What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-15 10:00:42 | Kaspersky Managed Detection and Response: interesting cases (lien direct) | Several interesting attacks detected by Kaspersky Managed Detection and Response (MDR): two PrintNightmare exploitation attempts, MuddyWater attack and LSASS credential dumping. | |||
|
2021-12-15 10:00:20 | Kaspersky Security Bulletin 2021. Statistics (lien direct) | Key statistics for 2021: miners, ransomware, trojan bankers and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. | |||
|
2021-12-14 10:00:39 | Owowa: the add-on that turns your OWA into a credential stealer and remote access panel (lien direct) | We found a suspicious binary and determined it as an IIS module, aimed at stealing credentials and enabling remote command execution from OWA. We named the malicious module 'Owowa', | |||
|
2021-12-13 14:10:21 | CVE-2021-44228 vulnerability in Apache Log4j library (lien direct) | The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations. | Vulnerability | ||
|
2021-12-09 10:00:08 | The life cycle of phishing pages (lien direct) | We've analyzed the life cycle of phishing pages, how they transform during their active period, and the domains where they're located. | |||
|
2021-12-07 10:00:19 | The story of the year: ransomware in the headlines (lien direct) | In the past twelve months, the word “ransomware” has popped up in countless headlines worldwide across both print and digital publications. But how did we get here and what has changed about the ransomware landscape since it was first our story of the year in 2019? | Ransomware | ||
|
2021-11-30 10:00:31 | APT annual review 2021 (lien direct) | For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments of the last 12 months. | |||
|
2021-11-29 10:00:31 | ScarCruft surveilling North Korean defectors and human rights activists (lien direct) | The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group. | Cloud | APT 37 | |
|
2021-11-29 08:00:57 | WIRTE\'s campaign in the Middle East \'living off the land\' since at least 2019 (lien direct) | In this report we provide details on a malicious VBS implant distributed via MS Excel droppers and a fake "Kaspersky Update Agent" which we attribute to WIRTE APT who may be linked to Gaza Cybergang. | |||
|
2021-11-26 12:00:43 | IT threat evolution in Q3 2021. Mobile statistics (lien direct) | In Q3 2021, 9,599,519 malware, adware and riskware attacks on mobile devices were prevented. | Threat | ||
|
2021-11-26 12:00:36 | IT threat evolution Q3 2021 (lien direct) | WildPressure and LuminousMoth threat actors, FinSpy implants, zero-day vulnerabilities and PrintNightmare, threats for Linux and macOS in our review of Q3 2021. | Threat | ||
|
2021-11-26 12:00:36 | (Déjà vu) IT threat evolution in Q3 2021. PC statistics (lien direct) | PC threat statistics for Q3 2021 contain data on miners, encrypting ransomware, financial malware, and threats to Windows, macOS and IoT. | Threat | ||
|
2021-11-23 10:00:55 | Threats to ICS and industrial enterprises in 2022 (lien direct) | In recent years, we have observed various trends in the changing threat landscape for industrial enterprises. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year. | Threat | ||
|
2021-11-23 10:00:26 | The dangers of “connected” healthcare: predictions for 2022 (lien direct) | It's time to overview our last year's forecasting for the healthcare sector and make some new predictions for 2022 | |||
|
2021-11-23 10:00:20 | Privacy predictions 2022 (lien direct) | An overview of the state of privacy and main trends in 2021, and our predictions on how these will evolve in 2022. | |||
|
2021-11-23 10:00:13 | Cyberthreats to financial organizations in 2022 (lien direct) | We are going to analyze the forecasts we made at the end of 2020, go through the key events of 2021 relating to financial attacks and make some forecasts about them in 2022. | |||
|
2021-11-22 10:00:46 | Black Friday 2021: How to Have a Scam-Free Shopping Day (lien direct) | We constantly monitor the landscape of shopping-related threats and release a report tracking the latest criminal activity targeting online shoppers. Here's what we found this year. | |||
|
2021-11-17 10:00:04 | Advanced threat predictions for 2022 (lien direct) | Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. | Threat | ||
|
2021-11-10 10:00:51 | Streaming wars continue - what about cyberthreats? (lien direct) | 2020–2021 report on malware, unwanted software and phishing schemes using streaming services Netflix, Apple TV, Amazon Prime, Hulu and Disney+ as a lure. | |||
|
2021-11-08 10:00:51 | DDoS attacks in Q3 2021 (lien direct) | This report provides DDoS attack statistics for Q3 2021, as well as a news roundup and forecasts for the next quarter. | |||
|
2021-11-01 12:00:26 | Spam and phishing in Q3 2021 (lien direct) | This report contains spam and phishing statistics for Q3 2021, plus descriptions of scams linked to the Olympics, Euro 2020, COVID-19, and other relevant events. | Spam | ||
|
2021-10-28 14:20:47 | How we took part in MLSEC and (almost) won (lien direct) | How we took part in the Machine Learning Security Evasion Competition (MLSEC) - a series of trials testing contestants' ability to create and attack machine learning models. | |||
|
2021-10-27 11:00:59 | Extracting type information from Go binaries (lien direct) | Go programs may contain hundreds of calls, it is obviously impractical to manually look up each type using a hex editor. So, there is the script I use in my daily work. | |||
|
2021-10-26 10:00:11 | APT trends report Q3 2021 (lien direct) | The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021. | Threat | ||
|
2021-10-20 12:00:31 | Russian-speaking cybercrime evolution: What changed from 2016 to 2021 (lien direct) | This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. | |||
|
2021-10-19 10:00:58 | Trickbot module descriptions (lien direct) | In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules. | Malware | ||
|
2021-10-18 11:00:08 | Lyceum group reborn (lien direct) | According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group's activity, focused on two entities in Tunisia. | |||
|
2021-10-12 17:07:08 | MysterySnail attacks with Windows zero-day (lien direct) | We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail. | Malware | ||
|
2021-10-12 16:00:34 | SAS 2021: Learning to ChaCha with APT41 (lien direct) | John Southworth gives insights about APT41 and the malware used by the threat actor – the Motnug loader and its descendant, the ChaCha loader; also, shares some thoughts on the actor's attribution and the payload, including the infamous CobaltStrike. | Malware Threat Guideline | APT 41 | |
|
2021-10-12 13:00:31 | SAS 2021: Fireside chat with Chris Bing (lien direct) | How to build up a fascinating story from a hardcore APT report? Sitting by the virtual fireside, Brian Bartholomew and Christopher Bing will discuss how malware researchers and investigative journalists can help each other in their work. | Malware | ||
|
2021-10-12 09:00:04 | SAS 2021: Operation Software Concepts (lien direct) | Experts from NTT Security (Japan) will cover a new APT named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting government and defense sector. | |||
|
2021-10-07 10:00:04 | Ransomware in the CIS (lien direct) | Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker. | Ransomware | ||
|
2021-09-30 10:00:49 | GhostEmperor: From ProxyLogon to kernel mode (lien direct) | While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor. | Threat | ★★ | |
|
2021-09-29 14:45:15 | DarkHalo after SolarWinds: the Tomiris connection (lien direct) | We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar. | Malware | ||
|
2021-09-28 14:45:05 | FinSpy: unseen findings (lien direct) | FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen findings about the actual state of FinSpy implants. | |||
|
2021-09-27 10:00:23 | BloodyStealer and gaming assets for sale (lien direct) | We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market. | |||
|
2021-09-23 08:00:58 | Wake me up till SAS summit ends (lien direct) | What do cyberthreats, Kubernetes and donuts have in common – except that all three end in “ts”, that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021. | Uber | ||
|
2021-09-21 11:00:35 | Detection evasion in CLR and tips on how to detect such attacks (lien direct) | In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks. | |||
|
2021-09-16 15:30:57 | Exploitation of the CVE-2021-40444 vulnerability in MSHTML (lien direct) | Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it. | Vulnerability | ||
|
2021-09-16 10:00:21 | Summer 2021: Friday Night Funkin\', Måneskin and pop it (lien direct) | This report discusses the statistics gathered by Kaspersky Safe Kids on the websites and apps children use, and on children's YouTube search queries in summer 2021. | |||
|
2021-09-13 11:00:04 | Incident response analyst report 2020 (lien direct) | We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams. | Malware | ||
|
2021-09-09 10:00:44 | Threat landscape for industrial automation systems in H1 2021 (lien direct) | Statistics on industrial automation system threats in the first half of 2021: by Kaspersky ICS CERT: share of attacked ICS computers, detected malware etc. | Malware | ||
|
2021-09-03 10:00:14 | Applied YARA training Q&A (lien direct) | On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. In this post, we answer your questions that we didn't answer during webinar. | |||
|
2021-09-02 10:00:32 | QakBot technical analysis (lien direct) | This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules. | |||
|
2021-08-24 10:00:23 | (Déjà vu) Triada Trojan in WhatsApp MOD (lien direct) | We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK). | |||
|
2021-08-23 10:00:39 | Gaming-related cyberthreats in 2020 and 2021 (lien direct) | In this report, you will find statistics and other information about gaming-related malware, phishing schemes and other threats in 2020 and the first half of 2021. | |||
|
2021-08-12 10:00:37 | IT threat evolution Q2 2021 (lien direct) | Ferocious Kitten, TunnelSnake, PuzzleMaker and other threat actors, zero-day vulnerabilities, ransomware and banking Trojans - check out our review of Q2 2021. | Ransomware Threat | ||
|
2021-08-12 10:00:19 | IT threat evolution in Q2 2021. Mobile statistics (lien direct) | In Q2 2021, we prevented 14,465,672 mobile malware, adware and riskware attacks; 886,105 malicious installation packages were detected, of which 24,604 packages were mobile banking Trojans and 3,623 packages were mobile ransomware Trojans. | Ransomware Threat | ||
|
2021-08-12 10:00:12 | IT threat evolution in Q2 2021. PC statistics (lien direct) | PC threat statistics for Q2 2021 contain data on miners, encrypting ransomware, financial malware and threats to Windows, macOS and IoT. | Malware Threat | ||
|
2021-08-05 10:00:45 | Spam and phishing in Q2 2021 (lien direct) | Q2 2021 spam and phishing statistics, plus main trends: corporate mail phishing, compensation fraud, WhatsApp scam, etc. | Spam |
To see everything:
Our RSS (filtrered)
