Tag: Securelist

Modern vehicles, their current and future threats, and approaches to automotive cybersecurity. This article has been indexed from Securelist Read the original article: Modern vehicle cybersecurity trends

Read more →

Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group. This article has been indexed from Securelist Read the original article: GodRAT – New…

Read more →

Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group. This article has been indexed from Securelist Read the original article: GodRAT – New…

Read more →

We examine the evolution of the PipeMagic backdoor and the TTPs of its operators – from the RansomExx incident in 2022 to attacks in Brazil and Saudi Arabia, and the exploitation of CVE-2025-29824 in 2025. This article has been indexed…

Read more →

Common tactics in phishing and scams in 2025: learn about the use of AI and deepfakes, phishing via Telegram, Google Translate and Blob URLs, biometric data theft, and more. This article has been indexed from Securelist Read the original article:…

Read more →

The Efimer Trojan spreads through email and hacked WordPress websites, steals cryptocurrency, and substitutes wallets in the clipboard. This article has been indexed from Securelist Read the original article: Scammers mass-mailing the Efimer Trojan to steal crypto

Read more →

In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat. This article has been indexed from Securelist Read the original article: Driver…

Read more →

A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon. This article has been indexed from Securelist Read the original article: Cobalt Strike Beacon delivered via GitHub…

Read more →

A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon. This article has been indexed from Securelist Read the original article: Cobalt Strike Beacon delivered via GitHub…

Read more →

Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected. This article has been indexed from Securelist Read the original article: ToolShell: a story of five…

Read more →

Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa. This article has been indexed from Securelist Read the original article: The SOC files: Rumble in the jungle or APT41’s new target…

Read more →

Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa. This article has been indexed from Securelist Read the original article: The SOC files: Rumble in the jungle or APT41’s new target…

Read more →

Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa. This article has been indexed from Securelist Read the original article: Rumble in the jungle: APT41’s new target in Africa

Read more →

In an incident response case in Asia, Kaspersky researchers discovered a new backdoor for Microsoft Exchange servers, based on open-source tools and dubbed “GhostContainer”. This article has been indexed from Securelist Read the original article: GhostContainer backdoor: malware compromising Exchange…

Read more →

A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool. This article has been indexed from Securelist Read the original article: Forensic journey: Breaking down the UserAssist artifact structure

Read more →

Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer. This article has been indexed from Securelist Read the original article: Code highlighting with Cursor AI for $500,000

Read more →

We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing. This article has been indexed from Securelist Read the original article: Approach…

Read more →

Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices. This article has been indexed from Securelist Read the original article: Batavia spyware steals data from Russian organizations

Read more →

In its annual SMB threat report, Kaspersky shares insights into trends and statistics on malware, phishing, scams, and other threats to small and medium-sized businesses, as well as security tips. This article has been indexed from Securelist Read the original…

Read more →

SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users’ galleries. This article has been indexed from Securelist Read the original article: SparkKitty, SparkCat’s little brother: A…

Read more →

Kaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website. This article has been indexed from Securelist Read the original article: Toxic trend: Another…

Read more →

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts. This article has been indexed from Securelist Read the original article: Sleep with…

Read more →

Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721. This article has been indexed from Securelist Read the original article: Analysis of the latest Mirai wave exploiting TBK…

Read more →

The number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2025. Mobile statistics

Read more →

The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2025. Non-mobile statistics

Read more →

Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility. This article has been indexed from Securelist Read the original article:…

Read more →

This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities…

Read more →

A comprehensive historical breakdown of Zanubis’ changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts. This article has been indexed from Securelist Read the original article: Zanubis in motion: Tracing the…

Read more →

Kaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API. This article has been indexed from Securelist Read the original article: Dero miner zombies biting through Docker APIs to build a…

Read more →

Kaspersky ICS CERT shares trends and statistics on industrial threats in Q1 2025. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in Q1 2025

Read more →

Kaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike. This article has been indexed from Securelist Read the original article: Using a Mythic agent to optimize penetration testing

Read more →

Kaspersky researchers review ransomware trends for 2024, analyze the most active groups and forecast how this threat will evolve in 2025. This article has been indexed from Securelist Read the original article: State of ransomware in 2025

Read more →

The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet’s SSH-based infection chain. This article has been indexed from Securelist Read the original article: Outlaw…

Read more →

Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps. This article has been indexed from Securelist Read the original article: Triada strikes back

Read more →

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach. This article has been indexed from Securelist Read the original article: Operation SyncHole: Lazarus APT goes…

Read more →

While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates. This article has been indexed from Securelist Read the original article: Russian organizations targeted by backdoor masquerading as secure networking software…

Read more →

During incident response activities, our GERT team discovered Lumma Stealer in a customer’s infrastructure. Our experts conducted an investigation and analyzed its distribution scheme in detail. This article has been indexed from Securelist Read the original article: Lumma Stealer –…

Read more →

Attackers are increasingly sending phishing emails with SVG attachments that contain embedded HTML pages or JavaScript code. This article has been indexed from Securelist Read the original article: Phishing attacks leveraging HTML code inside SVG files

Read more →

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia. This article has been indexed from Securelist Read the original article: IronHusky…

Read more →

A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency. This article has been indexed from…

Read more →

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent. This article has been indexed from Securelist Read the original article: GOFFEE continues to attack organizations in Russia

Read more →

Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques. This article has been indexed from Securelist Read the original article: Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Read more →

While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution. This article has been indexed from Securelist Read the original article: How ToddyCat…

Read more →

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface. This article has been indexed from Securelist Read the original article: A journey into forgotten Null Session and MS-RPC interfaces,…

Read more →

The TookPS malicious downloader is distributed under the guise of DeepSeek, and further mimics UltraViewer, AutoCAD, SketchUp, Ableton, and other popular tools. This article has been indexed from Securelist Read the original article: TookPS: DeepSeek isn’t the only game in…

Read more →

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome. This article has been indexed from Securelist Read the original article: Operation ForumTroll: APT attack with Google Chrome zero-day…

Read more →

The Kaspersky financial threat report for 2024 contains the main trends and statistics on financial phishing and scams, mobile and PC banking malware, as well as recommendations on how to protect yourself and your business. This article has been indexed…

Read more →

The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in Q4 2024

Read more →

The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers. This article has been indexed from Securelist Read the original article: Arcane stealer: We want…

Read more →

We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve. This article has been indexed from Securelist Read the original article: Head Mare and Twelve join forces to attack Russian entities

Read more →

Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and cybersecurity recommendations. This article has been indexed from Securelist Read the original article: Incident response analyst report 2024

Read more →

Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats. This article has been indexed from Securelist Read the original article: DCRat backdoor returns

Read more →

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. This article has…

Read more →

Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites. This article has been indexed from Securelist Read the original article: Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Read more →

Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool. This article has been indexed from Securelist Read the original article: Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner…

Read more →

The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software. This article has been indexed from Securelist Read the original article: Mobile malware evolution in 2024

Read more →

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved. This article has been indexed from Securelist Read the original article: The SOC files: Chasing…

Read more →

This report provides statistics on vulnerabilities and exploits and discusses the most frequently exploited vulnerabilities in Q4 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q4 2024

Read more →

Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects. This article has been indexed from Securelist Read the original article: The GitVenom campaign: cryptocurrency theft using GitHub

Read more →

Kaspersky experts analyze the Angry Likho APT group’s attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft. This article has been indexed from Securelist Read the original article: Angry Likho: Old beasts in a new forest

Read more →

The Kaspersky Managed Detection and Response report includes trends and statistics based on incidents identified and mitigated by Kaspersky’s SOC team in 2024. This article has been indexed from Securelist Read the original article: Managed detection and response in 2024

Read more →

We analyze 2024’s key spam and phishing statistics and trends: the hunt for crypto wallets, Hamster Kombat, online promotions via neural networks, fake vacation schedules, and more. This article has been indexed from Securelist Read the original article: Spam and…

Read more →

StaryDobry campaign targets gamers with XMRig miner This article has been indexed from Securelist Read the original article: StaryDobry ruins New Year’s Eve, delivering miner instead of presents

Read more →

Compensations for scam victims, and millionaires losing their family to COVID-19: read on to learn about the types of “Nigerian” spam one could come across in 2024. This article has been indexed from Securelist Read the original article: Investors, Trump…

Read more →

Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model. This article has been indexed from Securelist Read the original article:…

Read more →

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats. This article has been indexed from Securelist Read the original article: One policy to rule them all

Read more →

Kaspersky GReAT experts discovered a new campaign targeting Android devices in Malaysia and Brunei with the Tria stealer to collect data from apps like WhatsApp and Gmail. This article has been indexed from Securelist Read the original article: No need…

Read more →

Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025. This article has been indexed from Securelist Read the original article: Threat predictions for industrial enterprises 2025

Read more →

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access. This article has been indexed from Securelist Read the original article: Mercedes-Benz Head Unit security research report

Read more →

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor. This article has been indexed from Securelist Read the original article: EAGERBEE, with updated and novel components, targets the Middle East

Read more →

The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in Q3 2024

Read more →

We analyze the latest activity by the Cloud Atlas gang. The attacks employ the PowerShower, VBShower and VBCloud modules to download victims’ data with various PowerShell scripts. This article has been indexed from Securelist Read the original article: Cloud Atlas…

Read more →

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”. This article has been indexed from Securelist Read the original article: BellaCPP: Discovering a new BellaCiao variant written in C++

Read more →

Kaspersky’s GERT experts describe an incident with initial access to enterprise infrastructures through a FortiClient EMS vulnerability that allowed SQL injections. This article has been indexed from Securelist Read the original article: Attackers exploiting a patched FortiClient EMS vulnerability in…

Read more →

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus. This article has been indexed from Securelist Read the original article: Lazarus group evolves its infection…

Read more →

Kaspersky experts analyze attacks by C.A.S, a cybergang that uses uncommon remote access Trojans and posts data about victims in public Telegram channels. This article has been indexed from Securelist Read the original article: Analysis of Cyber Anarchy Squad attacks…

Read more →

The Mamont banking trojan is spreading under the guise of a parcel-tracking app for fake stores claiming to offer goods at wholesale prices. This article has been indexed from Securelist Read the original article: Download a banker to track your…

Read more →

Kaspersky experts review dark market trends in 2024, such as popularity of cryptors, loaders and crypto drainers on the dark web, and discuss what to expect in 2025. This article has been indexed from Securelist Read the original article: Dark…

Read more →

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence. This article has been indexed from Securelist Read the original article: Careto is back: what’s new after 10 years of silence?

Read more →

While the CrowdStrike incident is still fresh in our minds, Kaspersky experts look back on similar IT outages that happened in 2024 and predict potential threats for 2025. This article has been indexed from Securelist Read the original article: Story…

Read more →

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q3 2024, such as regreSSHion This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q3 2024

Read more →

Kaspersky researchers demonstrate capabilities of hrtng plugin for IDA Pro, share tips on working with IDA and reverse engineer FinSpy malware with these tools. This article has been indexed from Securelist Read the original article: Our secret ingredient for reverse…

Read more →

The “Kaspersky Security Bulletin 2024. Statistics” report contains statistics on cyberthreats for the period from November 2023 through October 2024. It covers such threats as financial malware, ransomware, miners, malware for IoT and macOS, vulnerabilities and others. This article has…

Read more →

Kaspersky’s GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025. This article has been indexed from Securelist Read the original article: Сrimeware and financial cyberthreats in 2025

Read more →

Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks. This article has been indexed from Securelist Read the original article: Threats…

Read more →

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims. This article has been indexed from Securelist Read the original article: Ymir: new stealthy ransomware…

Read more →

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns. This article has been indexed from Securelist Read the original article: QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Read more →

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle. This article has been indexed from Securelist Read the original article: New SteelFox Trojan mimics software activators,…

Read more →

Scammers use large language models (LLMs) to create phishing pages and leave artifacts in texts and tags, like the phrase “As an AI language model…”. This article has been indexed from Securelist Read the original article: Loose-lipped neural networks and…

Read more →

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents. This article has been indexed from Securelist Read the original article: Risk reduction redefined: How…

Read more →

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets. This article has been indexed from Securelist Read the original article: Lumma/Amadey: fake CAPTCHAs want to…

Read more →

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. This article has been indexed from Securelist Read the original article: The Crypto Game…

Read more →

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. This article has been indexed from Securelist Read the original article: The Crypto Game…

Read more →

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions. This article has been indexed from Securelist Read the original article: Grandoreiro, the global trojan with grandiose goals

Read more →

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions. This article has been indexed from Securelist Read the original article: Grandoreiro, the global trojan with grandiose ambitions

Read more →

Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer. This article has been indexed from Securelist Read…

Read more →

A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc. This article has been indexed from Securelist Read the original article: Analysis of the…

Read more →

In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7. This article has been indexed from Securelist Read the original article: SAS CTF and…

Read more →

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. This article has been indexed from Securelist Read the original article: Beyond the Surface: the evolution and expansion of the SideWinder APT group

Read more →

The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on. This article has been indexed from Securelist Read the original article: Whispers from the Dark…

Read more →