What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-29 10:00:46 | APT trends report Q2 2021 (lien direct) | This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc. | Threat | APT 29 APT 31 | |
|
2021-07-28 10:00:56 | DDoS attacks in Q2 2021 (lien direct) | In this report you'll find Kaspersky DDoS Intelligence statistics, news overview and DDoS market trends and predictions for Q2 2021. | |||
|
2021-07-21 10:00:04 | Managed Detection and Response in Q4 2020 (lien direct) | During the reported period, our MDR processed approximately 65 000 alerts, followed by an investigation that resulted in 1 506 incidents reported to customers, approximately 93% of which were mapped to the MITRE ATT&CK framework. | |||
|
2021-07-14 18:00:07 | Arrests of members of Tetrade seed groups Grandoreiro and Melcoz (lien direct) | Spain's Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe. | |||
|
2021-07-14 10:00:21 | LuminousMoth APT: Sweeping attacks for the chosen few (lien direct) | We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda. | |||
|
2021-07-08 05:00:06 | Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare) (lien direct) | Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). We are closely monitoring the situation and improving generic detection of these vulnerabilities. | |||
|
2021-07-07 10:00:45 | Wildpressure targets the macOS platform (lien direct) | We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS. | Malware | ||
|
2021-07-05 13:00:05 | REvil ransomware attack against MSPs and its clients around the world (lien direct) | An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims reportedly have been compromised a popular MSP software which led to encryption of their customers. | Ransomware | ★★★★ | |
|
2021-07-01 12:00:54 | Do cybercriminals play cyber games in quarantine? A look one year later (lien direct) | Last year, we took a look at how the pandemic influenced the threat landscape for gamers and the gaming industry. One year later, online gamers are even more active, and cybercriminals continue to exploit this. | Threat | ||
|
2021-06-29 10:00:16 | Remote dating: How do the apps safeguard our data? (lien direct) | The pandemic and the restrictions that came with it have led to an increase in the popularity of dating apps. But what about their security? | |||
|
2021-06-28 11:15:03 | Detecting unknown threats: a honeypot how-to (lien direct) | Dan Demeter, Senior Security Researcher with Kaspersky's Global Research and Analysis Team and head of Kaspersky's Honeypot project, explains what honeypots are, why they're recommended for catching external threats, and how you can set up your own simple SSH-honeypot. | |||
|
2021-06-24 10:00:56 | Malicious spam campaigns delivering banking Trojans (lien direct) | In mid-March 2021, we observed two new spam campaigns delivering banking Trojans. The payload in most cases was IcedID, but we have also seen a few QBot (aka QakBot) samples. | Spam | ||
|
2021-06-23 12:16:30 | How to confuse antimalware neural networks. Adversarial attacks and protection (lien direct) | Сybersecurity companies implement a variety of methods to discover previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. But can we rely entirely on machine learning approaches in the battle with the bad guys? Or could powerful AI itself be vulnerable? | Malware | ||
|
2021-06-22 09:30:52 | Behind the scenes with the head of Kaspersky\'s GReAT (lien direct) | Costin Raiu has been with Kaspersky since 2000. In 2010, he became Director of our Global Research and Analysis Team (GReAT). In our interview with Costin, he spoke about the job of a security researcher, its challenges and advantages, and offered some advice for newcomers to cybersecurity. | |||
|
2021-06-17 10:00:41 | Black Kingdom ransomware (lien direct) | Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). | Ransomware Vulnerability | ||
|
2021-06-16 10:00:07 | Ferocious Kitten: 6 years of covert surveillance in Iran (lien direct) | Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings. | Threat | ||
|
2021-06-15 12:40:11 | Andariel evolves to target South Korea with ransomware (lien direct) | In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks. | Ransomware | ||
|
2021-06-08 17:32:30 | PuzzleMaker attacks with Chrome zero-day exploit chain (lien direct) | We detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. | |||
|
2021-06-07 12:00:02 | Gootkit: the cautious Trojan (lien direct) | Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms. | Malware | ★★★★ | |
|
2021-06-03 10:00:26 | Email spoofing: how attackers impersonate legitimate senders (lien direct) | This article analyzes different ways of the spoofing email addresses through changing the From header, which provides information about the sender's name and address. | |||
|
2021-06-01 10:00:34 | Kids on the Web in 2021: Infinite creativity (lien direct) | In this report we try to understand what occupied children during the last year, from May 2020 to April 2021 inclusive. | |||
|
2021-05-31 10:00:37 | IT threat evolution Q1 2021 (lien direct) | SolarWinds attacks, MS Exchange vulnerabilities, fake adblocker distributing miner, malware for Apple Silicon platform and other threats in Q1 2021. | Malware Threat | ||
|
2021-05-31 10:00:35 | IT threat evolution Q1 2021. Mobile statistics (lien direct) | In the first quarter of 2021 we detected 1.45M mobile installation packages, of which 25K packages were related to mobile banking Trojans and 3.6K packages were mobile ransomware Trojans. | Ransomware Threat | ||
|
2021-05-31 10:00:05 | IT threat evolution Q1 2021. Non-mobile statistics (lien direct) | In Q1 2021, we blocked more than 2 billion attacks launched from online resources across the globe, detected 77.4M unique malicious and potentially unwanted objects, and recognized 614M unique URLs as malicious. | Threat | ||
|
2021-05-26 10:00:32 | Kaspersky Security Bulletin 2020-2021. EU statistics (lien direct) | In the EU, 70% of user computers experienced at least one Malware-class attack, 115,452,157 web attacks and 86,584,675 phishing attempts were blocked. | |||
|
2021-05-25 07:00:20 | Evolution of JSWorm ransomware (lien direct) | There are times when a single ransomware family has evolved from a mass-scale operation to a highly targeted threat – all in the span of two years. In this post we want to talk about one of those families, named JSWorm. | Ransomware Threat | ||
|
2021-05-17 10:00:28 | Bizarro banking Trojan expands its attacks to Europe (lien direct) | Bizarro is yet another banking Trojan family originating from Brazil that steals credentials from customers of 70 banks from different European and South American countries. | |||
|
2021-05-12 10:00:58 | Ransomware world in 2021: who, how and why (lien direct) | In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized. | Ransomware | ||
|
2021-05-10 10:00:15 | DDoS attacks in Q1 2021 (lien direct) | In Q1 2021, we saw a spike in DDoS activity in January, peaking at over 1,800 attacks per day. The most widespread was UDP flooding (41.87%), while SYN flooding dropped to third place (26.36%). | |||
|
2021-05-06 10:00:45 | Operation TunnelSnake: formerly unknown rootkit used to secretly control networks of regional organizations (lien direct) | A newly discovered rootkit that we dub 'Moriya' is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia. | |||
|
2021-05-03 10:00:36 | Spam and phishing in Q1 2021 (lien direct) | In terms of spam and phishing, in Q1 2021, we largely saw a continuation of the 2020 trends: exploitation of COVID-19 theme, hunting corporate account credentials and spoofing of online store websites. | Spam | ||
|
2021-04-27 10:00:26 | APT trends report Q1 2021 (lien direct) | This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. | Threat | ||
|
2021-04-23 10:19:30 | Ransomware by the numbers: Reassessing the threat\'s global impact (lien direct) | In this report, we'll take a look at the numbers behind the ransomware threat from 2019 to 2020, what they mean - and what they foretell about ransomware's future. | Ransomware Threat | ||
|
2021-04-21 10:00:47 | Targeted Malware Reverse Engineering Workshop follow-up. Part 2 (lien direct) | The Reverse Engineering webinar audience having been so active not only were we unable to address all the incoming questions online, we didn't even manage to pack the rest of them in one blogpost. So here comes the second part of the webinar follow-up. | Malware | ||
|
2021-04-19 11:30:43 | Targeted Malware Reverse Engineering Workshop follow-up. Part 1 (lien direct) | With so many questions collected during the Targeted Malware Reverse Engineering webinar we lacked the time to answer them all online, we promised we would come up with this blogpost. | Malware | ||
|
2021-04-13 17:35:50 | Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild (lien direct) | CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild, potentially by several threat actors. | Vulnerability Threat | ||
|
2021-04-09 16:58:41 | Malicious code in APKPure app (lien direct) | Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version and installing APKPure 3.17.19 asap. | |||
|
2021-04-05 10:00:22 | The leap of a Cycldek-related threat actor (lien direct) | The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector. | Threat | ||
|
2021-04-02 10:00:02 | Browser lockers: extortion disguised as a fine (lien direct) | In this article we discuss browser lockers that mimic law enforcement websites. | |||
|
2021-03-31 14:00:06 | Financial Cyberthreats in 2020 (lien direct) | This research is a continuation of our annual financial threat reports providing an overview of the latest trends and key events across the financial threat landscape. The study covers the common phishing threats, along with Windows and Android-based financial malware. | Threat | ★★★★ | |
|
2021-03-30 10:00:07 | APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign (lien direct) | A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. | Malware | APT 10 | ★★★★★ |
|
2021-03-29 10:00:01 | Doxing in the corporate sector (lien direct) | Corporate doxing poses a serious threat to the confidential data of a company. | Threat | ||
|
2021-03-25 10:00:27 | Threat landscape for industrial automation systems. Statistics for H2 2020 (lien direct) | We continued our observations and identified a number of trends that could, in our opinion, be due to circumstances connected with the pandemic in one way or another, as well as the reaction of governments, organizations and people to these circumstances. | |||
|
2021-03-18 10:00:53 | Convuster: macOS adware now in Rust (lien direct) | Convuster adware for macOS is written in Rust and able to use Gatekeeper to evade analysis. | |||
|
2021-03-15 10:00:41 | COVID-19: Examining the threat landscape a year later (lien direct) | On the anniversary of the global shutdown, Kaspersky experts decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic - and what that means for users in the years to come. | Threat | ★★ | |
|
2021-03-12 10:00:58 | Good old malware for the new Apple Silicon platform (lien direct) | As we observe a growing interest in the newly released Apple Silicon platform from malware adversaries, this inevitably leads us to new malware samples compiled for it. In this article, we are going to take a look at threats for Macs with the Apple M1 chip on board. | Malware Guideline | ||
|
2021-03-10 10:00:32 | Ad blocker with miner included (lien direct) | Fake ad blocker is delivering a Monero cryptocurrency miner to user computers. | |||
|
2021-03-04 17:20:57 | Zero-day vulnerabilities in Microsoft Exchange Server (lien direct) | The four vulnerabilities inside Microsoft Exchange Server allow an attacker to compromise a vulnerable server. As a result, an attacker will gain access to all registered email accounts, or be able to execute arbitrary code (remote code execution or RCE) within the Exchange Server context. | |||
|
2021-03-01 14:00:29 | Mobile malware evolution 2020 (lien direct) | In 2020, Kaspersky mobile products and technologies detected 156,710 new mobile banking Trojans and 20,708 new mobile ransomware Trojans. | Ransomware Malware | ||
|
2021-02-26 08:00:11 | The state of stalkerware in 2020 (lien direct) | The 2020 data shows that the stalkerware situation has not improved much: the number of affected people is still high. A total of 53,870 unique users were affected globally by stalkerware in 2020. |
To see everything:
Our RSS (filtrered)
