This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-15T11:29:27+00:00 www.secnews.physaphae.fr Kaspersky - Kaspersky Research blog In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft\'s patch Tuesday. We have seen it exploited by QuakBot and other malware.]]> 2024-05-14T17:14:38+00:00 https://securelist.com/cve-2024-30051/112618/ www.secnews.physaphae.fr/article.php?IdArticle=8499712 False Malware,Vulnerability,Threat None None Kaspersky - Kaspersky Research blog The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.]]> 2024-05-14T11:00:59+00:00 https://securelist.com/kaspersky-incident-response-report-2023/112504/ www.secnews.physaphae.fr/article.php?IdArticle=8499474 False Studies None 4.0000000000000000 Kaspersky - Kaspersky Research blog The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.]]> 2024-05-09T10:00:28+00:00 https://securelist.com/apt-trends-report-q1-2024/112473/ www.secnews.physaphae.fr/article.php?IdArticle=8496467 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement.]]> 2024-05-08T10:00:40+00:00 https://securelist.com/state-of-ransomware-2023/112590/ www.secnews.physaphae.fr/article.php?IdArticle=8495815 False Ransomware,Threat,Legislation None 3.0000000000000000 Kaspersky - Kaspersky Research blog The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024.]]> 2024-05-07T10:00:39+00:00 https://securelist.com/vulnerability-report-q1-2024/112554/ www.secnews.physaphae.fr/article.php?IdArticle=8495122 False Vulnerability,Threat None 3.0000000000000000 Kaspersky - Kaspersky Research blog In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware.]]> 2024-05-06T10:00:31+00:00 https://securelist.com/financial-threat-report-2023/112526/ www.secnews.physaphae.fr/article.php?IdArticle=8494518 False Malware,Mobile None 3.0000000000000000 Kaspersky - Kaspersky Research blog The report covers the tactics, techniques and tools most commonly deployed by threat actors, the nature of incidents detected and their distribution among MDR customers.]]> 2024-04-30T09:00:40+00:00 https://securelist.com/kaspersky-mdr-report-2023/112411/ www.secnews.physaphae.fr/article.php?IdArticle=8491133 False Tool,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.]]> 2024-04-24T10:00:31+00:00 https://securelist.com/xz-backdoor-story-part-2-social-engineering/112476/ www.secnews.physaphae.fr/article.php?IdArticle=8487904 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog We continue to report on the APT group ToddyCat. This time, we\'ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.]]> 2024-04-22T10:00:00+00:00 https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/ www.secnews.physaphae.fr/article.php?IdArticle=8486723 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.]]> 2024-04-18T10:00:07+00:00 https://securelist.com/dunequixote/112425/ www.secnews.physaphae.fr/article.php?IdArticle=8484632 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.]]> 2024-04-17T10:00:28+00:00 https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/ www.secnews.physaphae.fr/article.php?IdArticle=8484029 False Mobile None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.]]> 2024-04-15T10:00:28+00:00 https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/ www.secnews.physaphae.fr/article.php?IdArticle=8482611 False Ransomware None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.]]> 2024-04-12T08:00:34+00:00 https://securelist.com/xz-backdoor-story-part-1/112354/ www.secnews.physaphae.fr/article.php?IdArticle=8480553 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.]]> 2024-03-28T13:00:51+00:00 https://securelist.com/dinodasrat-linux-implant/112284/ www.secnews.physaphae.fr/article.php?IdArticle=8471988 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.]]> 2024-03-20T11:00:34+00:00 https://securelist.com/crimeware-report-android-malware/112121/ www.secnews.physaphae.fr/article.php?IdArticle=8467245 False Malware,Mobile None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region.]]> 2024-03-19T10:00:20+00:00 https://securelist.com/threat-landscape-for-industrial-automation-systems-h2-2023/112153/ www.secnews.physaphae.fr/article.php?IdArticle=8466577 False Threat,Studies,Industrial None 4.0000000000000000 Kaspersky - Kaspersky Research blog In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.]]> 2024-03-14T10:00:24+00:00 https://securelist.com/windows-vulnerabilities/112232/ www.secnews.physaphae.fr/article.php?IdArticle=8463678 False Vulnerability,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine.]]> 2024-03-13T11:29:43+00:00 https://securelist.com/trojanized-text-editor-apps/112167/ www.secnews.physaphae.fr/article.php?IdArticle=8463141 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected.]]> 2024-03-13T08:00:40+00:00 https://securelist.com/state-of-stalkerware-2023/112135/ www.secnews.physaphae.fr/article.php?IdArticle=8463037 False Studies None 4.0000000000000000 Kaspersky - Kaspersky Research blog Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years\' experience.]]> 2024-03-12T10:00:58+00:00 https://securelist.com/top-10-web-app-vulnerabilities/112144/ www.secnews.physaphae.fr/article.php?IdArticle=8462545 False Vulnerability None 2.0000000000000000 Kaspersky - Kaspersky Research blog This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks.]]> 2024-03-07T10:00:53+00:00 https://securelist.com/spam-phishing-report-2023/112015/ www.secnews.physaphae.fr/article.php?IdArticle=8460239 False Spam,Studies None 4.0000000000000000 Kaspersky - Kaspersky Research blog While investigating an incident, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the QEMU hardware emulator.]]> 2024-03-05T08:00:14+00:00 https://securelist.com/network-tunneling-with-qemu/111803/ www.secnews.physaphae.fr/article.php?IdArticle=8459177 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog Security research into an AI robot for kids revealed several vulnerabilities enabling a cybercriminal to take over device control and to video-chat with the kid.]]> 2024-02-27T15:00:33+00:00 https://securelist.com/smart-robot-security-research/111938/ www.secnews.physaphae.fr/article.php?IdArticle=8455919 False Vulnerability None 2.0000000000000000 Kaspersky - Kaspersky Research blog This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others.]]> 2024-02-26T08:00:20+00:00 https://securelist.com/mobile-malware-report-2023/111964/ www.secnews.physaphae.fr/article.php?IdArticle=8455272 False Malware,Threat,Studies,Mobile None 4.0000000000000000 Kaspersky - Kaspersky Research blog We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil.]]> 2024-02-08T10:00:36+00:00 https://securelist.com/coyote-multi-stage-banking-trojan/111846/ www.secnews.physaphae.fr/article.php?IdArticle=8447950 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc.]]> 2024-01-31T10:00:45+00:00 https://securelist.com/ksb-ics-predictions-2024/111835/ www.secnews.physaphae.fr/article.php?IdArticle=8445115 False Ransomware,Threat,Industrial,Prediction None 4.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky experts review their privacy predictions for 2023 and last year\'s trends, and try to predict what privacy concerns and solutions are to come in 2024.]]> 2024-01-25T10:00:38+00:00 https://securelist.com/ksb-privacy-predictions-2024/111815/ www.secnews.physaphae.fr/article.php?IdArticle=8442906 False Prediction None 3.0000000000000000 Kaspersky - Kaspersky Research blog We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.]]> 2024-01-22T08:00:49+00:00 https://securelist.com/new-macos-backdoor-crypto-stealer/111778/ www.secnews.physaphae.fr/article.php?IdArticle=8441553 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog An overview of last year\'s predictions for corporate and dark web threats and our predictions for 2024.]]> 2024-01-17T10:00:24+00:00 https://securelist.com/darknet-predictions-for-2024/111763/ www.secnews.physaphae.fr/article.php?IdArticle=8439813 False Prediction None 2.0000000000000000 Kaspersky - Kaspersky Research blog Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator.]]> 2024-01-16T10:00:53+00:00 https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/ www.secnews.physaphae.fr/article.php?IdArticle=8439484 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.]]> 2023-12-27T14:00:43+00:00 https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/ www.secnews.physaphae.fr/article.php?IdArticle=8429808 False Mobile None 2.0000000000000000 Kaspersky - Kaspersky Research blog This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.]]> 2023-12-21T10:00:59+00:00 https://securelist.com/windows-clfs-exploits-ransomware-cve-2023-23376/111593/ www.secnews.physaphae.fr/article.php?IdArticle=8426659 False Ransomware,Vulnerability,Studies None 2.0000000000000000 Kaspersky - Kaspersky Research blog This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.]]> 2023-12-21T10:00:56+00:00 https://securelist.com/windows-clfs-exploits-ransomware-october-2022/111591/ www.secnews.physaphae.fr/article.php?IdArticle=8426789 False Ransomware,Vulnerability,Studies None 2.0000000000000000 Kaspersky - Kaspersky Research blog This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.]]> 2023-12-21T10:00:53+00:00 https://securelist.com/windows-clfs-exploits-ransomware-september-2022/111584/ www.secnews.physaphae.fr/article.php?IdArticle=8426912 False Ransomware,Vulnerability,Studies None 2.0000000000000000 Kaspersky - Kaspersky Research blog We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at the CLFS driver and its vulnerabilities.]]> 2023-12-21T10:00:50+00:00 https://securelist.com/windows-clfs-exploits-ransomware/111560/ www.secnews.physaphae.fr/article.php?IdArticle=8426662 False Ransomware,Vulnerability None 2.0000000000000000 Kaspersky - Kaspersky Research blog This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.]]> 2023-12-21T10:00:47+00:00 https://securelist.com/windows-clfs-exploits-ransomware-cve-2022-24521/111580/ www.secnews.physaphae.fr/article.php?IdArticle=8427114 False Ransomware,Vulnerability,Studies None 2.0000000000000000 Kaspersky - Kaspersky Research blog This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.]]> 2023-12-21T10:00:01+00:00 https://securelist.com/windows-clfs-exploits-ransomware-cve-2023-28252/111601/ www.secnews.physaphae.fr/article.php?IdArticle=8427369 False Ransomware,Vulnerability,Studies None 2.0000000000000000 Kaspersky - Kaspersky Research blog We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities.]]> 2023-12-14T13:00:40+00:00 https://securelist.com/unveiling-nkabuse/111512/ www.secnews.physaphae.fr/article.php?IdArticle=8422610 False Malware,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS.]]> 2023-12-13T10:00:25+00:00 https://securelist.com/crimeware-report-fakesg-akira-amos/111483/ www.secnews.physaphae.fr/article.php?IdArticle=8421973 False Ransomware,Malware None 2.0000000000000000 Kaspersky - Kaspersky Research blog We created a list of companies worldwide from different industries and searched through Darknet trying to find out how likely these companies have suffered a breach, what kind of data leaked, and what to do with it.]]> 2023-12-12T10:00:18+00:00 https://securelist.com/what-to-do-if-your-company-was-mentioned-on-darknet/111358/ www.secnews.physaphae.fr/article.php?IdArticle=8421440 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog Generative AI has become the trendiest technology of 2023. Kaspersky reviews AI-related security concerns, and implementations of this technology in cyberdefense and red teaming, and provides predictions for 2024.]]> 2023-12-11T10:00:51+00:00 https://securelist.com/story-of-the-year-2023-ai-impact-on-cybersecurity/111341/ www.secnews.physaphae.fr/article.php?IdArticle=8420964 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address.]]> 2023-12-06T10:00:14+00:00 https://securelist.com/trojan-proxy-for-macos/111325/ www.secnews.physaphae.fr/article.php?IdArticle=8419501 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system.]]> 2023-12-05T10:00:34+00:00 https://securelist.com/bluenoroff-new-macos-malware/111290/ www.secnews.physaphae.fr/article.php?IdArticle=8419229 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT.]]> 2023-12-04T11:00:17+00:00 https://securelist.com/ksb-2023-statistics/111156/ www.secnews.physaphae.fr/article.php?IdArticle=8418971 False Ransomware,Malware,Vulnerability,Threat,Studies None 2.0000000000000000 Kaspersky - Kaspersky Research blog Mobile threat statistics for Q3 2023 include data on malware, adware, banking Trojans and ransomware for Android devices.]]> 2023-12-01T10:00:31+00:00 https://securelist.com/it-threat-evolution-q3-2023-mobile-statistics/111224/ www.secnews.physaphae.fr/article.php?IdArticle=8418266 False Ransomware,Malware,Threat,Mobile,Mobile None 3.0000000000000000 Kaspersky - Kaspersky Research blog Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China.]]> 2023-12-01T10:00:09+00:00 https://securelist.com/it-threat-evolution-q3-2023/111171/ www.secnews.physaphae.fr/article.php?IdArticle=8418267 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog PC malware statistics for Q3 2023 include data on miners, ransomware, banking Trojans and other threats to Windows, macOS and IoT equipment.]]> 2023-12-01T10:00:03+00:00 https://securelist.com/it-threat-evolution-q3-2023-non-mobile-statistics/111228/ www.secnews.physaphae.fr/article.php?IdArticle=8418268 False Ransomware,Malware,Threat,Studies None 3.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky experts review last year\'s predictions on consumer cyberthreats and try to anticipate the trends for 2024.]]> 2023-11-23T10:00:45+00:00 https://securelist.com/kaspersky-security-bulletin-consumer-threats-2024/111135/ www.secnews.physaphae.fr/article.php?IdArticle=8416281 False Prediction None 3.0000000000000000 Kaspersky - Kaspersky Research blog In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.]]> 2023-11-22T10:00:53+00:00 https://securelist.com/hrserv-apt-web-shell/111119/ www.secnews.physaphae.fr/article.php?IdArticle=8415821 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky assesses last year\'s predictions for the financial threat landscape, and tries to anticipate crimeware trends for the coming year 2024.]]> 2023-11-21T10:00:39+00:00 https://securelist.com/kaspersky-security-bulletin-crimeware-financial-threats-2024/111093/ www.secnews.physaphae.fr/article.php?IdArticle=8415292 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog As Black Friday approaches, Kaspersky analyzes phishing and spam activity around major sales events, and reviews statistics on online shopping threats in 2023.]]> 2023-11-20T10:00:27+00:00 https://securelist.com/black-friday-cyberthreat-report-2023/111076/ www.secnews.physaphae.fr/article.php?IdArticle=8414771 False Spam None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024.]]> 2023-11-14T10:00:24+00:00 https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/ www.secnews.physaphae.fr/article.php?IdArticle=8411683 False Threat,Prediction None 3.0000000000000000 Kaspersky - Kaspersky Research blog The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers.]]> 2023-11-10T08:00:39+00:00 https://securelist.com/ducktail-fashion-week/111017/ www.secnews.physaphae.fr/article.php?IdArticle=8408966 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups.]]> 2023-11-09T08:00:26+00:00 https://securelist.com/modern-asia-apt-groups-ttp/111009/ www.secnews.physaphae.fr/article.php?IdArticle=8408343 False Threat,General Information None 3.0000000000000000 Kaspersky - Kaspersky Research blog Gaming-related threat landscape in 2023: desktop and mobile malware disguised as Minecraft, Roblox and other popular games, and the most widespread phishing schemes.]]> 2023-11-06T10:00:58+00:00 https://securelist.com/game-related-threat-report-2023/110960/ www.secnews.physaphae.fr/article.php?IdArticle=8406511 False Malware,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog A WhatsApp mod with a built-in spy module has been spreading through Arabic and Azeri Telegram channels since August 2023.]]> 2023-11-02T10:00:04+00:00 https://securelist.com/spyware-whatsapp-mod/110984/ www.secnews.physaphae.fr/article.php?IdArticle=8404601 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns]]> 2023-10-27T06:00:12+00:00 https://securelist.com/unveiling-lazarus-new-campaign/110888/ www.secnews.physaphae.fr/article.php?IdArticle=8401253 False None APT 38,APT 38 2.0000000000000000 Kaspersky - Kaspersky Research blog How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.]]> 2023-10-26T10:30:48+00:00 https://securelist.com/operation-triangulation-catching-wild-triangle/110916/ www.secnews.physaphae.fr/article.php?IdArticle=8400775 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing.]]> 2023-10-26T04:00:28+00:00 https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/ www.secnews.physaphae.fr/article.php?IdArticle=8400668 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog In this report, we share our latest crimeware findings: GoPIX targeting PIX payment system; Lumar stealing files and passwords; Rhysida ransomware supporting old Windows.]]> 2023-10-24T10:00:01+00:00 https://securelist.com/crimeware-report-gopix-lumar-rhysida/110871/ www.secnews.physaphae.fr/article.php?IdArticle=8399657 False Ransomware None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.]]> 2023-10-23T11:00:59+00:00 https://securelist.com/triangulation-validators-modules/110847/ www.secnews.physaphae.fr/article.php?IdArticle=8399248 False None None 4.0000000000000000 Kaspersky - Kaspersky Research blog Cybercriminals attack government, law enforcement, non-profit organizations, agricultural and commercial companies by slipping a cryptominer, keylogger, and backdoor into their systems.]]> 2023-10-19T10:00:05+00:00 https://securelist.com/miner-keylogger-backdoor-attack-b2b/110761/ www.secnews.physaphae.fr/article.php?IdArticle=8397626 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry.]]> 2023-10-18T10:00:51+00:00 https://securelist.com/updated-mata-attacks-industrial-companies-in-eastern-europe/110829/ www.secnews.physaphae.fr/article.php?IdArticle=8397157 False Malware,Industrial None 3.0000000000000000 Kaspersky - Kaspersky Research blog TetrisPhantom targets government entities in APAC, APT BadRory attacks multiple entities in Russia, new malicious campaign uses well-known Owowa, IIS backdoor and other significant events during Q3 2023]]> 2023-10-17T10:00:41+00:00 https://securelist.com/apt-trends-report-q3-2023/110752/ www.secnews.physaphae.fr/article.php?IdArticle=8396637 False Studies None 4.0000000000000000 Kaspersky - Kaspersky Research blog We analyzed the data published by Cyber Av3ngers and found it to be sourced from older leaks by another hacktivist group called Moses Staff.]]> 2023-10-16T16:00:37+00:00 https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush/110794/ www.secnews.physaphae.fr/article.php?IdArticle=8396273 False Hack None 3.0000000000000000 Kaspersky - Kaspersky Research blog We look at how user data privacy is handled by large language model-based chatbots: ChatGPT, Microsoft Bing, Google Bard, Anthropic Claude, You.com, and Bing.]]> 2023-10-13T12:00:17+00:00 https://securelist.com/llm-based-chatbots-privacy/110733/ www.secnews.physaphae.fr/article.php?IdArticle=8395105 False None ChatGPT 3.0000000000000000 Kaspersky - Kaspersky Research blog In this article, we\'ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations.]]> 2023-10-12T10:00:25+00:00 https://securelist.com/toddycat-keep-calm-and-check-logs/110696/ www.secnews.physaphae.fr/article.php?IdArticle=8394660 False Malware None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this report, we share our latest crimeware findings: the ASMCrypt cryptor/loader related to DoubleFinger, a new Lumma stealer and a new version of Zanubis Android banking trojan.]]> 2023-09-28T08:00:35+00:00 https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/ www.secnews.physaphae.fr/article.php?IdArticle=8388954 False Studies None 3.0000000000000000 Kaspersky - Kaspersky Research blog Scammers are camouflaging phishing links with QR codes and distributing them through email.]]> 2023-09-27T10:00:41+00:00 https://securelist.com/qr-codes-in-phishing/110676/ www.secnews.physaphae.fr/article.php?IdArticle=8388254 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023.]]> 2023-09-21T10:00:49+00:00 https://securelist.com/iot-threat-report-2023/110644/ www.secnews.physaphae.fr/article.php?IdArticle=8386218 False Malware None 2.0000000000000000 Kaspersky - Kaspersky Research blog In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.]]> 2023-09-13T09:00:18+00:00 https://securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/110605/ www.secnews.physaphae.fr/article.php?IdArticle=8382181 False Threat,Studies,Industrial None 4.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.]]> 2023-09-12T08:00:18+00:00 https://securelist.com/backdoored-free-download-manager-linux-malware/110465/ www.secnews.physaphae.fr/article.php?IdArticle=8381696 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.]]> 2023-09-11T10:00:26+00:00 https://securelist.com/cuba-ransomware/110533/ www.secnews.physaphae.fr/article.php?IdArticle=8381190 False Ransomware None 2.0000000000000000 Kaspersky - Kaspersky Research blog Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.]]> 2023-09-08T10:00:40+00:00 https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/ www.secnews.physaphae.fr/article.php?IdArticle=8380372 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog PC malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.]]> 2023-08-30T10:00:41+00:00 https://securelist.com/it-threat-evolution-q2-2023-non-mobile-statistics/110413/ www.secnews.physaphae.fr/article.php?IdArticle=8376637 False Malware,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog The smartphone malware statistics for Q2 2023 includes data for Android malware, adware, banking Trojans and ransomware.]]> 2023-08-30T10:00:33+00:00 https://securelist.com/it-threat-evolution-q2-2023-mobile-statistics/110427/ www.secnews.physaphae.fr/article.php?IdArticle=8376638 False Malware,Threat None 3.0000000000000000 Kaspersky - Kaspersky Research blog Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.]]> 2023-08-30T10:00:05+00:00 https://securelist.com/it-threat-evolution-q2-2023/110355/ www.secnews.physaphae.fr/article.php?IdArticle=8376639 False Threat APT 38 3.0000000000000000 Kaspersky - Kaspersky Research blog In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds.]]> 2023-08-25T10:00:49+00:00 https://securelist.com/lockbit-ransomware-builder-analysis/110370/ www.secnews.physaphae.fr/article.php?IdArticle=8374428 False Tool None 3.0000000000000000 Kaspersky - Kaspersky Research blog Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.]]> 2023-08-14T10:00:32+00:00 https://securelist.com/phishing-with-hacked-sites/110334/ www.secnews.physaphae.fr/article.php?IdArticle=8369851 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.]]> 2023-08-10T10:00:22+00:00 https://securelist.com/focus-on-droxidat-systembc/110302/ www.secnews.physaphae.fr/article.php?IdArticle=8368301 False Ransomware None 3.0000000000000000 Kaspersky - Kaspersky Research blog In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems.]]> 2023-08-10T08:00:07+00:00 https://securelist.com/common-ttps-of-attacks-against-industrial-organizations/110319/ www.secnews.physaphae.fr/article.php?IdArticle=8368262 False Industrial None 3.0000000000000000 Kaspersky - Kaspersky Research blog In this report, we share our recent crimeware findings: the new DarkGate loader, new LokiBot campaign and new Emotet version delivered via OneNote.]]> 2023-08-03T10:00:32+00:00 https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/ www.secnews.physaphae.fr/article.php?IdArticle=8365139 False Ransomware,Studies None 3.0000000000000000 Kaspersky - Kaspersky Research blog I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM.]]> 2023-07-28T10:00:16+00:00 https://securelist.com/anomaly-detection-in-certificate-based-tgt-requests/110242/ www.secnews.physaphae.fr/article.php?IdArticle=8362648 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.]]> 2023-07-27T10:00:22+00:00 https://securelist.com/apt-trends-report-q2-2023/110231/ www.secnews.physaphae.fr/article.php?IdArticle=8362154 False Threat,Studies None 2.0000000000000000 Kaspersky - Kaspersky Research blog We will highlight the key points and then focus on the initial use of the CVE-2023-23397 vulnerability by attackers before it became public.]]> 2023-07-19T12:00:41+00:00 https://securelist.com/analysis-of-attack-samples-exploiting-cve-2023-23397/110202/ www.secnews.physaphae.fr/article.php?IdArticle=8358779 False Vulnerability None 3.0000000000000000 Kaspersky - Kaspersky Research blog Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work.]]> 2023-07-05T10:00:09+00:00 https://securelist.com/hot-and-cold-cryptowallet-phishing/110136/ www.secnews.physaphae.fr/article.php?IdArticle=8352394 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this crimeware report, Kaspersky researchers provide insights into Andariel\'s activity targeting organizations: clumsy commands executed manually, off-the-shelf tools and EasyRat malware.]]> 2023-06-28T10:00:24+00:00 https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/ www.secnews.physaphae.fr/article.php?IdArticle=8350080 False Malware None 2.0000000000000000 Kaspersky - Kaspersky Research blog This report contains statistics on cybersecurity threats to small and medium-sized businesses in 2023, and examples of cyberattacks on SMBs.]]> 2023-06-27T06:00:36+00:00 https://securelist.com/smb-threat-report-2023/110097/ www.secnews.physaphae.fr/article.php?IdArticle=8349608 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this crimeware report, Kaspersky researchers provide insights into the Conti-based LockBit Green variant, ransomware samples for macOS, FreeBSD, etc. and phishing campaigns targeting organizations.]]> 2023-06-22T10:00:01+00:00 https://securelist.com/crimeware-report-lockbit-switchsymb/110068/ www.secnews.physaphae.fr/article.php?IdArticle=8347982 False Ransomware None 2.0000000000000000 Kaspersky - Kaspersky Research blog In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details.]]> 2023-06-21T10:00:57+00:00 https://securelist.com/triangledb-triangulation-implant/110050/ www.secnews.physaphae.fr/article.php?IdArticle=8347621 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog We analyzed smart pet feeders by Dogness, and discovered serious vulnerabilities such as hard-coded credentials and insecure update process.]]> 2023-06-20T10:00:55+00:00 https://securelist.com/smart-pet-feeder-vulnerabilities/110028/ www.secnews.physaphae.fr/article.php?IdArticle=8347243 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog What Malware-as-a-Service includes, on what terms cybercriminals offer it, and what malware they most often distribute under this model]]> 2023-06-15T10:00:56+00:00 https://securelist.com/malware-as-a-service-market/109980/ www.secnews.physaphae.fr/article.php?IdArticle=8345676 False Malware None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky researchers share insight into multistage DoubleFinger loader attack delivering GreetingGhoul cryptocurrency stealer and Remcos RAT.]]> 2023-06-12T10:00:57+00:00 https://securelist.com/doublefinger-loader-delivering-greetingghoul-cryptocurrency-stealer/109982/ www.secnews.physaphae.fr/article.php?IdArticle=8344331 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser]]> 2023-06-07T08:00:34+00:00 https://securelist.com/it-threat-evolution-q1-2023/109838/ www.secnews.physaphae.fr/article.php?IdArticle=8342940 False Threat ChatGPT,ChatGPT 3.0000000000000000 Kaspersky - Kaspersky Research blog The smartphone threat statistics for Q1 2023 includes data for Android malware, adware, banking Trojans and ransomware.]]> 2023-06-07T08:00:26+00:00 https://securelist.com/it-threat-evolution-q1-2023-mobile-statistics/109893/ www.secnews.physaphae.fr/article.php?IdArticle=8342941 False Threat None 3.0000000000000000 Kaspersky - Kaspersky Research blog PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.]]> 2023-06-07T08:00:18+00:00 https://securelist.com/it-threat-evolution-q1-2023-pc-statistics/109917/ www.secnews.physaphae.fr/article.php?IdArticle=8342942 False Malware,Threat None 3.0000000000000000 Kaspersky - Kaspersky Research blog A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera.]]> 2023-06-05T10:00:03+00:00 https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-extension/109807/ www.secnews.physaphae.fr/article.php?IdArticle=8342093 False None None 3.0000000000000000 Kaspersky - Kaspersky Research blog We developed a dedicated utility to scan the iOS backups and run all the checks for Operation Triangulation indicators.]]> 2023-06-02T12:16:15+00:00 https://securelist.com/find-the-triangulation-utility/109867/ www.secnews.physaphae.fr/article.php?IdArticle=8341466 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.]]> 2023-06-01T12:36:45+00:00 https://securelist.com/operation-triangulation/109842/ www.secnews.physaphae.fr/article.php?IdArticle=8341198 False Malware None 2.0000000000000000 Kaspersky - Kaspersky Research blog GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.]]> 2023-05-23T08:00:02+00:00 https://securelist.com/goldenjackal-apt-group/109677/ www.secnews.physaphae.fr/article.php?IdArticle=8338658 False None GoldenJackal 4.0000000000000000