What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-16 12:00:59 | Two more malicious Python packages in the PyPI (lien direct) | We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. They were masquerading as one of the most popular open-source packages named “requests“. | |||
|
2022-08-16 08:00:36 | Threat in your browser: what dangers innocent-looking extensions hold for users (lien direct) | In this research, we observed various types of threats that mimic useful web browser extensions, and the number of users attacked by them. | |||
|
2022-08-15 12:00:45 | (Déjà vu) IT threat evolution in Q2 2022. Mobile statistics (lien direct) | In Q2 2022, we detected 405,684 mobile malware installation packages, of which 55,614 packages were related to mobile banking trojans, and 3,821 packages were mobile ransomware trojans. | Ransomware Malware Threat | ||
|
2022-08-15 12:00:43 | (Déjà vu) IT threat evolution in Q2 2022. Non-mobile statistics (lien direct) | Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. | Malware Threat | ||
|
2022-08-15 12:00:34 | IT threat evolution Q2 2022 (lien direct) | ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. | Ransomware Threat | ||
|
2022-08-11 08:30:01 | OpenTIP, command line edition (lien direct) | We released Python-based command line tools for our OpenTIP service that also implement a client class that you can reuse in your own tools. | |||
|
2022-08-10 10:00:43 | VileRAT: DeathStalker\'s continuous strike at foreign and cryptocurrency exchanges (lien direct) | In late August 2020, we published an overview of DeathStalker’s profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns (PowerPepper was later documented in 2020). Notably, we exposed why we believe the threat actor may fit a group of mercenaries, offering hack-for-hire services, or acting as an information broker to support competitive and | Threat | ||
|
2022-08-09 10:00:46 | Andariel deploys DTrack and Maui ransomware (lien direct) | Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly. | Ransomware | ||
|
2022-08-08 08:00:10 | Targeted attack on industrial enterprises and public institutions (lien direct) | Kaspersky ICS CERT experts detected a wave of targeted attacks in several East European countries, as well as Afghanistan. Of the six backdoors identified on infected systems, five have been used earlier in attacks attributed to APT TA428. | |||
|
2022-08-03 08:00:22 | DDoS attacks in Q2 2022 (lien direct) | Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in Q1. Also, we saw the continuation of a trend that began in spring: an increase in superlong attacks. | |||
|
2022-07-28 12:00:41 | LofyLife: malicious npm packages steal Discord tokens and bank card data (lien direct) | This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. | |||
|
2022-07-28 10:00:37 | (Déjà vu) APT trends report Q2 2022 (lien direct) | This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022. | Threat | ||
|
2022-07-25 10:00:32 | CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit (lien direct) | In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. | Threat | ||
|
2022-07-20 08:00:31 | Luna and Black Basta - new ransomware for Windows, Linux and ESXi (lien direct) | This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. | Ransomware | ||
|
2022-07-11 08:00:53 | Text-based fraud: from 419 scams to vishing (lien direct) | Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. | |||
|
2022-07-06 10:00:32 | Dynamic analysis of firmware components in IoT devices (lien direct) | We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. | Tool | ||
|
2022-06-30 08:00:35 | The SessionManager IIS backdoor (lien direct) | In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. | |||
|
2022-06-23 10:00:21 | The hateful eight: Kaspersky\'s guide to modern ransomware groups\' TTPs (lien direct) | We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. | Ransomware | ||
|
2022-06-21 10:00:37 | APT ToddyCat (lien direct) | ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call 'Samurai backdoor' and 'Ninja Trojan'. | Tool | ||
|
2022-06-20 10:00:07 | \'Unpacking\' technical attribution and challenges for ensuring stability in cyberspace (lien direct) | How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions. | |||
|
2022-06-15 10:00:29 | How much does access to corporate infrastructure cost? (lien direct) | What cybercriminals charge for the data of large companies on the dark web – a review of underground forum offers by category. | |||
|
2022-06-08 10:00:27 | Router security in 2021 (lien direct) | We analyze data on vulnerabilities in routers, plus malware that attacks IoT devices: Mirai, NyaDrop, Gafgyt, and other. | Malware | ||
|
2022-06-06 08:00:02 | CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction (lien direct) | At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. | Vulnerability | ||
|
2022-06-02 10:00:30 | WinDealer dealing on the side (lien direct) | We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. | Malware | ★★ | |
|
2022-05-27 08:00:46 | IT threat evolution in Q1 2022. Mobile statistics (lien direct) | According to Kaspersky Security Network, in Q1 2022 516,617 mobile malware installation packages were detected, of which 53,947 packages were related to mobile banking trojans, and 1,942 packages were mobile ransomware trojans. | Ransomware Malware Threat | ★★★★★ | |
|
2022-05-27 08:00:43 | IT threat evolution Q1 2022 (lien direct) | Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. | Hack Threat | APT 38 | ★★★ |
|
2022-05-27 08:00:05 | IT threat evolution in Q1 2022. Non-mobile statistics (lien direct) | PC malware statistics for the Q1 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. | Malware Threat | ★★ | |
|
2022-05-26 11:00:55 | Managed detection and response in 2021 (lien direct) | Kaspersky Managed Detection and Response (MDR) services in 2021 in facts and figures: number of security incidents detected, their severity, etc. | |||
|
2022-05-25 15:57:59 | The Verizon 2022 DBIR (lien direct) | The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. | Data Breach | ||
|
2022-05-25 10:00:41 | What\'s wrong with automotive mobile apps? (lien direct) | Third party automotive mobile apps, web apps and API clients provide drivers with additional functions but may pose security risks for their data. | |||
|
2022-05-23 10:00:52 | ISaPWN – research on the security of ISaGRAF Runtime (lien direct) | This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified. | |||
|
2022-05-17 14:00:03 | Evaluation of cyber activities and the threat landscape in Ukraine (lien direct) | With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute to broader ongoing cyber-stability discussions of threat-related insights. | Threat | ||
|
2022-05-16 08:00:08 | HTML attachments in phishing e-mails (lien direct) | In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions. | |||
|
2022-05-11 12:00:23 | New ransomware trends in 2022 (lien direct) | This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. | Ransomware Malware | ★★★★ | |
|
2022-05-06 10:00:47 | Mobile subscription Trojans and their little tricks (lien direct) | Kaspersky analysis of mobile subscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical description and statistics. | |||
|
2022-05-04 10:00:59 | A new secret stash for “fileless” malware (lien direct) | We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. | Malware | ||
|
2022-04-27 10:00:34 | APT trends report Q1 2022 (lien direct) | This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. | Threat | ||
|
2022-04-25 10:00:41 | DDoS attacks in Q1 2022 (lien direct) | Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists. | |||
|
2022-04-18 10:00:19 | (Déjà vu) How to recover files encrypted by Yanluowang (lien direct) | Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. | Ransomware Vulnerability | ||
|
2022-04-18 10:00:19 | How to recover files encrypted by Yanlouwang (lien direct) | Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. | Ransomware Vulnerability | ||
|
2022-04-13 10:00:57 | Emotet modules and recent attacks (lien direct) | Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malware's recent attacks. | |||
|
2022-04-12 09:00:52 | The State of Stalkerware in 2021 (lien direct) | Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this important issue. | Threat | ||
|
2022-04-07 10:00:19 | A Bad Luck BlackCat (lien direct) | A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat. Two recent BlackCat incidents stand out as particularly interesting. | Ransomware | ||
|
2022-04-04 15:30:36 | Spring4Shell (CVE-2022-22965): details and mitigations (lien direct) | Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a remote web server. | Vulnerability | ||
|
2022-03-31 12:00:23 | Lazarus Trojanized DeFi app for delivering malware (lien direct) | We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor. | Malware | APT 38 | |
|
2022-03-24 10:00:40 | Phishing-kit market: what\'s inside “off-the-shelf” phishing packages (lien direct) | What are phishing kits (phishkits), what do they include, who uses them, and where are they sold? A report and statistics on phishing kits. | |||
|
2022-03-14 14:11:07 | CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel (lien direct) | Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent exploitation attempts. | Vulnerability | ||
|
2022-03-14 10:00:34 | Webinar on cyberattacks in Ukraine – summary and Q&A (lien direct) | Last week, Kaspersky's GReAT shared their insights into the current (and past) cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide IoCs. | |||
|
2022-03-03 10:00:51 | Threat landscape for industrial automation systems, H2 2021 (lien direct) | By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2. | Threat | ||
|
2022-03-01 13:30:06 | Elections GoRansom – a smoke screen for the HermeticWiper attack (lien direct) | We present our analysis of HermeticRansom (aka Elections GoRansom) ransomware that was likely used as a smokescreen for the HermeticWiper attack. | Ransomware |
To see everything:
Our RSS (filtrered)
