![]() "The new Hive variant uses string encryption that can make it more evasive," the researchers wrote, referring to the malware's executable. But protecting and healing hospitals needs machines Costa Rican government held up by ransomware … again.How miscreants get BlackCat ransomware on your network Unpatched Exchange server, stolen RDP logins.Intel ships crypto-mining ASIC at the worst possible time.Hive isn't the first ransomware to be written in Rust BlackCat is another example.ĭetecting the Hive variant also is harder, according to MSTIC. In addition, being written in Rust will make the Hive code a little more difficult to reverse-engineer, according to Microsoft researchers. The key change in the updates is Hive's switch from the Go programming language to Rust, which offers memory safety at compile time for greater stability, deep control over low-level resources, and a variety of cryptographic libraries for fast file scrambling. The updates to Hive will have far-reaching impacts given that its RaaS payload has been used in attacks against organizations in a range of industries by large ransomware affiliates, such as DEV-0237. "Analyzing these patterns in samples of the new variants, we discovered even more samples, all with a low detection rate and none being correctly identified as Hive." "This analysis led to the discovery of the new Hive variant and its multiple versions, which exhibit slightly different available parameters in the command line and the executed processes," they wrote. Update: The article has been updated with Microsoft’s statement and details on the emergency patch.The recent work by MSTIC researchers uncovered the latest variant. In fact, Defender once prevented Office apps and apps due to Emotet malware. There have been similar incidents in 2021. A similar incident was reported in March when the company flagged its own Office updates as ransomware threats. Earlier this year, some Google Chrome updates were flagged as potentially harmful by Microsoft. This is the third such incident involving Windows Defender. If you do not see the update when you check for updates, you can also manually download the fix from the given links: Search for ‘Windows Security’ in Windows Search.To fix Behavior:Win32/Hive.ZY, follow these steps: The fix is rolling out with version: 1.373.1537.0. There’s not much you can do to fix Windows Defender’s false positive errors as they can only be patched through a server-side update from Microsoft. Thankfully, Microsoft officials told us that they’ve already started investigating the issue and a potential fix has been published. Microsoft releases fix for Behavior:Win32/Hive.ZY The culprit is always one of the PIDs of Chrome,” another user noted. Started happennig today, probably after a Windows Defender update. Even for when I click Learn more under protection history. “The alert comes up when opening a new page in Chrome, but not all of them. If the app keeps running in the background, the error will over time pop up again. If you’re affected, you can easily reproduce the error if you kill all processes for Edge, Chrome or whatever that triggers it and launch the app again. In our tests, we observed that Windows Defender on both Windows 10 and Windows 11 is flagging Chromium-based and other apps like Discord as “Win32/Hive.ZY”. This prevents Docker Desktop from being upgraded via WinGet or the internal application update option, and results in many, many, many spurious warnings,” one of the affected users noted. “Docker Desktop downloaded from their site or installed via WinGet is reporting “Behavior:Win32/Hive.ZY” as of this morning’s security update. The reports, seen by us, show that affected users are automatically shown the aforementioned error during the regular scans of Defender.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |