in this campaign includes a modified IdSender module that collects information about cryptocurrency wallet extensions, two-factor authentication extensions in various browsers, and software used to manage cryptocurrency wallets." While Desert Dexter's tools are not particularly sophisticated, their use of social media ads, legitimate services, and the geopolitical context of the region has made the campaign effective. The group posts messages about allegedly leaked confidential information, making the attack chain versatile enough to infect the devices of not only regular users but also high-ranking note that ongoing tensions in the Middle East and North Africa have made the region a prime target for cyberattacks aimed at both government institutions and individual users. Political themes remain a common lure in phishing campaigns, with attacks becoming more sophisticated and malware being continuously adapted to meet the needs of different threat actors. Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia publicly available on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting. Follow us on X, LinkedIn, and in the News section at [1] Meta (Facebook) is currently prohibited in Russia.
