What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-21 14:00:42 | Mobile malware evolution 2021 (lien direct) | In 2021, cybercriminal activity gradually decreased, and attempts to exploit the pandemic topic became less common. However, mobile malware became more advanced, and attacks more complex. | Malware | ||
|
2022-02-07 10:00:06 | Roaming Mantis reaches Europe (lien direct) | We've observed some new activities by Roaming Mantis in 2021, and some changes in the Wroba malware that's mainly used in this campaign. Furthermore, we discovered that France and Germany were added as primary targets of Roaming Mantis. | Malware | ||
|
2022-02-01 10:00:37 | Telehealth: A New Frontier in Medicine-and Security (lien direct) | This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth. | Malware | ||
|
2021-12-16 10:00:19 | PseudoManuscrypt: a mass-scale spyware attack campaign (lien direct) | Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group's arsenal. | Malware | APT 38 APT 28 | |
|
2021-10-19 10:00:58 | Trickbot module descriptions (lien direct) | In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules. | Malware | ||
|
2021-10-12 17:07:08 | MysterySnail attacks with Windows zero-day (lien direct) | We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail. | Malware | ||
|
2021-10-12 16:00:34 | SAS 2021: Learning to ChaCha with APT41 (lien direct) | John Southworth gives insights about APT41 and the malware used by the threat actor – the Motnug loader and its descendant, the ChaCha loader; also, shares some thoughts on the actor's attribution and the payload, including the infamous CobaltStrike. | Malware Threat Guideline | APT 41 | |
|
2021-10-12 13:00:31 | SAS 2021: Fireside chat with Chris Bing (lien direct) | How to build up a fascinating story from a hardcore APT report? Sitting by the virtual fireside, Brian Bartholomew and Christopher Bing will discuss how malware researchers and investigative journalists can help each other in their work. | Malware | ||
|
2021-09-29 14:45:15 | DarkHalo after SolarWinds: the Tomiris connection (lien direct) | We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar. | Malware | ||
|
2021-09-13 11:00:04 | Incident response analyst report 2020 (lien direct) | We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams. | Malware | ||
|
2021-09-09 10:00:44 | Threat landscape for industrial automation systems in H1 2021 (lien direct) | Statistics on industrial automation system threats in the first half of 2021: by Kaspersky ICS CERT: share of attacked ICS computers, detected malware etc. | Malware | ||
|
2021-08-12 10:00:12 | IT threat evolution in Q2 2021. PC statistics (lien direct) | PC threat statistics for Q2 2021 contain data on miners, encrypting ransomware, financial malware and threats to Windows, macOS and IoT. | Malware Threat | ||
|
2021-07-07 10:00:45 | Wildpressure targets the macOS platform (lien direct) | We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS. | Malware | ||
|
2021-06-23 12:16:30 | How to confuse antimalware neural networks. Adversarial attacks and protection (lien direct) | Сybersecurity companies implement a variety of methods to discover previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. But can we rely entirely on machine learning approaches in the battle with the bad guys? Or could powerful AI itself be vulnerable? | Malware | ||
|
2021-06-07 12:00:02 | Gootkit: the cautious Trojan (lien direct) | Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms. | Malware | ★★★★ | |
|
2021-05-31 10:00:37 | IT threat evolution Q1 2021 (lien direct) | SolarWinds attacks, MS Exchange vulnerabilities, fake adblocker distributing miner, malware for Apple Silicon platform and other threats in Q1 2021. | Malware Threat | ||
|
2021-04-21 10:00:47 | Targeted Malware Reverse Engineering Workshop follow-up. Part 2 (lien direct) | The Reverse Engineering webinar audience having been so active not only were we unable to address all the incoming questions online, we didn't even manage to pack the rest of them in one blogpost. So here comes the second part of the webinar follow-up. | Malware | ||
|
2021-04-19 11:30:43 | Targeted Malware Reverse Engineering Workshop follow-up. Part 1 (lien direct) | With so many questions collected during the Targeted Malware Reverse Engineering webinar we lacked the time to answer them all online, we promised we would come up with this blogpost. | Malware | ||
|
2021-03-30 10:00:07 | APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign (lien direct) | A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. | Malware | APT 10 | ★★★★★ |
|
2021-03-12 10:00:58 | Good old malware for the new Apple Silicon platform (lien direct) | As we observe a growing interest in the newly released Apple Silicon platform from malware adversaries, this inevitably leads us to new malware samples compiled for it. In this article, we are going to take a look at threats for Macs with the Apple M1 chip on board. | Malware Guideline | ||
|
2021-03-01 14:00:29 | Mobile malware evolution 2020 (lien direct) | In 2020, Kaspersky mobile products and technologies detected 156,710 new mobile banking Trojans and 20,708 new mobile ransomware Trojans. | Ransomware Malware | ||
|
2021-02-25 10:00:53 | Lazarus targets defense industry with ThreatNeedle (lien direct) | In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group's other campaigns. | Malware | APT 38 APT 28 | |
|
2020-12-03 10:00:58 | What did DeathStalker hide between two ferns? (lien direct) | While tracking DeathStalker's Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”. | Malware | ||
|
2020-10-21 10:00:11 | Life of Maze ransomware (lien direct) | In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. | Ransomware Malware | ||
|
2020-10-15 10:00:09 | IAmTheKing and the SlothfulMedia malware family (lien direct) | The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. | Malware Threat | ||
|
2020-10-08 10:00:40 | MontysThree: Industrial espionage with steganography and a Russian accent on both sides (lien direct) | In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”. | Malware | ||
|
2020-09-23 10:00:28 | Looking for sophisticated malware in IoT devices (lien direct) | Let's talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components. | Malware | ||
|
2020-09-03 10:00:20 | IT threat evolution Q2 2020 (lien direct) | Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020 | Malware Threat | ||
|
2020-07-22 10:00:57 | MATA: Multi-platform targeted malware framework (lien direct) | The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems. | Malware | ||
|
2020-07-16 10:00:19 | The Streaming Wars: A Cybercriminal\'s Perspective (lien direct) | Cyber threats aren't relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren't APTs and massive data breaches-they're the daily encounters with malware and spam by everyday users. | Spam Malware | ||
|
2020-07-14 10:00:17 | The Tetrade: Brazilian banking malware goes global (lien direct) | This article is a deep dive intended for a complete understanding of these four banking trojan families: Guildma, Javali, Melcoz and Grandoreiro, as they expand abroad, targeting users not just in Brazil, but in the wider Latin America and Europe. | Malware | ||
|
2020-06-15 10:00:05 | Explicit content and cyberthreats: 2019 report (lien direct) | Over the past two years we have reviewed how adult content has been used to spread malware and abuse users' privacy. This is a trend that's unlikely to go away, especially under current circumstances. While many pornography platforms are enjoying an influx of new users and providing legitimate and safe services, the security risks remain, if not increase. | Malware |
To see everything:
Our RSS (filtrered)
