Category: Securelist

This article has been indexed from Securelist Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and…

Read more →

This article has been indexed from Securelist In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to…

Read more →

This article has been indexed from Securelist We detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. Read the original article:…

Read more →

This article has been indexed from Securelist We detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. Read the original article:…

Read more →

This article has been indexed from Securelist Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox…

Read more →

This article has been indexed from Securelist This article analyzes different ways of the spoofing email addresses through changing the From header, which provides information about the sender’s name and address. Read the original article: Email spoofing: how attackers impersonate…

Read more →

This article has been indexed from Securelist In this report we try to understand what occupied children during the last year, from May 2020 to April 2021 inclusive. Read the original article: Kids on the Web in 2021: Infinite creativity

Read more →

This article has been indexed from Securelist In the first quarter of 2021 we detected 1.45M mobile installation packages, of which 25K packages were related to mobile banking Trojans and 3.6K packages were mobile ransomware Trojans. Read the original article:…

Read more →

This article has been indexed from Securelist SolarWinds attacks, MS Exchange vulnerabilities, fake adblocker distributing miner, malware for Apple Silicon platform and other threats in Q1 2021. Read the original article: IT threat evolution Q1 2021

Read more →

This article has been indexed from Securelist In Q1 2021, we blocked more than 2 billion attacks launched from online resources across the globe, detected 77.4M unique malicious and potentially unwanted objects, and recognized 614M unique URLs as malicious. Read…

Read more →

This article has been indexed from Securelist In the EU, 70% of user computers experienced at least one Malware-class attack, 115,452,157 web attacks and 86,584,675 phishing attempts were blocked. Read the original article: Kaspersky Security Bulletin 2020-2021. EU statistics

Read more →

This article has been indexed from Securelist In the EU, 70% of user computers experienced at least one Malware-class attack, 115,452,157 web attacks and 86,584,675 phishing attempts were blocked. Read the original article: Kaspersky Security Bulletin 2020-2021. EU statistics

Read more →

This article has been indexed from Securelist There are times when a single ransomware family has evolved from a mass-scale operation to a highly targeted threat – all in the span of two years. In this post we want to…

Read more →

This article has been indexed from Securelist Bizarro is yet another banking Trojan family originating from Brazil that steals credentials from customers of 70 banks from different European and South American countries. Read the original article: Bizarro banking Trojan expands…

Read more →

This article has been indexed from Securelist Bizarro is yet another banking Trojan family originating from Brazil that steals credentials from customers of 70 banks from different European and South American countries. Read the original article: Bizarro banking Trojan expands…

Read more →

This article has been indexed from Securelist In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized. Read the…

Read more →

In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized. Read the original article: Ransomware world in 2021: who,…

Read more →

In Q1 2021, we saw a spike in DDoS activity in January, peaking at over 1,800 attacks per day. The most widespread was UDP flooding (41.87%), while SYN flooding dropped to third place (26.36%). Read the original article: DDoS attacks…

Read more →

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims…

Read more →

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims…

Read more →

In terms of spam and phishing, in Q1 2021, we largely saw a continuation of the 2020 trends: exploitation of COVID-19 theme, hunting corporate account credentials and spoofing of online store websites. Read the original article: Spam and phishing in…

Read more →

Read the original article: Spam and phishing in Q1 2021 In terms of spam and phishing, in Q1 2021, we largely saw a continuation of the 2020 trends: exploitation of COVID-19 theme, hunting corporate account credentials and spoofing of online…

Read more →

Read the original article: APT trends report Q1 2021 This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of…

Read more →

Read the original article: APT trends report Q1 2021 This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of…

Read more →

Read the original article: Ransomware by the numbers: Reassessing the threat’s global impact In this report, we’ll take a look at the numbers behind the ransomware threat from 2019 to 2020, what they mean — and what they foretell about…

Read more →

Read the original article: Targeted Malware Reverse Engineering Workshop follow-up. Part 2 The Reverse Engineering webinar audience having been so active not only were we unable to address all the incoming questions online, we didn’t even manage to pack the…

Read more →

Read the original article: Targeted Malware Reverse Engineering Workshop follow-up. Part 1 With so many questions collected during the Targeted Malware Reverse Engineering webinar we lacked the time to answer them all online, we promised we would come up with…

Read more →

Read the original article: Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild,…

Read more →

Read the original article: Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild,…

Read more →

Read the original article: Malicious code in APKPure app Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version and installing APKPure 3.17.19 asap. Read the original article: Malicious…

Read more →

Read the original article: The leap of a Cycldek-related threat actor The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.   Become…

Read more →

Read the original article: The leap of a Cycldek-related threat actor The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.   Become…

Read more →

Read the original article: Browser lockers: extortion disguised as a fine In this article we discuss browser lockers that mimic law enforcement websites.   Become a supporter of IT Security News and help us remove the ads. Read the original…

Read more →

Read the original article: Financial Cyberthreats in 2020 This research is a continuation of our annual financial threat reports providing an overview of the latest trends and key events across the financial threat landscape. The study covers the common phishing…

Read more →

Read the original article: APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and…

Read more →

Read the original article: Doxing in the corporate sector Corporate doxing poses a serious threat to the confidential data of a company.   Become a supporter of IT Security News and help us remove the ads. Read the original article:…

Read more →

Read the original article: Threat landscape for industrial automation systems. Statistics for H2 2020 We continued our observations and identified a number of trends that could, in our opinion, be due to circumstances connected with the pandemic in one way…

Read more →

Read the original article: Convuster: macOS adware now in Rust Convuster adware for macOS is written in Rust and able to use Gatekeeper to evade analysis.   Become a supporter of IT Security News and help us remove the ads.…

Read more →

Read the original article: COVID-19: Examining the threat landscape a year later On the anniversary of the global shutdown, we decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic —…

Read more →

Read the original article: COVID-19: Examining the threat landscape a year later On the anniversary of the global shutdown, Kaspersky experts decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic…

Read more →

Read the original article: Good old malware for the new Apple Silicon platform As we observe a growing interest in the newly released Apple Silicon platform from malware adversaries, this inevitably leads us to new malware samples compiled for it.…

Read more →

Read the original article: Ad blocker with miner included Fake ad blocker is delivering a Monero cryptocurrency miner to user computers.   Become a supporter of IT Security News and help us remove the ads. Read the original article: Ad…

Read more →

Read the original article: Zero-day vulnerabilities in Microsoft Exchange Server The four vulnerabilities inside Microsoft Exchange Server allow an attacker to compromise a vulnerable server. As a result, an attacker will gain access to all registered email accounts, or be…

Read more →

Read the original article: Mobile malware evolution 2020 In 2020, Kaspersky mobile products and technologies detected 156,710 new mobile banking Trojans and 20,708 new mobile ransomware Trojans.   Become a supporter of IT Security News and help us remove the…

Read more →

Read the original article: Mobile malware evolution 2020 In 2020, Kaspersky mobile products and technologies detected 156,710 new mobile banking Trojans and 20,708 new mobile ransomware Trojans.   Become a supporter of IT Security News and help us remove the…

Read more →

Read the original article: The state of stalkerware in 2020 The 2020 data shows that the stalkerware situation has not improved much: the number of affected people is still high. A total of 53,870 unique users were affected globally by…

Read more →

Read the original article: Lazarus targets defense industry with ThreatNeedle In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we…

Read more →

Read the original article: DDoS attacks in Q4 2020 Q4 2020 in terms of DDoS attacks: DDoS market fall, bitcion rise, careful prognoses.   Become a supporter of IT Security News and help us remove the ads. Read the original…

Read more →

Read the original article: DDoS attacks in Q4 2020 News overview Cybercriminals are constantly on the lookout for means and methods to make attacks more destructive. In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators…

Read more →

Read the original article: Spam and phishing in 2020 COVID-19 spam, corporate phishing, fake videoconferences and other trends and figures of 2020.   Become a supporter of IT Security News and help us remove the ads. Read the original article:…

Read more →

Read the original article: How kids coped with COVID-hit winter holidays We analyzed and categorized the most popular websites and search queries over the festive period (December 20, 2020 — January 10, 2021) to find out how kids compensated for…

Read more →

Read the original article: Privacy predictions for 2021 With privacy more often than not being traded for convenience, we believe that for many 2020 has fundamentally changed how much privacy people are willing to sacrifice in exchange for security and…

Read more →

Read the original article: Sunburst backdoor – code overlaps with Kazuar While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with…

Read more →

Read the original article: Sunburst backdoor – code overlaps with Kazuar While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with…

Read more →

Read the original article: Digital Footprint Intelligence Report The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region.   Become a supporter of…

Read more →

Read the original article: How we protect our users against the Sunburst backdoor The detection logic has been improved in all our solutions to ensure our customers protection. We continue to investigate cyberattack on SolarWinds and we will add additional…

Read more →

Read the original article: Lazarus covets COVID-19-related intelligence As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are…

Read more →

Read the original article: Sunburst: connecting the dots in the DNS requests We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we…

Read more →

Read the original article: The future of cyberconflicts Cyberspace conflicts can take a vast number of forms, but in the context of this article, we will only focus on two of them: cyber-warfare for intelligence purposes, and sabotage and interference…

Read more →

Read the original article: Kaspersky Security Bulletin 2020. Statistics Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world, 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus.   Become a supporter of IT…

Read more →

Read the original article: Kaspersky Security Bulletin 2020. Statistics Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world, 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus.   Become a supporter of IT…

Read more →

Read the original article: Adaptive protection against invisible threats In fact, in most medium-sized companies’ cybersecurity strategies, even with an endpoint solution, there are likely to still be gaps that can and should be closed. In this article, we look…

Read more →

Read the original article: The story of the year: remote work In this report, we will focus mainly on what remote work means for businesses and employees from a security perspective.   Become a supporter of IT Security News and…

Read more →

Read the original article: Researchers call for a determined path to cybersecurity As members of a global community, we often feel that we are failing to achieve an adequate level of cybersecurity. We believe it can be explained by a…

Read more →

Read the original article: Researchers call for a determined path to cybersecurity As members of a global community, we often feel that we are failing to achieve an adequate level of cybersecurity. We believe it can be explained by a…

Read more →

Read the original article: The chronicles of Emotet More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the…

Read more →

Read the original article: APT annual review: What the world’s threat actors got up to in 2020 We track the ongoing activities of more than 900 advanced threat actors. Here we try to focus on what we consider to be…

Read more →

Read the original article: What did DeathStalker hide between two ferns? While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its…

Read more →

Read the original article: Education predictions 2021 Many of new digital educational tools are both enhancing the educational experience and introducing new threats. Here are the ones most likely to pose the biggest risks in the coming year.   Become…

Read more →

Read the original article: ICS threat predictions for 2021 We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.   Become a supporter of IT Security…

Read more →

Read the original article: Healthcare security in 2021 The pandemic has turned 2020 into a year of medicine and information technology. The remarkable surge in the criticality level of medical infrastructure, coupled with feasible across-the-board digitalization, led to many of…

Read more →

Read the original article: Dox, steal, reveal. Where does your personal data end up? In this report, we will dig deeper into two major consequences of (willing and unwilling) sharing personal data in public — doxing and the selling of…

Read more →

Read the original article: Cyberthreats to financial organizations in 2021 Let us review the forecasts we made at the end of 2019 and see how accurate we were. Then we will go through the key events of 2020 relating to…

Read more →

Read the original article: Lookalike domains and how to outfox them Our approach is more complex than simply registering lookalike domains to the company and enables real-time blocking of attacks that use such domains as soon as they appear.  …

Read more →

Read the original article: IT threat evolution Q3 2020 Mobile statistics In Q3 2020, Kaspersky mobile protective solutions blocked 16,440,264 attacks on mobile devices, an increase of 2.2 million on Q2 2020.   Become a supporter of IT Security News…

Read more →

Read the original article: IT threat evolution Q3 2020. Non-mobile statistics Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe. Ransomware attacks were defeated on the computers of 121,579 unique users.   Become a supporter of IT…

Read more →

Read the original article: IT threat evolution Q3 2020 MATA framework, Garmin attack, Operation PowerFall, DeathStalker group and other events of 2020.   Become a supporter of IT Security News and help us remove the ads. Read the original article:…

Read more →

Read the original article: Advanced Threat predictions for 2021 Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that can reveal the future, we can try to make educated guesses…

Read more →

Read the original article: Spam and phishing in Q3 2020 The COVID-19 topic, which appeared in Q1 this year, is still in play for spammers and phishers. In our view, the so-called second wave could lead to a surge in…

Read more →

Read the original article: Targeted ransomware: it’s not just about encrypting your data! When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is…

Read more →

Read the original article: Ghimob: a Tétrade threat actor moves to infect mobile devices Guildma’s new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies.   Become…

Read more →

Read the original article: RansomEXX Trojan attacks Linux systems We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems.   Become a supporter of IT Security…

Read more →

Read the original article: Attacks on industrial enterprises using RMS and TeamViewer: new data In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors…

Read more →

Read the original article: APT trends report Q3 2020 For more than three years, GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. This is our latest installment, focusing on activities that we observed during Q3…

Read more →

Read the original article: DDoS attacks in Q3 2020 If Q2 2020 surprised us with an unusually high number of DDoS attacks for this period, the Q3 figures point to a normalization. Judging by the number of unique targets, in…

Read more →

Read the original article: DDoS attacks in Q3 2020 If Q2 2020 surprised us with an unusually high number of DDoS attacks for this period, the Q3 figures point to a normalization. Judging by the number of unique targets, in…

Read more →

Read the original article: On the trail of the XMRig miner As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected…

Read more →

Read the original article: Life of Maze ransomware In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations.   Become a supporter of IT Security News and help us remove…

Read more →

Read the original article: GravityRAT: The spy returns In 2019, on VirusTotal, we encountered a curious piece of Android spyware which, when analyzed, seemed connected to GravityRAT. The cybercriminals had added a spy module to Travel Mate, an Android app…

Read more →

Read the original article: IAmTheKing and the SlothfulMedia malware family The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our…

Read more →

Read the original article: MontysThree: Industrial espionage with steganography and a Russian accent on both sides In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware…

Read more →

Read the original article: MosaicRegressor: Lurking in the Shadows of UEFI We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware…

Read more →

Read the original article: MosaicRegressor: Lurking in the Shadows of UEFI We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware…

Read more →

Read the original article: SAS@Home is back this fall Now, this unique year presents us with a new surprise: the second SAS in one calendar year! Once again, everyone can visit this online event.   Advertise on IT Security News.…

Read more →

Read the original article: Why master YARA: from routine to extreme threat hunting cases. Follow-up On 3rd of September, we were hosting our webinar, in which we shared best practices on YARA usage. Due to timing restrictions we were not…

Read more →

Read the original article: Threat landscape for industrial automation systems. H1 2020 highlights Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal…

Read more →

Read the original article: Looking for sophisticated malware in IoT devices Let’s talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components.   Advertise on IT Security News.…

Read more →

Read the original article: An overview of targeted attacks and APTs on Linux Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT…

Read more →

Read the original article: Digital Education: The cyberrisks of the online classroom This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors.…

Read more →

Read the original article: IT threat evolution Q2 2020. PC statistics During the second quarter Kaspersky solutions blocked 899,744,810 attacks launched from online resources across the globe, as many as 286,229,445 unique URLs triggered Web Anti-Virus components.   Advertise on…

Read more →