What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-21 11:00:35 | Detection evasion in CLR and tips on how to detect such attacks (lien direct) | In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks. | |||
|
2021-09-16 15:30:57 | Exploitation of the CVE-2021-40444 vulnerability in MSHTML (lien direct) | Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it. | Vulnerability | ||
|
2021-09-16 10:00:21 | Summer 2021: Friday Night Funkin\', Måneskin and pop it (lien direct) | This report discusses the statistics gathered by Kaspersky Safe Kids on the websites and apps children use, and on children's YouTube search queries in summer 2021. | |||
|
2021-09-13 11:00:04 | Incident response analyst report 2020 (lien direct) | We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams. | Malware | ||
|
2021-09-09 10:00:44 | Threat landscape for industrial automation systems in H1 2021 (lien direct) | Statistics on industrial automation system threats in the first half of 2021: by Kaspersky ICS CERT: share of attacked ICS computers, detected malware etc. | Malware | ||
|
2021-09-03 10:00:14 | Applied YARA training Q&A (lien direct) | On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. In this post, we answer your questions that we didn't answer during webinar. | |||
|
2021-09-02 10:00:32 | QakBot technical analysis (lien direct) | This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules. | |||
|
2021-08-24 10:00:23 | (Déjà vu) Triada Trojan in WhatsApp MOD (lien direct) | We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK). | |||
|
2021-08-23 10:00:39 | Gaming-related cyberthreats in 2020 and 2021 (lien direct) | In this report, you will find statistics and other information about gaming-related malware, phishing schemes and other threats in 2020 and the first half of 2021. | |||
|
2021-08-12 10:00:37 | IT threat evolution Q2 2021 (lien direct) | Ferocious Kitten, TunnelSnake, PuzzleMaker and other threat actors, zero-day vulnerabilities, ransomware and banking Trojans - check out our review of Q2 2021. | Ransomware Threat | ||
|
2021-08-12 10:00:19 | IT threat evolution in Q2 2021. Mobile statistics (lien direct) | In Q2 2021, we prevented 14,465,672 mobile malware, adware and riskware attacks; 886,105 malicious installation packages were detected, of which 24,604 packages were mobile banking Trojans and 3,623 packages were mobile ransomware Trojans. | Ransomware Threat | ||
|
2021-08-12 10:00:12 | IT threat evolution in Q2 2021. PC statistics (lien direct) | PC threat statistics for Q2 2021 contain data on miners, encrypting ransomware, financial malware and threats to Windows, macOS and IoT. | Malware Threat | ||
|
2021-08-05 10:00:45 | Spam and phishing in Q2 2021 (lien direct) | Q2 2021 spam and phishing statistics, plus main trends: corporate mail phishing, compensation fraud, WhatsApp scam, etc. | Spam | ||
|
2021-07-29 10:00:46 | APT trends report Q2 2021 (lien direct) | This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc. | Threat | APT 29 APT 31 | |
|
2021-07-28 10:00:56 | DDoS attacks in Q2 2021 (lien direct) | In this report you'll find Kaspersky DDoS Intelligence statistics, news overview and DDoS market trends and predictions for Q2 2021. | |||
|
2021-07-21 10:00:04 | Managed Detection and Response in Q4 2020 (lien direct) | During the reported period, our MDR processed approximately 65 000 alerts, followed by an investigation that resulted in 1 506 incidents reported to customers, approximately 93% of which were mapped to the MITRE ATT&CK framework. | |||
|
2021-07-14 18:00:07 | Arrests of members of Tetrade seed groups Grandoreiro and Melcoz (lien direct) | Spain's Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe. | |||
|
2021-07-14 10:00:21 | LuminousMoth APT: Sweeping attacks for the chosen few (lien direct) | We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda. | |||
|
2021-07-08 05:00:06 | Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare) (lien direct) | Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). We are closely monitoring the situation and improving generic detection of these vulnerabilities. | |||
|
2021-07-07 10:00:45 | Wildpressure targets the macOS platform (lien direct) | We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS. | Malware | ||
|
2021-07-05 13:00:05 | REvil ransomware attack against MSPs and its clients around the world (lien direct) | An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims reportedly have been compromised a popular MSP software which led to encryption of their customers. | Ransomware | ★★★★ | |
|
2021-07-01 12:00:54 | Do cybercriminals play cyber games in quarantine? A look one year later (lien direct) | Last year, we took a look at how the pandemic influenced the threat landscape for gamers and the gaming industry. One year later, online gamers are even more active, and cybercriminals continue to exploit this. | Threat | ||
|
2021-06-29 10:00:16 | Remote dating: How do the apps safeguard our data? (lien direct) | The pandemic and the restrictions that came with it have led to an increase in the popularity of dating apps. But what about their security? | |||
|
2021-06-28 11:15:03 | Detecting unknown threats: a honeypot how-to (lien direct) | Dan Demeter, Senior Security Researcher with Kaspersky's Global Research and Analysis Team and head of Kaspersky's Honeypot project, explains what honeypots are, why they're recommended for catching external threats, and how you can set up your own simple SSH-honeypot. | |||
|
2021-06-24 10:00:56 | Malicious spam campaigns delivering banking Trojans (lien direct) | In mid-March 2021, we observed two new spam campaigns delivering banking Trojans. The payload in most cases was IcedID, but we have also seen a few QBot (aka QakBot) samples. | Spam | ||
|
2021-06-23 12:16:30 | How to confuse antimalware neural networks. Adversarial attacks and protection (lien direct) | Сybersecurity companies implement a variety of methods to discover previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. But can we rely entirely on machine learning approaches in the battle with the bad guys? Or could powerful AI itself be vulnerable? | Malware | ||
|
2021-06-22 09:30:52 | Behind the scenes with the head of Kaspersky\'s GReAT (lien direct) | Costin Raiu has been with Kaspersky since 2000. In 2010, he became Director of our Global Research and Analysis Team (GReAT). In our interview with Costin, he spoke about the job of a security researcher, its challenges and advantages, and offered some advice for newcomers to cybersecurity. | |||
|
2021-06-17 10:00:41 | Black Kingdom ransomware (lien direct) | Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). | Ransomware Vulnerability | ||
|
2021-06-16 10:00:07 | Ferocious Kitten: 6 years of covert surveillance in Iran (lien direct) | Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings. | Threat | ||
|
2021-06-15 12:40:11 | Andariel evolves to target South Korea with ransomware (lien direct) | In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks. | Ransomware | ||
|
2021-06-08 17:32:30 | PuzzleMaker attacks with Chrome zero-day exploit chain (lien direct) | We detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. | |||
|
2021-06-07 12:00:02 | Gootkit: the cautious Trojan (lien direct) | Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms. | Malware | ★★★★ | |
|
2021-06-03 10:00:26 | Email spoofing: how attackers impersonate legitimate senders (lien direct) | This article analyzes different ways of the spoofing email addresses through changing the From header, which provides information about the sender's name and address. | |||
|
2021-06-01 10:00:34 | Kids on the Web in 2021: Infinite creativity (lien direct) | In this report we try to understand what occupied children during the last year, from May 2020 to April 2021 inclusive. | |||
|
2021-05-31 10:00:37 | IT threat evolution Q1 2021 (lien direct) | SolarWinds attacks, MS Exchange vulnerabilities, fake adblocker distributing miner, malware for Apple Silicon platform and other threats in Q1 2021. | Malware Threat | ||
|
2021-05-31 10:00:35 | IT threat evolution Q1 2021. Mobile statistics (lien direct) | In the first quarter of 2021 we detected 1.45M mobile installation packages, of which 25K packages were related to mobile banking Trojans and 3.6K packages were mobile ransomware Trojans. | Ransomware Threat | ||
|
2021-05-31 10:00:05 | IT threat evolution Q1 2021. Non-mobile statistics (lien direct) | In Q1 2021, we blocked more than 2 billion attacks launched from online resources across the globe, detected 77.4M unique malicious and potentially unwanted objects, and recognized 614M unique URLs as malicious. | Threat | ||
|
2021-05-26 10:00:32 | Kaspersky Security Bulletin 2020-2021. EU statistics (lien direct) | In the EU, 70% of user computers experienced at least one Malware-class attack, 115,452,157 web attacks and 86,584,675 phishing attempts were blocked. | |||
|
2021-05-25 07:00:20 | Evolution of JSWorm ransomware (lien direct) | There are times when a single ransomware family has evolved from a mass-scale operation to a highly targeted threat – all in the span of two years. In this post we want to talk about one of those families, named JSWorm. | Ransomware Threat | ||
|
2021-05-17 10:00:28 | Bizarro banking Trojan expands its attacks to Europe (lien direct) | Bizarro is yet another banking Trojan family originating from Brazil that steals credentials from customers of 70 banks from different European and South American countries. | |||
|
2021-05-12 10:00:58 | Ransomware world in 2021: who, how and why (lien direct) | In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized. | Ransomware | ||
|
2021-05-10 10:00:15 | DDoS attacks in Q1 2021 (lien direct) | In Q1 2021, we saw a spike in DDoS activity in January, peaking at over 1,800 attacks per day. The most widespread was UDP flooding (41.87%), while SYN flooding dropped to third place (26.36%). | |||
|
2021-05-06 10:00:45 | Operation TunnelSnake: formerly unknown rootkit used to secretly control networks of regional organizations (lien direct) | A newly discovered rootkit that we dub 'Moriya' is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia. | |||
|
2021-05-03 10:00:36 | Spam and phishing in Q1 2021 (lien direct) | In terms of spam and phishing, in Q1 2021, we largely saw a continuation of the 2020 trends: exploitation of COVID-19 theme, hunting corporate account credentials and spoofing of online store websites. | Spam | ||
|
2021-04-27 10:00:26 | APT trends report Q1 2021 (lien direct) | This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. | Threat | ||
|
2021-04-23 10:19:30 | Ransomware by the numbers: Reassessing the threat\'s global impact (lien direct) | In this report, we'll take a look at the numbers behind the ransomware threat from 2019 to 2020, what they mean - and what they foretell about ransomware's future. | Ransomware Threat | ||
|
2021-04-21 10:00:47 | Targeted Malware Reverse Engineering Workshop follow-up. Part 2 (lien direct) | The Reverse Engineering webinar audience having been so active not only were we unable to address all the incoming questions online, we didn't even manage to pack the rest of them in one blogpost. So here comes the second part of the webinar follow-up. | Malware | ||
|
2021-04-19 11:30:43 | Targeted Malware Reverse Engineering Workshop follow-up. Part 1 (lien direct) | With so many questions collected during the Targeted Malware Reverse Engineering webinar we lacked the time to answer them all online, we promised we would come up with this blogpost. | Malware | ||
|
2021-04-13 17:35:50 | Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild (lien direct) | CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild, potentially by several threat actors. | Vulnerability Threat | ||
|
2021-04-09 16:58:41 | Malicious code in APKPure app (lien direct) | Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version and installing APKPure 3.17.19 asap. |
To see everything:
Our RSS (filtrered)
