Category: Securelist

Analysis of Twelve’s activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers. This article has been indexed from Securelist Read the original article: -=TWELVE=- is back

Read more →

Kaspersky researchers detected a campaign exclusively targeting Italian users by delivering a new RAT dubbed SambaSpy This article has been indexed from Securelist Read the original article: Exotic SambaSpy is now dancing with Italian users

Read more →

Kaspersky experts have discovered a new version of the Loki agent for the open-source Mythic framework, which uses DLLs to attack Russian companies. This article has been indexed from Securelist Read the original article: Loki: a new private agent for…

Read more →

Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East. This article has been indexed from Securelist Read…

Read more →

In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc. This article has been indexed from Securelist Read the original article: Mallox ransomware: in-depth analysis and evolution

Read more →

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. This article has been indexed from Securelist Read the original article: A deep dive into the…

Read more →

In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc. This article has been indexed from Securelist Read the original article: IT threat evolution Q2 2024

Read more →

The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Mobile statistics

Read more →

This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Non-mobile statistics

Read more →

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore. This article has been indexed from Securelist Read the original article: Head Mare: adventures of a unicorn in…

Read more →

Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers. This article has been indexed from Securelist Read the original article: HZ Rat backdoor for macOS attacks users of China’s…

Read more →

While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer. This article has been indexed from Securelist…

Read more →

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q2 2024

Read more →

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems. This article has been indexed from Securelist Read the original article: Approach to mainframe penetration testing on z/OS

Read more →

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. This article has been indexed from Securelist Read the original article: BlindEagle flying…

Read more →

Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data. This article has been indexed from Securelist Read the original article: Tusk: unraveling a complex infostealer campaign

Read more →

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. This article has been indexed from Securelist Read the original article: EastWind campaign: new CloudSorcerer attacks on government organizations in…

Read more →

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity. This article has been indexed from Securelist Read the original…

Read more →

We studied data from the internet and Kaspersky internal sources to find out how and why people use indirect prompt injection. This article has been indexed from Securelist Read the original article: Indirect prompt injection in the real world: how…

Read more →

Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2. This article has been indexed from Securelist Read the original article: LianSpy: new Android spyware targeting Russian users

Read more →

Kaspersky researchers investigated three ransomware groups that tapped newly built malware samples based on Babuk, Lockbit, Chaos and others, while lacking professional resources. This article has been indexed from Securelist Read the original article: How “professional” ransomware variants boost cybercrime…

Read more →

Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play This article has been indexed from Securelist Read the original article: Mandrake spyware sneaks onto Google Play again, flying under the…

Read more →

Kaspersky experts have discovered a new scheme that combines elements of spear and mass phishing This article has been indexed from Securelist Read the original article: When spear phishing met mass phishing

Read more →

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help. This article has been indexed from Securelist Read the original article: Developing and prioritizing a detection engineering backlog based…

Read more →

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. This article has been indexed from Securelist Read the original article: CloudSorcerer – A new APT targeting Russian government…

Read more →

Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam. This article has been indexed from Securelist Read the original article: Cybersecurity in the SMB space — a growing threat

Read more →

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook. This article has been indexed from Securelist Read the original article: XZ backdoor: Hook analysis

Read more →

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques. This article has been indexed from Securelist Read the original article: Analysis of user password strength

Read more →

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities. This article has been indexed from Securelist Read the original…

Read more →

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. This article has been indexed from Securelist Read the original article: QR code SQL injection and other vulnerabilities…

Read more →

Explaining how scammers use phishing and OTP bots to gain access to accounts protected with 2FA. This article has been indexed from Securelist Read the original article: Bypassing 2FA with phishing and OTP bots

Read more →

In this report, Kaspersky shares non-mobile malware statistics for Q1 2024, including ransomware, miner and macOS malware statistics. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2024. Non-mobile statistics

Read more →

In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant. This article has been indexed from…

Read more →

Mobile malware statistics for Q1 2024: most common threats for Android, mobile banking Trojans, and ransomware Trojans. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2024. Mobile statistics

Read more →

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers. This article has been indexed from Securelist Read the original article: Trusted relationship attacks: trust, but verify

Read more →

Here’s how scams target buyers and sellers on online message boards, and how the gangs behind them operate. This article has been indexed from Securelist Read the original article: Message board scams

Read more →

In this report Kaspersky ICS CERT shares statistics on threats blocked on ICS computers globally and in separate regions in Q1 2024: share of attacked computers, most affected industries, most common types of threats. This article has been indexed from…

Read more →

The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. This article…

Read more →

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration. This article has been indexed from Securelist Read the original article: A journey into forgotten Null Session and MS-RPC interfaces

Read more →

In this report, we discuss two new stealers: Acrid and ScarletStealer, and an evolution of the known Sys01 stealer, with the latter two dividing stealer functionality across several modules. This article has been indexed from Securelist Read the original article:…

Read more →

In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft’s patch Tuesday. We have seen it exploited by QuakBot and other malware. This article…

Read more →

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. This article has been indexed from Securelist Read the original article: Incident response analyst report 2023

Read more →

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. This article has been indexed from Securelist Read the original article: Incident response analyst report 2023

Read more →

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity. This article has been indexed from Securelist Read the original article: APT trends report Q1…

Read more →

As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement. This article has been indexed from Securelist Read the original article: State of ransomware in…

Read more →

The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q1 2024

Read more →

In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware. This article has been indexed from Securelist Read the original article: Financial cyberthreats in 2023

Read more →

The report covers the tactics, techniques and tools most commonly deployed by threat actors, the nature of incidents detected and their distribution among MDR customers. This article has been indexed from Securelist Read the original article: Managed Detection and Response…

Read more →

In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their…

Read more →

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts. This article has been indexed from Securelist Read the original article: ToddyCat is…

Read more →

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. This article has been indexed from Securelist Read the original article: DuneQuixote campaign targets Middle Eastern…

Read more →

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection. This article has been indexed from Securelist Read the original article: SoumniBot: the new Android banker’s unique techniques

Read more →

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. This article has been indexed from Securelist Read the original article: Using the LockBit builder…

Read more →

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process. This article has been indexed from Securelist Read the original article: XZ backdoor story – Initial analysis

Read more →

In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022. This article has been indexed from Securelist Read the original article: DinodasRAT Linux implant targeting entities…

Read more →

In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan. This article has been indexed from Securelist Read the original article: Android malware, Android malware and more Android malware

Read more →

Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems.…

Read more →

In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.…

Read more →

Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine. This article has been indexed from Securelist Read the original article: What’s in your notepad?…

Read more →

In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected. This article has been indexed from Securelist Read the…

Read more →

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. This article has been indexed from Securelist Read the original article:…

Read more →

This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks. This article has been indexed from Securelist Read the original article: Spam and…

Read more →

While investigating an incident, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the QEMU hardware emulator. This article has been indexed…

Read more →

Security research into an AI robot for kids revealed several vulnerabilities enabling a cybercriminal to take over device control and to video-chat with the kid. This article has been indexed from Securelist Read the original article: An educational robot security…

Read more →

This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others. This article has been indexed from Securelist Read the original article: The mobile malware threat landscape in 2023

Read more →

We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil. This article has been indexed from Securelist Read the…

Read more →

Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc. This article has been indexed from Securelist Read the original article: ICS and OT threat predictions for 2024

Read more →

Kaspersky experts review their privacy predictions for 2023 and last year’s trends, and try to predict what privacy concerns and solutions are to come in 2024. This article has been indexed from Securelist Read the original article: Privacy predictions for…

Read more →

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware. This article has been indexed from Securelist Read the original article: Cracked software beats gold: new macOS backdoor stealing cryptowallets

Read more →

An overview of last year’s predictions for corporate and dark web threats and our predictions for 2024. This article has been indexed from Securelist Read the original article: Dark web threats and dark market predictions for 2024

Read more →

Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator. This article has been indexed from Securelist Read the original article: A lightweight method to detect potential iOS…

Read more →

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs. This article has been indexed from Securelist…

Read more →

This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist…

Read more →

We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these…

Read more →

This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist…

Read more →

This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist Read…

Read more →

This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist Read…

Read more →

We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities. This article has been indexed from Securelist Read the…

Read more →

In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS. This article has been indexed from Securelist Read the original article: FakeSG campaign, Akira ransomware…

Read more →

We created a list of companies worldwide from different industries and searched through Darknet trying to find out how likely these companies have suffered a breach, what kind of data leaked, and what to do with it. This article has…

Read more →

Generative AI has become the trendiest technology of 2023. Kaspersky reviews AI-related security concerns, and implementations of this technology in cyberdefense and red teaming, and provides predictions for 2024. This article has been indexed from Securelist Read the original article:…

Read more →

A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. This article has been indexed from Securelist Read the original article: New macOS Trojan-Proxy piggybacking on…

Read more →

BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system. This article has been indexed from Securelist Read the original article: BlueNoroff: new Trojan attacking macOS users

Read more →

Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. This article has been indexed from Securelist Read the original article: Kaspersky Security Bulletin 2023. Statistics

Read more →

Mobile threat statistics for Q3 2023 include data on malware, adware, banking Trojans and ransomware for Android devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2023. Mobile statistics

Read more →

PC malware statistics for Q3 2023 include data on miners, ransomware, banking Trojans and other threats to Windows, macOS and IoT equipment. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2023. Non-mobile…

Read more →

Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China. This article has been indexed from Securelist Read the original article: IT threat evolution Q3 2023

Read more →

Kaspersky experts review last year’s predictions on consumer cyberthreats and try to anticipate the trends for 2024. This article has been indexed from Securelist Read the original article: Consumer cyberthreats: predictions for 2024

Read more →

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021. This article has been indexed from Securelist Read the original article:…

Read more →

Kaspersky assesses last year’s predictions for the financial threat landscape, and tries to anticipate crimeware trends for the coming year 2024. This article has been indexed from Securelist Read the original article: Crimeware and financial cyberthreats in 2024

Read more →

As Black Friday approaches, Kaspersky analyzes phishing and spam activity around major sales events, and reviews statistics on online shopping threats in 2023. This article has been indexed from Securelist Read the original article: The dark side of Black Friday:…

Read more →

Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024. This article has been indexed from Securelist Read the original article: Advanced threat predictions for…

Read more →

Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024. This article has been indexed from Securelist Read the original article: Advanced threat predictions for…

Read more →

The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers. This article has been indexed from Securelist Read the original article: Ducktail fashion week

Read more →

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups. This article has been indexed from Securelist…

Read more →

Gaming-related threat landscape in 2023: desktop and mobile malware disguised as Minecraft, Roblox and other popular games, and the most widespread phishing schemes. This article has been indexed from Securelist Read the original article: Gaming-related cyberthreats in 2023: Minecrafters targeted…

Read more →

A WhatsApp mod with a built-in spy module has been spreading through Arabic and Azeri Telegram channels since August 2023. This article has been indexed from Securelist Read the original article: WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users

Read more →