Tag: Securelist

Brief introduction to setting up Ghidra, and then configuring it with a familiar UI and shortcuts, so that you would not need to re-learn all the key sequences you have got used to over the years. This article has been…

Read more →

While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020. This article has been indexed from Securelist Read the original article: DeathStalker targets legal entities with…

Read more →

Phishing in social networks and messengers, marketplace fraud, exploitation of Google Forms and other services: we uncover what’s trending among attackers in 2022 This article has been indexed from Securelist Read the original article: Main phishing and scamming trends and…

Read more →

In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. This article has been indexed from Securelist Read the original article: Crimeware trends: self-propagation and driver exploitation

Read more →

In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. This article has been indexed from Securelist Read the original article: If one sheep leaps over the…

Read more →

How exactly can indicators of compromise help information security specialists in their everyday work? To find the answer we asked three Kaspersky experts to share their experience. This article has been indexed from Securelist Read the original article: Indicators of…

Read more →

Key statistics for 2022: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. This article has been indexed from Securelist Read the original article: Kaspersky Security Bulletin 2022. Statistics

Read more →

Kaspersky consumer cyberthreat predictions: console shortage, scams related to new games and shows, cyberattacks in the metaverse, and threats related to online education. This article has been indexed from Securelist Read the original article: Consumer cyberthreats: predictions for 2023

Read more →

We think the geopolitical and economic events of 2022, as well as new technological trends, will be the major factors influencing the privacy landscape in 2023. Here we take a look at the most important developments that, in our opinion,…

Read more →

A review of Do Not Track (DNT) statistics for the most widely used web tracking services in 2021 and 2022. This article has been indexed from Securelist Read the original article: Who tracked internet users in 2021–2022

Read more →

Online shopping security threat statistics and trends in 2022: phishing, scams, banking Trojans—things that you should be aware of as the Black Friday sales are approaching. This article has been indexed from Securelist Read the original article: Black Friday shoppers…

Read more →

This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. This article has been indexed from Securelist Read the original article: Crimeware and financial cyberthreats in…

Read more →

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This article has been indexed from Securelist Read the original article: Policy trends: where are…

Read more →

The coming year looks to be much more complicated. In the post we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.…

Read more →

Recent APT campaigns, a sophisticated UEFI rootkit, new ransomware for Windows, Linux and ESXi, attacks on foreign and crypto-currency exchanges, and malicious packages in online code repositories. This article has been indexed from Securelist Read the original article: IT threat…

Read more →

In Q3 2022, a total of 5,623,670 mobile malware, adware, and riskware attacks were blocked, and 438,035 malicious installation packages were detected. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2022. Mobile…

Read more →

PC malware statistics for Q3 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2022. Non-mobile…

Read more →

In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages. This article has been indexed from Securelist Read the original article: DTrack activity targeting Europe and Latin America

Read more →

In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages. This article has been indexed from Securelist Read the original article: DTrack activity targeting Europe and Latin America

Read more →

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. This article has been indexed from Securelist Read the original article: Advanced…

Read more →

In 2022 cryptocurrencies dropped, but cryptojacking (illicit cryptocurrency mining) activity grew. In this report we provide statistics on cryptojacking in 2022. This article has been indexed from Securelist Read the original article: The state of cryptojacking in the first three…

Read more →

We invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year. This article has been indexed from Securelist Read the original article: Cybersecurity threats: what awaits us in 2023?

Read more →

In Q3 2022, the situation on the DDoS market stabilized, and sophisticated attacks on HTTP(S) began to hold sway over simple TCP attacks. This article has been indexed from Securelist Read the original article: DDoS attacks in Q3 2022

Read more →

This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. We hope that it helps you to stay up to date on the modern threat landscape and to be better prepared for attacks. This…

Read more →

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022. This article has been indexed from Securelist Read the original article: APT trends report Q3 2022

Read more →

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor. This article has been indexed from Securelist Read the…

Read more →

In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. This article has been indexed from Securelist Read the original article: APT10: Tracking down LODEINFO 2022, part II

Read more →

In this report we provide technical analysis of the GamePlayerFramework deployed by an APT we call DiceyF, which is targeting online casinos in Southeast Asia. This article has been indexed from Securelist Read the original article: DiceyF deploys GamePlayerFramework in…

Read more →

In this report we provide technical analysis of the GamePlayerFramework deployed by an APT we call DiceyF, which is targeting online casinos in Southeast Asia. This article has been indexed from Securelist Read the original article: DiceyF deploys GamePlayerFramework in…

Read more →

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. This article has been indexed from Securelist Read the…

Read more →

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app’s internal store. This article has been indexed from Securelist Read the original article: Malicious WhatsApp mod distributed through…

Read more →

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. This article has been indexed from Securelist Read the…

Read more →

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app’s internal store. This article has been indexed from Securelist Read the original article: Malicious WhatsApp mod distributed through…

Read more →

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. This article has been indexed from Securelist Read the…

Read more →

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app’s internal store. This article has been indexed from Securelist Read the original article: Malicious WhatsApp mod distributed through…

Read more →

We looked at the number of affected ATMs and PoS terminals, geography of attacks and threat families used by cybercriminals to target victims in 2020-2022. This article has been indexed from Securelist Read the original article: A look at the…

Read more →

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. This article has been indexed from Securelist Read the original article: Uncommon infection and malware propagation methods

Read more →

TajMahal, DarkUniverse, PuzzleMaker, ProjectSauron (aka Strider), USB Thief, TENSHO (aka White Tur), PlexingEagle, SinSono, MagicScroll (aka AcidBox), Metador—all these targeted attacks are still unattributed. This article has been indexed from Securelist Read the original article: TOP 10 unattributed APT mysteries

Read more →

Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users. This article has been indexed from Securelist Read the original article: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

Read more →

We looked at the number of affected ATMs and PoS terminals, geography of attacks and threat families used by cybercriminals to target victims in 2020-2022. This article has been indexed from Securelist Read the original article: A look at the…

Read more →

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries. This article has been indexed from Securelist Read the original article: DeftTorero: tactics,…

Read more →

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. This article has been indexed from Securelist Read the original article: Uncommon infection and malware propagation methods

Read more →

Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users. This article has been indexed from Securelist Read the original article: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

Read more →

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries. This article has been indexed from Securelist Read the original article: DeftTorero: tactics,…

Read more →

Kaspersky ICS CERT report on vulnerabilities in Schneider Electric’s engineering software that enables UMAS protocol abuse. This article has been indexed from Securelist Read the original article: The secrets of Schneider Electric’s UMAS protocol

Read more →

Prilex is a Brazilian threat actor focusing on ATM and PoS attacks. In this report, we provide an overview of its PoS malware. This article has been indexed from Securelist Read the original article: Prilex: the pricey prickle credit card…

Read more →

Kaspersky ICS CERT report on vulnerabilities in Schneider Electric’s engineering software that enables UMAS protocol abuse. This article has been indexed from Securelist Read the original article: The secrets of Schneider Electric’s UMAS protocol

Read more →

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others. This article has been indexed from Securelist Read the original article: NullMixer: oodles of Trojans in a single dropper

Read more →

Prilex is a Brazilian threat actor focusing on ATM and PoS attacks. In this report, we provide an overview of its PoS malware. This article has been indexed from Securelist Read the original article: Prilex: the pricey prickle credit card…

Read more →

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others. This article has been indexed from Securelist Read the original article: NullMixer: oodles of Trojans in a single dropper

Read more →

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users. This article has been indexed from Securelist Read the original article: Mass email campaign with a pinch of targeted spam

Read more →

We analyze external threats for organizations in APAC region based on the data collected by Kaspersky Digital Footprint Intelligence service. This article has been indexed from Securelist Read the original article: External attack surface and ongoing cybercriminal activity in APAC…

Read more →

We analyze external threats for organizations in APAC region based on the data collected by Kaspersky Digital Footprint Intelligence service. This article has been indexed from Securelist Read the original article: External attack surface and ongoing cybercriminal activity in APAC…

Read more →

A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games. This article has been indexed from Securelist Read the original article: Self-spreading stealer attacks gamers via YouTube

Read more →

H1 2022 in numbers Geography In H1 2022, malicious objects were blocked at least once on 31.8% of ICS computers globally. Percentage of ICS computers on which malicious objects were blocked For the first time in five years of observations,…

Read more →

In this report, we analyze malware, potentially unwanted applications and phishing cases related to most popular video games and cheats for these games. This article has been indexed from Securelist Read the original article: Good game, well played: an overview…

Read more →

In this report Kaspersky provides incident response statistics for 2021, as well as conclusions based on investigations of the real incidents. This article has been indexed from Securelist Read the original article: The nature of cyber incidents

Read more →

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea. This article…

Read more →

In this report, we discuss the new multi-platform ransomware RedAlert (aka N13V) and Monster, as well as private 1-day exploits for the CVE-2022-24521 vulnerability. This article has been indexed from Securelist Read the original article: Ransomware updates & 1-day exploits

Read more →

Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference Defcon 30. Coming back from the COVID hiatus, the conferences were enthusiastically full compared to the 2021 ghost town. This article has been indexed from…

Read more →

We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. They were masquerading as one of the most popular open-source packages named “requests“. This article has been indexed from Securelist…

Read more →

In this research, we observed various types of threats that mimic useful web browser extensions, and the number of users attacked by them. This article has been indexed from Securelist Read the original article: Threat in your browser: what dangers…

Read more →

Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2022.…

Read more →

In Q2 2022, we detected 405,684 mobile malware installation packages, of which 55,614 packages were related to mobile banking trojans, and 3,821 packages were mobile ransomware trojans. This article has been indexed from Securelist Read the original article: IT threat…

Read more →

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. This article has been indexed from Securelist Read the original article: IT threat evolution…

Read more →

We released Python-based command line tools for our OpenTIP service that also implement a client class that you can reuse in your own tools. This article has been indexed from Securelist Read the original article: OpenTIP, command line edition

Read more →

In late August 2020, we published an overview of DeathStalker’s profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns (PowerPepper was later documented in 2020). Notably, we exposed why we believe the threat actor may fit a group…

Read more →

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly. This article…

Read more →

Kaspersky ICS CERT experts detected a wave of targeted attacks in several East European countries, as well as Afghanistan. Of the six backdoors identified on infected systems, five have been used earlier in attacks attributed to APT TA428. This article…

Read more →

Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in Q1. Also, we saw the continuation of a trend that began in spring: an increase in superlong attacks. This article has been indexed…

Read more →

This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. This article has been indexed from Securelist Read the…

Read more →

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022. This article has been indexed from Securelist Read the original article: APT trends report Q2 2022

Read more →

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. This article has been indexed from Securelist Read the original article: CosmicStrand: the discovery of a sophisticated UEFI firmware…

Read more →

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. This article has been indexed from Securelist Read the original article: Luna and Black Basta — new ransomware for Windows, Linux…

Read more →

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. This article has been indexed from Securelist Read the original article: Text-based fraud: from 419 scams to vishing

Read more →

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. This article has been indexed from Securelist Read the original article: Text-based fraud: from 419 scams to vishing

Read more →

We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. This article has been indexed…

Read more →

We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. This article has been indexed…

Read more →

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. This article has been indexed from Securelist Read…

Read more →

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. This article has been indexed from Securelist Read…

Read more →

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. This article has been indexed from Securelist Read the original article: The hateful eight: Kaspersky’s guide…

Read more →

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. This article has…

Read more →

How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions. This article has been indexed from…

Read more →

This article has been indexed from Securelist What cybercriminals charge for the data of large companies on the dark web – a review of underground forum offers by category. Read the original article: How much does access to corporate infrastructure…

Read more →

This article has been indexed from Securelist We analyze data on vulnerabilities in routers, plus malware that attacks IoT devices: Mirai, NyaDrop, Gafgyt, and other. Read the original article: Router security in 2021

Read more →

This article has been indexed from Securelist At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Read the…

Read more →

This article has been indexed from Securelist We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. Read the original article: WinDealer dealing on the side

Read more →

This article has been indexed from Securelist PC malware statistics for the Q1 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Read the original article: IT threat evolution in Q1 2022.…

Read more →

This article has been indexed from Securelist Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. Read the original article: IT threat…

Read more →

This article has been indexed from Securelist According to Kaspersky Security Network, in Q1 2022 516,617 mobile malware installation packages were detected, of which 53,947 packages were related to mobile banking trojans, and 1,942 packages were mobile ransomware trojans. Read…

Read more →

This article has been indexed from Securelist Kaspersky Managed Detection and Response (MDR) services in 2021 in facts and figures: number of security incidents detected, their severity, etc. Read the original article: Managed detection and response in 2021

Read more →

This article has been indexed from Securelist The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. Read the original article: The…

Read more →

This article has been indexed from Securelist Third party automotive mobile apps, web apps and API clients provide drivers with additional functions but may pose security risks for their data. Read the original article: What’s wrong with automotive mobile apps?

Read more →

This article has been indexed from Securelist This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified. Read the original article:…

Read more →

This article has been indexed from Securelist With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute…

Read more →

This article has been indexed from Securelist In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions. Read the original article: HTML attachments in phishing e-mails

Read more →

This article has been indexed from Securelist This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. Read the original article: New ransomware…

Read more →

This article has been indexed from Securelist Kaspersky analysis of mobile subscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical description and statistics. Read the original article: Mobile subscription Trojans and their little tricks

Read more →

This article has been indexed from Securelist We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden…

Read more →

This article has been indexed from Securelist This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. Read the original article: APT trends report Q1 2022

Read more →