What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-10-15 10:00:09 | IAmTheKing and the SlothfulMedia malware family (lien direct) | The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. | Malware Threat | ||
|
2020-10-08 10:00:40 | MontysThree: Industrial espionage with steganography and a Russian accent on both sides (lien direct) | In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”. | Malware | ||
|
2020-10-05 10:00:45 | MosaicRegressor: Lurking in the Shadows of UEFI (lien direct) | We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild. | Threat | ||
|
2020-09-30 15:15:02 | SAS@Home is back this fall (lien direct) | Now, this unique year presents us with a new surprise: the second SAS in one calendar year! Once again, everyone can visit this online event. | |||
|
2020-09-29 14:00:47 | Why master YARA: from routine to extreme threat hunting cases. Follow-up (lien direct) | On 3rd of September, we were hosting our webinar, in which we shared best practices on YARA usage. Due to timing restrictions we were not able to answer all the questions, therefore we're trying to answer them here. | Threat | ||
|
2020-09-24 08:00:21 | Threat landscape for industrial automation systems. H1 2020 highlights (lien direct) | Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. The internet, removable media and email continue to be the main sources of threats in the ICS environment. | Threat | ||
|
2020-09-23 10:00:28 | Looking for sophisticated malware in IoT devices (lien direct) | Let's talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components. | Malware | ||
|
2020-09-10 10:00:39 | An overview of targeted attacks and APTs on Linux (lien direct) | Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux… Read Full Article | |||
|
2020-09-04 10:00:24 | Digital Education: The cyberrisks of the online classroom (lien direct) | This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries… Read Full Article | |||
|
2020-09-03 11:00:55 | IT threat evolution Q2 2020. Mobile statistics (lien direct) | According to Kaspersky Security Network, during the second quarter 1,245,894 malicious installers were detected and a total of 14,204,345 attacks on mobile devices were blocked. | Threat | ★★★★★ | |
|
2020-09-03 10:00:20 | IT threat evolution Q2 2020 (lien direct) | Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020 | Malware Threat | ||
|
2020-09-02 10:00:56 | Operation PowerFall: CVE-2020-0986 and variants (lien direct) | While we already described the exploit for Internet Explorer in the original blog post about Operation PowerFall, we also promised to share more details about the elevation of privilege exploit. Let's take a look at vulnerability CVE-2020-0986. | Vulnerability | ||
|
2020-08-26 10:00:44 | Transparent Tribe: Evolution analysis,part 2 (lien direct) | In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe. | APT 36 | ||
|
2020-08-24 10:00:19 | Lifting the veil on DeathStalker, a mercenary triumvirate (lien direct) | DeathStalker is a unique threat group that appears to target law firms and companies in the financial sector. They don't deploy ransomware or steal payment information to resell it, their interest in gathering sensitive business information. | Ransomware Threat | ||
|
2020-08-20 10:00:13 | Transparent Tribe: Evolution analysis, part 1 (lien direct) | Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. | APT 36 | ||
|
2020-08-13 10:00:09 | CactusPete APT group\'s updated Bisonal backdoor (lien direct) | A new CactusPete campaign shows that the group's favored types of target remain the same. The victims of the new variant of the Bisonal backdoor were from financial and military sectors located in Eastern Europe. | |||
|
2020-08-12 07:00:28 | Internet Explorer and Windows zero-day exploits used in Operation PowerFall (lien direct) | Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits. | |||
|
2020-08-10 10:00:11 | DDoS attacks in Q2 2020 (lien direct) | The second quarter is normally calmer than the first, but this year is an exception. The long-term downward trend in DDoS-attacks has unfortunately been interrupted, and this time we are witnessing an increase. | |||
|
2020-08-07 10:00:07 | Spam and phishing in Q2 2020 (lien direct) | In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points from the previous reporting period. | Spam | ||
|
2020-08-06 10:00:34 | Incident Response Analyst Report 2019 (lien direct) | As an incident response service provider, Kaspersky delivers a global service that results in a global visibility of adversaries' cyber-incident tactics and techniques on the wild. In this report, we share our teams' conclusions and analysis based on incident responses and statistics from 2019. | |||
|
2020-07-31 11:00:30 | WastedLocker: technical analysis (lien direct) | According to currently available information, in the attack on Garmin a targeted build of the Trojan WastedLocker was used. We have performed technical analysis of the Trojan sample. | |||
|
2020-07-29 10:00:09 | APT trends report Q2 2020 (lien direct) | This summary is based on our threat intelligence research and provides a representative snapshot of what we have published and discussed, focusing on activities that we observed during Q2 2020. | Threat | ||
|
2020-07-28 10:00:27 | Lazarus on the hunt for big game (lien direct) | By investigating a number of targeted ransomware attacks and through discussions with some of our trusted industry partners, we feel that we now have a good grasp on how the ransomware ecosystem is structured. | Ransomware | APT 38 | |
|
2020-07-22 10:00:57 | MATA: Multi-platform targeted malware framework (lien direct) | The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems. | Malware | ||
|
2020-07-21 10:00:17 | GReAT thoughts: Awesome IDA Pro plugins (lien direct) | In the second 'GReAT Ideas. Powered by SAS' webinar, I'll be talking about awesome IDA Pro plugins that I regularly use. This article is a sneak peek into what I'll be discussing. | |||
|
2020-07-16 10:00:19 | The Streaming Wars: A Cybercriminal\'s Perspective (lien direct) | Cyber threats aren't relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren't APTs and massive data breaches-they're the daily encounters with malware and spam by everyday users. | Spam Malware | ||
|
2020-07-15 10:00:13 | GReAT Ideas follow-up (lien direct) | The two hours of our first “GReAT Ideas. Powered by SAS” session were not enough for answering all of the questions raised, therefore we try to answer them below. | |||
|
2020-07-14 10:00:17 | The Tetrade: Brazilian banking malware goes global (lien direct) | This article is a deep dive intended for a complete understanding of these four banking trojan families: Guildma, Javali, Melcoz and Grandoreiro, as they expand abroad, targeting users not just in Brazil, but in the wider Latin America and Europe. | Malware | ||
|
2020-07-08 12:00:34 | Redirect auction (lien direct) | We've already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. | |||
|
2020-07-06 10:00:11 | Pig in a poke: smartphone adware (lien direct) | Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. | |||
|
2020-06-24 10:00:16 | Magnitude exploit kit – evolution (lien direct) | Exploit kits still play a role in today's threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits out there – Magnitude EK – for a whole year. | Threat | ||
|
2020-06-23 10:00:08 | Oh, what a boot-iful mornin\' (lien direct) | In mid-April, our threat monitoring systems detected malicious files being distributed under the name "on the new initiative of the World Bank in connection with the coronavirus pandemic" (in Russian) with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. | Threat | ||
|
2020-06-22 10:00:53 | Web skimming with Google Analytics (lien direct) | Recently, we identified several cases where Google Analytics was misused: attackers injected malicious code into sites, which collected all the data entered by users, and then sent it via Analytics. | |||
|
2020-06-19 10:00:10 | Microcin is here (lien direct) | In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. We attribute this campaign with high confidence to the SixLittleMonkeys (aka Microcin) threat actor. | Threat | ||
|
2020-06-17 10:00:24 | Do cybercriminals play cyber games during quarantine? (lien direct) | Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes around us through the prism of information security, starting with the video game industry. | |||
|
2020-06-15 10:00:05 | Explicit content and cyberthreats: 2019 report (lien direct) | Over the past two years we have reviewed how adult content has been used to spread malware and abuse users' privacy. This is a trend that's unlikely to go away, especially under current circumstances. While many pornography platforms are enjoying an influx of new users and providing legitimate and safe services, the security risks remain, if not increase. | Malware | ||
|
2020-06-09 10:00:37 | Looking at Big Threats Using Code Similarity. Part 1 (lien direct) | Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. | Threat | ||
|
2020-06-03 10:00:32 | Cycldek: Bridging the (air) gap (lien direct) | While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. |
To see everything:
Our RSS (filtrered)
