What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-19 10:30:49 | CloudWizard Apt: The Bad Magic Story continue CloudWizard APT: the bad magic story goes on (lien direct) |
Analyse Kaspersky du cadre CloudWizard APT utilisé dans une campagne dans la région du conflit Russo-Ukrainien.
Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict. |
★★★ | ||
|
2023-05-17 10:00:29 | Minas & # 8211;sur le chemin de la complexité Minas – on the way to complexity (lien direct) |
Analyse Kaspersky d'une attaque à plusieurs étages compliquée surnommée Minas qui présente un certain nombre de techniques d'évasion et de persistance de détection et entraîne une infection de mineurs de crypto-monnaie.
Kaspersky analysis of a complicated multi-stage attack dubbed Minas that features a number of detection evasion and persistence techniques and results in a cryptocurrency miner infection. |
★★ | ||
|
2023-05-16 08:00:57 | La nature des cyberincidents en 2022 The nature of cyberincidents in 2022 (lien direct) |
Rapport de réponse aux incidents de Kaspersky pour 2022: statistiques de réponse aux incidents, tendances clés et conclusions, recommandations d'experts.
Kaspersky Incident Response report for 2022: incident response statistics, key trends and conclusions, expert recommendations. |
Studies | ★★★★ | |
|
2023-05-11 08:00:13 | Nouvelles tendances des ransomwares en 2023 New ransomware trends in 2023 (lien direct) |
À la veille de la Journée mondiale anti-ransomware, les chercheurs de Kaspersky partagent un aperçu des tendances clés observées parmi les groupes de ransomwares.
On the eve of the global Anti-Ransomware Day, Kaspersky researchers share an overview of the key trends observed among ransomware groups. |
Ransomware | ★★ | |
|
2023-05-04 10:00:32 | Pas tout à fait un œuf de Pâques: une nouvelle famille d'abonnés de Troie sur Google Play Not quite an Easter egg: a new family of Trojan subscribers on Google Play (lien direct) |
La nouvelle famille de Troie, Fleckpe, se propage via Google Play à l'intérieur des éditeurs photo et des fonds d'écran, souscrivant l'utilisateur non au courant aux services payants.
The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services. |
★★ | ||
|
2023-05-02 08:00:15 | Détection et réponse gérées en 2022 Managed Detection and Response in 2022 (lien direct) |
Détection et réponse gérées en 2022: nombre et gravité des incidents, taux de détection, rupture par pays et industrie, données sur les cyberattaques dans différentes régions.
Managed Detection and Response in 2022: number and severity of incidents, detection rate, breakdown by country and industry, data on cyberattacks in different regions. |
★★ | ||
|
2023-05-01 10:00:20 | Que sait Chatgpt sur le phishing? What does ChatGPT know about phishing? (lien direct) |
Kaspersky Recherche sur les capacités de Chatgpt pour raconter un lien de phishing à partir d'un lien légitime en analysant l'URL, ainsi que pour extraire le nom de l'organisation cible.
Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name. |
ChatGPT ChatGPT | ★★ | |
|
2023-04-27 10:00:47 | Rapport sur les tendances de l'APT Q1 2023 APT trends report Q1 2023 (lien direct) |
Depuis plus de cinq ans, l'équipe mondiale de recherche et d'analyse (grande) à Kaspersky publie des résumés trimestriels d'une activité avancée de menace persistante (APT).Ces résumés sont basés sur notre recherche sur le renseignement des menaces;Et ils fournissent un instantané représentatif de ce que nous avons publié et discuté plus en détail dans nos rapports APT privés.
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. |
Threat | ★★ | |
|
2023-04-24 08:00:22 | Tomiris a appelé, ils veulent que leurs logiciels malveillants turla reviennent Tomiris called, they want their Turla malware back (lien direct) |
Nous avons continué à suivre Tomiris en tant qu'acteur de menace distinct sur trois nouvelles campagnes d'attaque entre 2021 et 2023, et notre télémétrie nous a permis de faire la lumière sur le groupe.Dans ce billet de blog, nous sommes ravis de partager ce que nous savons maintenant de Tomiris avec la communauté plus large, et de discuter des preuves supplémentaires d'un lien possible avec Turla.
We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we\'re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla. |
Malware Threat | ★★ | |
|
2023-04-17 10:00:46 | QBOT Banker livré par correspondance commerciale QBot banker delivered through business correspondence (lien direct) |
Début avril, nous avons détecté une augmentation significative des attaques qui utilisent des chevaux de Troie bancaires de la famille QBOT (AKA QAKBOT, Quackbot et Pinkslipbot).Les logiciels malveillants seraient livrés par e-mails basés sur de vraies lettres commerciales auxquelles les attaquants avaient eu accès.
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mails that were based on real business letters the attackers had gotten access to. |
Malware | ★★ | |
|
2023-04-13 08:00:32 | Méthodes d'infection peu commune-partie 2 Uncommon infection methods-part 2 (lien direct) |
Les chercheurs de Kaspersky discutent des méthodes d'infection utilisées par RapperBot, basée à Mirai, Rhadamantys Stealer et Cueminer: Smart Brute Forcing, Malvertising et Distribution via BitTorrent et OneDrive.
Kaspersky researchers discuss infection methods used by Mirai-based RapperBot, Rhadamantys stealer, and CUEMiner: smart brute forcing, malvertising, and distribution through BitTorrent and OneDrive. |
★★ | ||
|
2023-04-12 08:00:00 | Suivant le groupe Lazare en suivant la campagne DeathNote Following the Lazarus group by tracking DeathNote campaign (lien direct) |
Le groupe Lazare est un acteur de menace coréen de haut niveau avec plusieurs sous-campagnols.Dans ce blog, nous nous concentrons sur un cluster actif que nous avons surnommé DeathNote.
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we\'ll focus on an active cluster that we dubbed DeathNote. |
Threat | APT 38 | ★★★ |
|
2023-04-11 17:36:20 | Nokoyawa Ransomware Attaque avec Windows Zero-Day Nokoyawa ransomware attacks with Windows zero-day (lien direct) |
En février 2023, nous avons trouvé un exploit zero-day, prenant en charge différentes versions et versions de fenêtres, y compris Windows 11. Cette journée zéro particulière a été utilisée par un groupe de cybercrimes sophistiqué qui effectue des attaques de ransomware.
In February 2023, we found a zero-day exploit, supporting different versions and builds of Windows, including Windows 11. This particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks. |
Ransomware | ★★ | |
|
2023-04-10 08:00:02 | Aperçu des menaces Google Play vendues sur le Web Dark Overview of Google Play threats sold on the dark web (lien direct) |
Kaspersky Research on Dark Web offre lié aux logiciels malveillants Android et à sa distribution via Google Play: Comptes de développeurs d'applications piratés, chargeurs malveillants, etc.
Kaspersky research into dark web offers related to Android malware and its distribution via Google Play: hacked app developer accounts, malicious loaders, etc. |
Malware | ★★★ | |
|
2023-04-05 10:00:17 | Le marché du phishing du télégramme The Telegram phishing market (lien direct) |
Phishing bots et services sur Telegram: comment les acteurs malveillants utilisent l'application de messagerie pour automatiser le processus de génération de pages de phishing et de vendre des kits et des données de phishing.
Phishing bots and services on Telegram: how malicious actors use the messaging app to automate the process of generating phishing pages, and sell phishing kits and data. |
★★ | ||
|
2023-04-03 12:10:52 | Pas seulement un infosteller: la porte dérobée de Gopuram a été déployée via une attaque de chaîne d'approvisionnement 3CX Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack (lien direct) |
Une DLL nommée Guard64.dll, qui a été chargée dans le processus 3CXDesktopApp.exe infecté, a été utilisé dans des déploiements récents d'une porte dérobée que nous avons surnommée «Gopuram» et avait suivi en interne depuis 2020.
A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020. |
Tool Threat General Information | ★★ | |
|
2023-03-30 10:00:06 | Sélection du bon MSSP: Lignes directrices pour prendre une décision objective [Selecting the right MSSP: Guidelines for making an objective decision] (lien direct) | Cet article vise à fournir des conseils aux organisations qui cherchent à sélectionner un MSSP et à aider à identifier les avantages et les inconvénients de l'utilisation d'un MSSP.
This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. |
General Information Guideline | ★★★ | |
|
2023-03-29 10:00:02 | Cyberstérines financières en 2022 [Financial cyberthreats in 2022] (lien direct) | Ce rapport met en lumière le paysage financier de la cyber-étape en 2022. Nous examinons les menaces de phishing couramment rencontrées par les utilisateurs et les entreprises, ainsi que la dynamique de divers logiciels financiers Windows et Android.
This report shines a spotlight on the financial cyberthreat landscape in 2022. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware. |
★★ | ||
|
2023-03-28 10:00:08 | Copier-coller un casse ou des attaques d'injecteur de presse-papiers contre les cryptans [Copy-paste heist or clipboard-injector attacks on cryptousers] (lien direct) | Clifboard Injecteur Maleware ciblant les crypto-monnaies telles que Bitcoin, Ethereum, Litecoin, Dogecoin et Monero, est distribuée sous le couvert du navigateur Tor.
Clipboard injector malware targeting cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin and Monero, is distributed under the guise of Tor Browser. |
Malware | ★★★ | |
|
2023-03-27 08:00:48 | Comment les escrocs utilisent les IPF pour le phishing des e-mails [How scammers employ IPFS for email phishing] (lien direct) | Les attaquants mettent des fichiers HTML à phishing dans les IPF, réduisant ainsi les coûts d'hébergement Web.L'IPFS est utilisé à la fois dans les campagnes de phishing de masse et ciblées (Spearphishing).
Attackers put phishing HTML files in IPFS thus cutting back on web hosting costs. IPFS is used in both mass phishing and targeted (spearphishing) campaigns. |
★★ | ||
|
2023-03-24 08:00:56 | Comprendre les mesures pour mesurer l'efficacité du SOC [Understanding metrics to measure SOC effectiveness] (lien direct) | Comment garantir que les services fournis par les SOC répondent aux attentes?Comment savons-nous que l'amélioration continue est incorporée dans les opérations quotidiennes?La réponse réside dans la mesure des processus et services internes SOC.
How do we ensure the services being provided by SOCs are meeting expectations? How do we know continuous improvement is being incorporated in daily operations? The answer lies in the measurement of SOC internal processes and services. |
Guideline | ★★★ | |
|
2023-03-23 08:00:00 | Développer un livre de jeu de réponse aux incidents [Developing an incident response playbook] (lien direct) | Réponse des incidents Les manuels de jeu aident à optimiser les processus SOC et sont un pas en avant majeur à la maturité du SOC, mais peuvent être difficiles à développer pour une entreprise.Dans cet article, je veux partager quelques informations sur la façon de créer le (presque) livre de jeu parfait.
Incident response playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop. In this article, I want to share some insights on how to create the (almost) perfect playbook. |
General Information | ★★★ | |
|
2023-03-21 08:00:37 | Bad magic: new APT found in the area of Russo-Ukrainian conflict (lien direct) | En octobre 2022, nous avons identifié une infection active des organisations du gouvernement, de l'agriculture et des transports situées dans les régions de Donetsk, de Lugansk et de la Crimée.
In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. |
★★ | ||
|
2023-03-15 10:00:35 | Business on the dark web: deals and regulatory mechanisms (lien direct) | How deals and arrangements are made on the dark web, what parties are involved, what escrow services and arbitration are and how these affect the security of deals. | Studies | ★★ | |
|
2023-03-09 10:00:18 | Malvertising through search engines (lien direct) | Kaspersky observes a growth in malvertising activity that exploits Google search ads to promote fake software websites that deliver stealers, such as RedLine and Rhadamantys. | ★★ | ||
|
2023-03-08 10:00:44 | The state of stalkerware in 2022 (lien direct) | In 2022, Kaspersky data shows that 29,312 unique individuals around the world were affected by stalkerware. We detected 182 different stalkerware apps, the most popular one was Reptilicus. | ★★★ | ||
|
2023-03-06 10:00:45 | Threat landscape for industrial automation systems for H2 2022 (lien direct) | In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. | Threat Industrial | ★★★ | |
|
2023-02-27 10:05:35 | The mobile malware threat landscape in 2022 (lien direct) | Android threat report by Kaspersky for 2022: malware on Google Play and inside the Vidmate in-app store, mobile malware statistics. | Malware Threat | ★★★ | |
|
2023-02-16 08:00:07 | Spam and phishing in 2022 (lien direct) | Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing. | Spam | ★★★ | |
|
2023-02-15 10:00:53 | IoC detection experiments with ChatGPT (lien direct) | We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. | Threat | ChatGPT | ★★ |
|
2023-02-10 10:00:33 | Good, Perfect, Best: how the analyst can enhance penetration testing results (lien direct) | What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? | ★★ | ||
|
2023-02-07 08:00:09 | Web beacons on websites and in e-mail (lien direct) | Explaining web beacons (web bugs, spy or tracking pixels), what companies use these on websites and in e-mail, how and why. | General Information | ★★ | |
|
2023-01-31 08:00:41 | Prilex modification now targeting contactless credit card transactions (lien direct) | Kaspersky discovers three new variants of the Prilex PoS malware capable of blocking contactless NFC transactions on an infected device. | Malware | ★ | |
|
2023-01-30 10:00:30 | Come to the dark side: hunting IT professionals on the dark web (lien direct) | We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like. | ★★★ | ||
|
2023-01-23 10:00:08 | What your SOC will be facing in 2023 (lien direct) | Supply chain and reoccurring attacks, data destruction, lack of staff - what challenges will your security operations center be facing in 2023? | ★★ | ||
|
2023-01-19 10:00:06 | Roaming Mantis implements new DNS changer in its malicious mobile app in 2022 (lien direct) | Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o. | Malware | ★★★ | |
|
2023-01-18 08:00:45 | What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks (lien direct) | Kaspersky's predictions about the threats to corporations in 2023: media blackmail, fake leaks, cloud attacks, and more advanced ransomware. | ★★★ | ||
|
2023-01-09 10:38:33 | How much security is enough? (lien direct) | A common perception in the infosec community is that there can never be too much security, but it is understood that "too much" security is expensive - and sometimes, prohibitively so - from a business perspective. So, where is that fine line that defines "just enough" security? | ★★★ | ||
|
2022-12-27 08:00:26 | BlueNoroff introduces new methods bypassing MoTW (lien direct) | We continue to track the BlueNoroff group's activities and this October we observed the adoption of new malware strains in its arsenal. | Malware | ★★ | |
|
2022-12-22 08:00:32 | Ransomware and wiper signed with stolen certificates (lien direct) | In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations. | Ransomware | ★★★ | |
|
2022-12-19 16:15:49 | CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange (lien direct) | At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell. | ★★★ | ||
|
2022-12-14 10:00:18 | Reassessing cyberwarfare. Lessons learned in 2022 (lien direct) | In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict, and study their impact on the cybersecurity field as a whole. | ★★★ | ||
|
2022-12-09 13:00:23 | How to train your Ghidra (lien direct) | Brief introduction to setting up Ghidra, and then configuring it with a familiar UI and shortcuts, so that you would not need to re-learn all the key sequences you have got used to over the years. | ★★★ | ||
|
2022-12-08 10:00:49 | DeathStalker targets legal entities with new Janicab variant (lien direct) | While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020. | ★★★ | ||
|
2022-12-06 10:00:01 | Main phishing and scamming trends and techniques (lien direct) | Phishing in social networks and messengers, marketplace fraud, exploitation of Google Forms and other services: we uncover what's trending among attackers in 2022 | ★★ | ||
|
2022-12-05 10:00:58 | If one sheep leaps over the ditch… (lien direct) | In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. | Ransomware | ★★★ | |
|
2022-12-02 08:00:07 | Indicators of compromise (IOCs): how we collect and use them (lien direct) | How exactly can indicators of compromise help information security specialists in their everyday work? To find the answer we asked three Kaspersky experts to share their experience. | ★★★ | ||
|
2022-12-01 11:00:36 | Kaspersky Security Bulletin 2022. Statistics (lien direct) | Key statistics for 2022: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. | ★★★ | ||
|
2022-11-28 08:00:47 | Privacy predictions 2023 (lien direct) | We think the geopolitical and economic events of 2022, as well as new technological trends, will be the major factors influencing the privacy landscape in 2023. Here we take a look at the most important developments that, in our opinion, will affect online privacy in 2023. | ★★★ | ||
|
2022-11-28 08:00:24 | Consumer cyberthreats: predictions for 2023 (lien direct) | Kaspersky consumer cyberthreat predictions: console shortage, scams related to new games and shows, cyberattacks in the metaverse, and threats related to online education. | ★★★ |
To see everything:
Our RSS (filtrered)
