What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-25 10:00:53 | Lazarus targets defense industry with ThreatNeedle (lien direct) | In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group's other campaigns. | Malware | APT 38 APT 28 | |
|
2021-02-16 10:00:20 | DDoS attacks in Q4 2020 (lien direct) | News overview Cybercriminals are constantly on the lookout for means and methods to make attacks more destructive. In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, | |||
|
2021-02-15 10:00:38 | Spam and phishing in 2020 (lien direct) | COVID-19 spam, corporate phishing, fake videoconferences and other trends and figures of 2020. | |||
|
2021-02-04 10:00:37 | How kids coped with COVID-hit winter holidays (lien direct) | We analyzed and categorized the most popular websites and search queries over the festive period (December 20, 2020 - January 10, 2021) to find out how kids compensated for the lack of outdoor winter entertainment. | |||
|
2021-01-28 10:00:13 | Privacy predictions for 2021 (lien direct) | With privacy more often than not being traded for convenience, we believe that for many 2020 has fundamentally changed how much privacy people are willing to sacrifice in exchange for security and access to digital services. | |||
|
2021-01-11 10:00:00 | Sunburst backdoor – code overlaps with Kazuar (lien direct) | While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years. | Mobile | Solardwinds Solardwinds | |
|
2020-12-29 10:00:17 | Digital Footprint Intelligence Report (lien direct) | The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region. | |||
|
2020-12-23 11:30:52 | How we protect our users against the Sunburst backdoor (lien direct) | The detection logic has been improved in all our solutions to ensure our customers protection. We continue to investigate cyberattack on SolarWinds and we will add additional detection once they are required. | Solardwinds Solardwinds | ||
|
2020-12-23 10:00:08 | Lazarus covets COVID-19-related intelligence (lien direct) | As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. | Threat Medical | APT 38 APT 28 | |
|
2020-12-18 13:00:20 | Sunburst: connecting the dots in the DNS requests (lien direct) | We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs. | Guideline | Solardwinds | |
|
2020-12-18 10:00:10 | The future of cyberconflicts (lien direct) | Cyberspace conflicts can take a vast number of forms, but in the context of this article, we will only focus on two of them: cyber-warfare for intelligence purposes, and sabotage and interference with strategic systems in order to hinder a state's ability to govern or project power. | |||
|
2020-12-15 10:00:19 | Kaspersky Security Bulletin 2020. Statistics (lien direct) | Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world, 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus. | |||
|
2020-12-14 12:00:59 | Adaptive protection against invisible threats (lien direct) | In fact, in most medium-sized companies' cybersecurity strategies, even with an endpoint solution, there are likely to still be gaps that can and should be closed. In this article, we look at what those gaps are and how to fill them. | |||
|
2020-12-10 10:00:40 | The story of the year: remote work (lien direct) | In this report, we will focus mainly on what remote work means for businesses and employees from a security perspective. | |||
|
2020-12-07 10:00:53 | Researchers call for a determined path to cybersecurity (lien direct) | As members of a global community, we often feel that we are failing to achieve an adequate level of cybersecurity. We believe it can be explained by a lack of global willpower, double-dealing activities, and the lack of global regulations. Here, we develop these hypotheses and outline ideas to advance cybersecurity. | |||
|
2020-12-04 10:00:59 | The chronicles of Emotet (lien direct) | More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. | |||
|
2020-12-03 11:00:25 | APT annual review: What the world\'s threat actors got up to in 2020 (lien direct) | We track the ongoing activities of more than 900 advanced threat actors. Here we try to focus on what we consider to be the most interesting trends and developments of the last 12 months. | Threat | ||
|
2020-12-03 10:00:58 | What did DeathStalker hide between two ferns? (lien direct) | While tracking DeathStalker's Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”. | Malware | ||
|
2020-12-02 12:00:57 | Healthcare security in 2021 (lien direct) | The pandemic has turned 2020 into a year of medicine and information technology. The remarkable surge in the criticality level of medical infrastructure, coupled with feasible across-the-board digitalization, led to many of our last year's predictions coming true much sooner than expected. | |||
|
2020-12-02 12:00:24 | ICS threat predictions for 2021 (lien direct) | We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021. | Threat | ||
|
2020-12-02 12:00:04 | Education predictions 2021 (lien direct) | Many of new digital educational tools are both enhancing the educational experience and introducing new threats. Here are the ones most likely to pose the biggest risks in the coming year. | |||
|
2020-12-01 09:00:21 | Dox, steal, reveal. Where does your personal data end up? (lien direct) | In this report, we will dig deeper into two major consequences of (willing and unwilling) sharing personal data in public - doxing and the selling of personal data on the dark web - and try to untangle the connection between the two. | |||
|
2020-11-30 10:00:03 | Cyberthreats to financial organizations in 2021 (lien direct) | Let us review the forecasts we made at the end of 2019 and see how accurate we were. Then we will go through the key events of 2020 relating to financial attacks. Finally, we need to make a forecast of financial attacks in 2021. | |||
|
2020-11-24 10:00:59 | Lookalike domains and how to outfox them (lien direct) | Our approach is more complex than simply registering lookalike domains to the company and enables real-time blocking of attacks that use such domains as soon as they appear. | |||
|
2020-11-20 10:10:15 | IT threat evolution Q3 2020. Non-mobile statistics (lien direct) | Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe. Ransomware attacks were defeated on the computers of 121,579 unique users. | Ransomware Threat | ||
|
2020-11-20 10:05:31 | IT threat evolution Q3 2020 Mobile statistics (lien direct) | In Q3 2020, Kaspersky mobile protective solutions blocked 16,440,264 attacks on mobile devices, an increase of 2.2 million on Q2 2020. | Threat | ||
|
2020-11-20 10:00:58 | IT threat evolution Q3 2020 (lien direct) | MATA framework, Garmin attack, Operation PowerFall, DeathStalker group and other events of 2020. | Threat | ||
|
2020-11-19 10:00:48 | Advanced Threat predictions for 2021 (lien direct) | Trying to make predictions about the future is a tricky business. However, while we don't have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploit in the near future. | Threat | ||
|
2020-11-12 10:00:54 | Spam and phishing in Q3 2020 (lien direct) | The COVID-19 topic, which appeared in Q1 this year, is still in play for spammers and phishers. In our view, the so-called second wave could lead to a surge in mailings offering various coronavirus-related treatments. | Spam Guideline | ||
|
2020-11-09 10:00:40 | Ghimob: a Tétrade threat actor moves to infect mobile devices (lien direct) | Guildma's new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies. | Threat | ||
|
2020-11-06 15:23:44 | RansomEXX Trojan attacks Linux systems (lien direct) | We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. | |||
|
2020-11-05 10:00:48 | Attacks on industrial enterprises using RMS and TeamViewer: new data (lien direct) | In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. | |||
|
2020-11-03 10:00:37 | APT trends report Q3 2020 (lien direct) | For more than three years, GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. This is our latest installment, focusing on activities that we observed during Q3 2020. | Threat | ||
|
2020-10-28 10:00:21 | DDoS attacks in Q3 2020 (lien direct) | If Q2 2020 surprised us with an unusually high number of DDoS attacks for this period, the Q3 figures point to a normalization. Judging by the number of unique targets, in comparison with last quarter, cybercriminals were more attracted by European, and less by the Asian countries. | |||
|
2020-10-22 10:00:59 | On the trail of the XMRig miner (lien direct) | As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig. | |||
|
2020-10-21 10:00:11 | Life of Maze ransomware (lien direct) | In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. | Ransomware Malware | ||
|
2020-10-19 10:00:01 | GravityRAT: The spy returns (lien direct) | In 2019, on VirusTotal, we encountered a curious piece of Android spyware which, when analyzed, seemed connected to GravityRAT. The cybercriminals had added a spy module to Travel Mate, an Android app for travelers to India, the source code of which is available on Github. | |||
|
2020-10-15 10:00:09 | IAmTheKing and the SlothfulMedia malware family (lien direct) | The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. | Malware Threat | ||
|
2020-10-08 10:00:40 | MontysThree: Industrial espionage with steganography and a Russian accent on both sides (lien direct) | In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”. | Malware | ||
|
2020-10-05 10:00:45 | MosaicRegressor: Lurking in the Shadows of UEFI (lien direct) | We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild. | Threat | ||
|
2020-09-30 15:15:02 | SAS@Home is back this fall (lien direct) | Now, this unique year presents us with a new surprise: the second SAS in one calendar year! Once again, everyone can visit this online event. | |||
|
2020-09-29 14:00:47 | Why master YARA: from routine to extreme threat hunting cases. Follow-up (lien direct) | On 3rd of September, we were hosting our webinar, in which we shared best practices on YARA usage. Due to timing restrictions we were not able to answer all the questions, therefore we're trying to answer them here. | Threat | ||
|
2020-09-24 08:00:21 | Threat landscape for industrial automation systems. H1 2020 highlights (lien direct) | Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. The internet, removable media and email continue to be the main sources of threats in the ICS environment. | Threat | ||
|
2020-09-23 10:00:28 | Looking for sophisticated malware in IoT devices (lien direct) | Let's talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components. | Malware | ||
|
2020-09-10 10:00:39 | An overview of targeted attacks and APTs on Linux (lien direct) | Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux… Read Full Article | |||
|
2020-09-04 10:00:24 | Digital Education: The cyberrisks of the online classroom (lien direct) | This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries… Read Full Article | |||
|
2020-09-03 11:00:55 | IT threat evolution Q2 2020. Mobile statistics (lien direct) | According to Kaspersky Security Network, during the second quarter 1,245,894 malicious installers were detected and a total of 14,204,345 attacks on mobile devices were blocked. | Threat | ★★★★★ | |
|
2020-09-03 10:00:20 | IT threat evolution Q2 2020 (lien direct) | Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020 | Malware Threat | ||
|
2020-09-02 10:00:56 | Operation PowerFall: CVE-2020-0986 and variants (lien direct) | While we already described the exploit for Internet Explorer in the original blog post about Operation PowerFall, we also promised to share more details about the elevation of privilege exploit. Let's take a look at vulnerability CVE-2020-0986. | Vulnerability | ||
|
2020-08-26 10:00:44 | Transparent Tribe: Evolution analysis,part 2 (lien direct) | In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe. | APT 36 |
To see everything:
Our RSS (filtrered)
