Tag: Securelist

The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet’s SSH-based infection chain. This article has been indexed from Securelist Read the original article: Outlaw…

Read more →

Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps. This article has been indexed from Securelist Read the original article: Triada strikes back

Read more →

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach. This article has been indexed from Securelist Read the original article: Operation SyncHole: Lazarus APT goes…

Read more →

While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates. This article has been indexed from Securelist Read the original article: Russian organizations targeted by backdoor masquerading as secure networking software…

Read more →

During incident response activities, our GERT team discovered Lumma Stealer in a customer’s infrastructure. Our experts conducted an investigation and analyzed its distribution scheme in detail. This article has been indexed from Securelist Read the original article: Lumma Stealer –…

Read more →

Attackers are increasingly sending phishing emails with SVG attachments that contain embedded HTML pages or JavaScript code. This article has been indexed from Securelist Read the original article: Phishing attacks leveraging HTML code inside SVG files

Read more →

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia. This article has been indexed from Securelist Read the original article: IronHusky…

Read more →

A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency. This article has been indexed from…

Read more →

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent. This article has been indexed from Securelist Read the original article: GOFFEE continues to attack organizations in Russia

Read more →

Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques. This article has been indexed from Securelist Read the original article: Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Read more →

While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution. This article has been indexed from Securelist Read the original article: How ToddyCat…

Read more →

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface. This article has been indexed from Securelist Read the original article: A journey into forgotten Null Session and MS-RPC interfaces,…

Read more →

The TookPS malicious downloader is distributed under the guise of DeepSeek, and further mimics UltraViewer, AutoCAD, SketchUp, Ableton, and other popular tools. This article has been indexed from Securelist Read the original article: TookPS: DeepSeek isn’t the only game in…

Read more →

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome. This article has been indexed from Securelist Read the original article: Operation ForumTroll: APT attack with Google Chrome zero-day…

Read more →

The Kaspersky financial threat report for 2024 contains the main trends and statistics on financial phishing and scams, mobile and PC banking malware, as well as recommendations on how to protect yourself and your business. This article has been indexed…

Read more →

The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in Q4 2024

Read more →

The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers. This article has been indexed from Securelist Read the original article: Arcane stealer: We want…

Read more →

We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve. This article has been indexed from Securelist Read the original article: Head Mare and Twelve join forces to attack Russian entities

Read more →

Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and cybersecurity recommendations. This article has been indexed from Securelist Read the original article: Incident response analyst report 2024

Read more →

Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats. This article has been indexed from Securelist Read the original article: DCRat backdoor returns

Read more →