Category: Securelist

Kaspersky’s GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025. This article has been indexed from Securelist Read the original article: Сrimeware and financial cyberthreats in 2025

Read more →

Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks. This article has been indexed from Securelist Read the original article: Threats…

Read more →

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims. This article has been indexed from Securelist Read the original article: Ymir: new stealthy ransomware…

Read more →

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns. This article has been indexed from Securelist Read the original article: QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Read more →

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle. This article has been indexed from Securelist Read the original article: New SteelFox Trojan mimics software activators,…

Read more →

Scammers use large language models (LLMs) to create phishing pages and leave artifacts in texts and tags, like the phrase “As an AI language model…”. This article has been indexed from Securelist Read the original article: Loose-lipped neural networks and…

Read more →

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents. This article has been indexed from Securelist Read the original article: Risk reduction redefined: How…

Read more →

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets. This article has been indexed from Securelist Read the original article: Lumma/Amadey: fake CAPTCHAs want to…

Read more →

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. This article has been indexed from Securelist Read the original article: The Crypto Game…

Read more →

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. This article has been indexed from Securelist Read the original article: The Crypto Game…

Read more →

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions. This article has been indexed from Securelist Read the original article: Grandoreiro, the global trojan with grandiose goals

Read more →

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions. This article has been indexed from Securelist Read the original article: Grandoreiro, the global trojan with grandiose ambitions

Read more →

Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer. This article has been indexed from Securelist Read…

Read more →

A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc. This article has been indexed from Securelist Read the original article: Analysis of the…

Read more →

In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7. This article has been indexed from Securelist Read the original article: SAS CTF and…

Read more →

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. This article has been indexed from Securelist Read the original article: Beyond the Surface: the evolution and expansion of the SideWinder APT group

Read more →

The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on. This article has been indexed from Securelist Read the original article: Whispers from the Dark…

Read more →

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations. This article has been indexed from Securelist Read the original article: Awaken Likho is…

Read more →

Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims’ devices for persistence. This article has been indexed from Securelist Read the original article: Scam Information and Event Management

Read more →

How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data. This article has been indexed from Securelist Read the original article: Finding a needle in a haystack: Machine learning at the forefront of threat…

Read more →

Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram. This article has been indexed from Securelist Read the original article: Key Group: another ransomware group using…

Read more →

In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types. This article has been indexed from Securelist Read the original article: Threat landscape for industrial…

Read more →

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. This article has been indexed from Securelist Read the original article: From 12 to 21: how we discovered connections between…

Read more →

Kaspersky experts review Do Not Track (DNT) statistics for the most widely used web tracking services in 2023 and 2024 operated by companies like Google, Microsoft, etc. This article has been indexed from Securelist Read the original article: Web tracking…

Read more →

Kaspersky experts have discovered a new version of the Necro Trojan, which has attacked tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods. This article has been indexed from Securelist Read the original article: How…

Read more →

Analysis of Twelve’s activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers. This article has been indexed from Securelist Read the original article: -=TWELVE=- is back

Read more →

Kaspersky researchers detected a campaign exclusively targeting Italian users by delivering a new RAT dubbed SambaSpy This article has been indexed from Securelist Read the original article: Exotic SambaSpy is now dancing with Italian users

Read more →

Kaspersky experts have discovered a new version of the Loki agent for the open-source Mythic framework, which uses DLLs to attack Russian companies. This article has been indexed from Securelist Read the original article: Loki: a new private agent for…

Read more →

Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East. This article has been indexed from Securelist Read…

Read more →

In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc. This article has been indexed from Securelist Read the original article: Mallox ransomware: in-depth analysis and evolution

Read more →

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. This article has been indexed from Securelist Read the original article: A deep dive into the…

Read more →

In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc. This article has been indexed from Securelist Read the original article: IT threat evolution Q2 2024

Read more →

The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Mobile statistics

Read more →

This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Non-mobile statistics

Read more →

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore. This article has been indexed from Securelist Read the original article: Head Mare: adventures of a unicorn in…

Read more →

Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers. This article has been indexed from Securelist Read the original article: HZ Rat backdoor for macOS attacks users of China’s…

Read more →

While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer. This article has been indexed from Securelist…

Read more →

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q2 2024

Read more →

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems. This article has been indexed from Securelist Read the original article: Approach to mainframe penetration testing on z/OS

Read more →

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. This article has been indexed from Securelist Read the original article: BlindEagle flying…

Read more →

Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data. This article has been indexed from Securelist Read the original article: Tusk: unraveling a complex infostealer campaign

Read more →

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. This article has been indexed from Securelist Read the original article: EastWind campaign: new CloudSorcerer attacks on government organizations in…

Read more →

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity. This article has been indexed from Securelist Read the original…

Read more →

We studied data from the internet and Kaspersky internal sources to find out how and why people use indirect prompt injection. This article has been indexed from Securelist Read the original article: Indirect prompt injection in the real world: how…

Read more →

Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2. This article has been indexed from Securelist Read the original article: LianSpy: new Android spyware targeting Russian users

Read more →

Kaspersky researchers investigated three ransomware groups that tapped newly built malware samples based on Babuk, Lockbit, Chaos and others, while lacking professional resources. This article has been indexed from Securelist Read the original article: How “professional” ransomware variants boost cybercrime…

Read more →

Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play This article has been indexed from Securelist Read the original article: Mandrake spyware sneaks onto Google Play again, flying under the…

Read more →

Kaspersky experts have discovered a new scheme that combines elements of spear and mass phishing This article has been indexed from Securelist Read the original article: When spear phishing met mass phishing

Read more →

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help. This article has been indexed from Securelist Read the original article: Developing and prioritizing a detection engineering backlog based…

Read more →

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. This article has been indexed from Securelist Read the original article: CloudSorcerer – A new APT targeting Russian government…

Read more →

Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam. This article has been indexed from Securelist Read the original article: Cybersecurity in the SMB space — a growing threat

Read more →

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook. This article has been indexed from Securelist Read the original article: XZ backdoor: Hook analysis

Read more →

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques. This article has been indexed from Securelist Read the original article: Analysis of user password strength

Read more →

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities. This article has been indexed from Securelist Read the original…

Read more →

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. This article has been indexed from Securelist Read the original article: QR code SQL injection and other vulnerabilities…

Read more →

Explaining how scammers use phishing and OTP bots to gain access to accounts protected with 2FA. This article has been indexed from Securelist Read the original article: Bypassing 2FA with phishing and OTP bots

Read more →

In this report, Kaspersky shares non-mobile malware statistics for Q1 2024, including ransomware, miner and macOS malware statistics. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2024. Non-mobile statistics

Read more →

In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant. This article has been indexed from…

Read more →

Mobile malware statistics for Q1 2024: most common threats for Android, mobile banking Trojans, and ransomware Trojans. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2024. Mobile statistics

Read more →

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers. This article has been indexed from Securelist Read the original article: Trusted relationship attacks: trust, but verify

Read more →

Here’s how scams target buyers and sellers on online message boards, and how the gangs behind them operate. This article has been indexed from Securelist Read the original article: Message board scams

Read more →

In this report Kaspersky ICS CERT shares statistics on threats blocked on ICS computers globally and in separate regions in Q1 2024: share of attacked computers, most affected industries, most common types of threats. This article has been indexed from…

Read more →

The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. This article…

Read more →

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration. This article has been indexed from Securelist Read the original article: A journey into forgotten Null Session and MS-RPC interfaces

Read more →

In this report, we discuss two new stealers: Acrid and ScarletStealer, and an evolution of the known Sys01 stealer, with the latter two dividing stealer functionality across several modules. This article has been indexed from Securelist Read the original article:…

Read more →

In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft’s patch Tuesday. We have seen it exploited by QuakBot and other malware. This article…

Read more →

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. This article has been indexed from Securelist Read the original article: Incident response analyst report 2023

Read more →

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. This article has been indexed from Securelist Read the original article: Incident response analyst report 2023

Read more →

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity. This article has been indexed from Securelist Read the original article: APT trends report Q1…

Read more →

As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement. This article has been indexed from Securelist Read the original article: State of ransomware in…

Read more →

The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q1 2024

Read more →

In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware. This article has been indexed from Securelist Read the original article: Financial cyberthreats in 2023

Read more →

The report covers the tactics, techniques and tools most commonly deployed by threat actors, the nature of incidents detected and their distribution among MDR customers. This article has been indexed from Securelist Read the original article: Managed Detection and Response…

Read more →

In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their…

Read more →

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts. This article has been indexed from Securelist Read the original article: ToddyCat is…

Read more →

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. This article has been indexed from Securelist Read the original article: DuneQuixote campaign targets Middle Eastern…

Read more →

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection. This article has been indexed from Securelist Read the original article: SoumniBot: the new Android banker’s unique techniques

Read more →

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. This article has been indexed from Securelist Read the original article: Using the LockBit builder…

Read more →

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process. This article has been indexed from Securelist Read the original article: XZ backdoor story – Initial analysis

Read more →

In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022. This article has been indexed from Securelist Read the original article: DinodasRAT Linux implant targeting entities…

Read more →

In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan. This article has been indexed from Securelist Read the original article: Android malware, Android malware and more Android malware

Read more →

Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems.…

Read more →

In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.…

Read more →

Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine. This article has been indexed from Securelist Read the original article: What’s in your notepad?…

Read more →

In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected. This article has been indexed from Securelist Read the…

Read more →

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. This article has been indexed from Securelist Read the original article:…

Read more →

This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks. This article has been indexed from Securelist Read the original article: Spam and…

Read more →

While investigating an incident, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the QEMU hardware emulator. This article has been indexed…

Read more →

Security research into an AI robot for kids revealed several vulnerabilities enabling a cybercriminal to take over device control and to video-chat with the kid. This article has been indexed from Securelist Read the original article: An educational robot security…

Read more →

This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others. This article has been indexed from Securelist Read the original article: The mobile malware threat landscape in 2023

Read more →

We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil. This article has been indexed from Securelist Read the…

Read more →

Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc. This article has been indexed from Securelist Read the original article: ICS and OT threat predictions for 2024

Read more →

Kaspersky experts review their privacy predictions for 2023 and last year’s trends, and try to predict what privacy concerns and solutions are to come in 2024. This article has been indexed from Securelist Read the original article: Privacy predictions for…

Read more →

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware. This article has been indexed from Securelist Read the original article: Cracked software beats gold: new macOS backdoor stealing cryptowallets

Read more →

An overview of last year’s predictions for corporate and dark web threats and our predictions for 2024. This article has been indexed from Securelist Read the original article: Dark web threats and dark market predictions for 2024

Read more →

Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator. This article has been indexed from Securelist Read the original article: A lightweight method to detect potential iOS…

Read more →

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs. This article has been indexed from Securelist…

Read more →

This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist…

Read more →

We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these…

Read more →

This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist…

Read more →