What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-20 08:00:31 | Luna and Black Basta - new ransomware for Windows, Linux and ESXi (lien direct) | This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. | Ransomware | ||
|
2022-07-11 08:00:53 | Text-based fraud: from 419 scams to vishing (lien direct) | Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. | |||
|
2022-07-06 10:00:32 | Dynamic analysis of firmware components in IoT devices (lien direct) | We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. | Tool | ||
|
2022-06-30 08:00:35 | The SessionManager IIS backdoor (lien direct) | In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. | |||
|
2022-06-23 10:00:21 | The hateful eight: Kaspersky\'s guide to modern ransomware groups\' TTPs (lien direct) | We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. | Ransomware | ||
|
2022-06-21 10:00:37 | APT ToddyCat (lien direct) | ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call 'Samurai backdoor' and 'Ninja Trojan'. | Tool | ||
|
2022-06-20 10:00:07 | \'Unpacking\' technical attribution and challenges for ensuring stability in cyberspace (lien direct) | How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions. | |||
|
2022-06-15 10:00:29 | How much does access to corporate infrastructure cost? (lien direct) | What cybercriminals charge for the data of large companies on the dark web – a review of underground forum offers by category. | |||
|
2022-06-08 10:00:27 | Router security in 2021 (lien direct) | We analyze data on vulnerabilities in routers, plus malware that attacks IoT devices: Mirai, NyaDrop, Gafgyt, and other. | Malware | ||
|
2022-06-06 08:00:02 | CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction (lien direct) | At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. | Vulnerability | ||
|
2022-06-02 10:00:30 | WinDealer dealing on the side (lien direct) | We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. | Malware | ★★ | |
|
2022-05-27 08:00:46 | IT threat evolution in Q1 2022. Mobile statistics (lien direct) | According to Kaspersky Security Network, in Q1 2022 516,617 mobile malware installation packages were detected, of which 53,947 packages were related to mobile banking trojans, and 1,942 packages were mobile ransomware trojans. | Ransomware Malware Threat | ★★★★★ | |
|
2022-05-27 08:00:43 | IT threat evolution Q1 2022 (lien direct) | Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. | Hack Threat | APT 38 | ★★★ |
|
2022-05-27 08:00:05 | IT threat evolution in Q1 2022. Non-mobile statistics (lien direct) | PC malware statistics for the Q1 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. | Malware Threat | ★★ | |
|
2022-05-26 11:00:55 | Managed detection and response in 2021 (lien direct) | Kaspersky Managed Detection and Response (MDR) services in 2021 in facts and figures: number of security incidents detected, their severity, etc. | |||
|
2022-05-25 15:57:59 | The Verizon 2022 DBIR (lien direct) | The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. | Data Breach | ||
|
2022-05-25 10:00:41 | What\'s wrong with automotive mobile apps? (lien direct) | Third party automotive mobile apps, web apps and API clients provide drivers with additional functions but may pose security risks for their data. | |||
|
2022-05-23 10:00:52 | ISaPWN – research on the security of ISaGRAF Runtime (lien direct) | This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified. | |||
|
2022-05-17 14:00:03 | Evaluation of cyber activities and the threat landscape in Ukraine (lien direct) | With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute to broader ongoing cyber-stability discussions of threat-related insights. | Threat | ||
|
2022-05-16 08:00:08 | HTML attachments in phishing e-mails (lien direct) | In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions. | |||
|
2022-05-11 12:00:23 | New ransomware trends in 2022 (lien direct) | This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. | Ransomware Malware | ★★★★ | |
|
2022-05-06 10:00:47 | Mobile subscription Trojans and their little tricks (lien direct) | Kaspersky analysis of mobile subscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical description and statistics. | |||
|
2022-05-04 10:00:59 | A new secret stash for “fileless” malware (lien direct) | We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. | Malware | ||
|
2022-04-27 10:00:34 | APT trends report Q1 2022 (lien direct) | This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. | Threat | ||
|
2022-04-25 10:00:41 | DDoS attacks in Q1 2022 (lien direct) | Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists. | |||
|
2022-04-18 10:00:19 | (Déjà vu) How to recover files encrypted by Yanluowang (lien direct) | Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. | Ransomware Vulnerability | ||
|
2022-04-18 10:00:19 | How to recover files encrypted by Yanlouwang (lien direct) | Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. | Ransomware Vulnerability | ||
|
2022-04-13 10:00:57 | Emotet modules and recent attacks (lien direct) | Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malware's recent attacks. | |||
|
2022-04-12 09:00:52 | The State of Stalkerware in 2021 (lien direct) | Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this important issue. | Threat | ||
|
2022-04-07 10:00:19 | A Bad Luck BlackCat (lien direct) | A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat. Two recent BlackCat incidents stand out as particularly interesting. | Ransomware | ||
|
2022-04-04 15:30:36 | Spring4Shell (CVE-2022-22965): details and mitigations (lien direct) | Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a remote web server. | Vulnerability | ||
|
2022-03-31 12:00:23 | Lazarus Trojanized DeFi app for delivering malware (lien direct) | We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor. | Malware | APT 38 | |
|
2022-03-24 10:00:40 | Phishing-kit market: what\'s inside “off-the-shelf” phishing packages (lien direct) | What are phishing kits (phishkits), what do they include, who uses them, and where are they sold? A report and statistics on phishing kits. | |||
|
2022-03-14 14:11:07 | CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel (lien direct) | Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent exploitation attempts. | Vulnerability | ||
|
2022-03-14 10:00:34 | Webinar on cyberattacks in Ukraine – summary and Q&A (lien direct) | Last week, Kaspersky's GReAT shared their insights into the current (and past) cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide IoCs. | |||
|
2022-03-03 10:00:51 | Threat landscape for industrial automation systems, H2 2021 (lien direct) | By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2. | Threat | ||
|
2022-03-01 13:30:06 | Elections GoRansom – a smoke screen for the HermeticWiper attack (lien direct) | We present our analysis of HermeticRansom (aka Elections GoRansom) ransomware that was likely used as a smokescreen for the HermeticWiper attack. | Ransomware | ||
|
2022-02-23 10:00:42 | Financial cyberthreats in 2021 (lien direct) | This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc. | Malware Threat | ||
|
2022-02-21 14:00:42 | Mobile malware evolution 2021 (lien direct) | In 2021, cybercriminal activity gradually decreased, and attempts to exploit the pandemic topic became less common. However, mobile malware became more advanced, and attacks more complex. | Malware | ||
|
2022-02-10 10:00:04 | DDoS attacks in Q4 2021 (lien direct) | In Q4 2021, as expected, the number of DDoS attacks rose, while DDoS botnets weaponized a Log4Shell vulnerability. In this report, we present the main DDoS trends and statistics. | |||
|
2022-02-09 10:00:28 | Spam and phishing in 2021 (lien direct) | Statistics on spam and phishing with the key trends in 2021: investment scams, fake streaming websites, theft of corporate credentials and COVID-19. | Spam | ||
|
2022-02-07 10:00:06 | Roaming Mantis reaches Europe (lien direct) | We've observed some new activities by Roaming Mantis in 2021, and some changes in the Wroba malware that's mainly used in this campaign. Furthermore, we discovered that France and Germany were added as primary targets of Roaming Mantis. | Malware | ||
|
2022-02-01 10:00:37 | Telehealth: A New Frontier in Medicine-and Security (lien direct) | This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth. | Malware | ||
|
2022-01-20 10:00:11 | MoonBounce: the dark side of UEFI firmware (lien direct) | At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41. | Guideline | APT 41 | |
|
2022-01-19 10:00:13 | Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks (lien direct) | Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. | |||
|
2022-01-13 09:00:23 | The BlueNoroff cryptocurrency hunt is still on (lien direct) | It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group's illegal income. | |||
|
2021-12-22 10:00:15 | Choosing Christmas gifts for kids: Squid Game and Huggy Wuggy are trending (lien direct) | Kaspersky Safe Kids statistics on categories of websites, mobile apps and YouTube searches, plus some suggestions on what to buy children for Christmas this year. | |||
|
2021-12-20 15:45:30 | Answering Log4Shell-related questions (lien direct) | Check out the answers to some of users' biggest security questions about the Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105). | |||
|
2021-12-20 10:00:57 | How and why do we attack our own Anti-Spam? (lien direct) | How to trick the machine-learning model in Anti-Spam designed to detect and quarantine suspicious e-mails, and how to detect such attacks. | |||
|
2021-12-16 10:00:19 | PseudoManuscrypt: a mass-scale spyware attack campaign (lien direct) | Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group's arsenal. | Malware | APT 38 APT 28 |
To see everything:
Our RSS (filtrered)
