Tag: Securelist

A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency. This article has been indexed from…

Read more →

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent. This article has been indexed from Securelist Read the original article: GOFFEE continues to attack organizations in Russia

Read more →

Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques. This article has been indexed from Securelist Read the original article: Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Read more →

While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution. This article has been indexed from Securelist Read the original article: How ToddyCat…

Read more →

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface. This article has been indexed from Securelist Read the original article: A journey into forgotten Null Session and MS-RPC interfaces,…

Read more →

The TookPS malicious downloader is distributed under the guise of DeepSeek, and further mimics UltraViewer, AutoCAD, SketchUp, Ableton, and other popular tools. This article has been indexed from Securelist Read the original article: TookPS: DeepSeek isn’t the only game in…

Read more →

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome. This article has been indexed from Securelist Read the original article: Operation ForumTroll: APT attack with Google Chrome zero-day…

Read more →

The Kaspersky financial threat report for 2024 contains the main trends and statistics on financial phishing and scams, mobile and PC banking malware, as well as recommendations on how to protect yourself and your business. This article has been indexed…

Read more →

The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in Q4 2024

Read more →

The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers. This article has been indexed from Securelist Read the original article: Arcane stealer: We want…

Read more →

We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve. This article has been indexed from Securelist Read the original article: Head Mare and Twelve join forces to attack Russian entities

Read more →

Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and cybersecurity recommendations. This article has been indexed from Securelist Read the original article: Incident response analyst report 2024

Read more →

Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats. This article has been indexed from Securelist Read the original article: DCRat backdoor returns

Read more →

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. This article has…

Read more →

Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites. This article has been indexed from Securelist Read the original article: Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Read more →

Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool. This article has been indexed from Securelist Read the original article: Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner…

Read more →

The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software. This article has been indexed from Securelist Read the original article: Mobile malware evolution in 2024

Read more →

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved. This article has been indexed from Securelist Read the original article: The SOC files: Chasing…

Read more →

This report provides statistics on vulnerabilities and exploits and discusses the most frequently exploited vulnerabilities in Q4 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q4 2024

Read more →

Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects. This article has been indexed from Securelist Read the original article: The GitVenom campaign: cryptocurrency theft using GitHub

Read more →