Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2022/10/31 8:0 a.m.43 views

APT10: Tracking down LODEINFO 2022, part II

In the previous publication Tracking down LODEINFO 2022, part I, we mentioned that the initial infection methods vary in different attack scenarios and that the LODEINFO shellcode was regularly updated for use with each infection vector. In this article, we discuss improvements made to the LODEIN...

0.4AI score
Exploits0
Securelist
Securelist
added 2020/09/24 8:0 a.m.43 views

Threat landscape for industrial automation systems. H1 2020 highlights

Overall downward trend for percentages of attacked computers globally Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. In H1 2020 the percentage of ICS computers on which...

1.6AI score
Exploits0
Securelist
Securelist
added 2018/12/13 10:0 a.m.43 views

Remotely controlled EV home chargers – the threats and vulnerabilities

We are now seeing signs of a possible shift in the field of personal transport. Recent events such as the 'dieselgate' scandal undermine customer and government confidence in combustion engines and their environmental safety. At the same time there has been a big step forward in the development o...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/11/29 10:0 a.m.42 views

IT threat evolution in Q3 2024. Non-mobile statistics

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data...

9.8CVSS7.1AI score0.2677EPSS
Exploits0
Securelist
Securelist
added 2023/10/17 10:0 a.m.42 views

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/04/03 12:10 p.m.42 views

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack

On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/03/21 8:0 a.m.42 views

Bad magic: new APT found in the area of Russo-Ukrainian conflict

Since the start of the Russo-Ukrainian conflict, Kaspersky researchers and the international community at large have identified a significant number of cyberattacks executed in a political and geopolitical context. We previously published an overview of cyber activities and the threat landscape...

7AI score
Exploits0
Securelist
Securelist
added 2021/07/14 6:0 p.m.42 views

Arrests of members of Tetrade seed groups Grandoreiro and Melcoz

Spains Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz also known as Mekotio cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe...

0.3AI score
Exploits0
Securelist
Securelist
added 2020/03/24 10:0 a.m.42 views

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine KTAE doesn't...

7.3AI score
Exploits0
Securelist
Securelist
added 2018/06/20 10:0 a.m.42 views

Modern OSs for embedded systems

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems or, in other words, the internet of things. Our primary interest is how and to what degree these OSs can solve...

7.7AI score
Exploits0
Securelist
Securelist
added 2018/06/06 10:0 a.m.42 views

A MitM extension for Chrome

Browser extensions make our lives easier: they hide obtrusive advertising, translate text, help us choose in online stores, etc. There are also less desirable extensions, including those that bombard us with advertising or collect information about our activities. These pale into insignificance,...

6.9AI score
Exploits0
Securelist
Securelist
added 2018/02/13 9:0 a.m.42 views

Zero-day vulnerability in Telegram

In October 2017, we learned of a vulnerability in Telegram Messenger's Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service. Right-to-left override in a nutshell The special nonprinti...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/12/23 10:0 a.m.41 views

Cloud Atlas seen using a new tool in its attacks

Introduction Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We're shedding light on a previously undocumented toolset, which the group used heavily in 2024. Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formul...

7.8CVSS8.4AI score0.93289EPSS
Exploits7
Securelist
Securelist
added 2023/05/23 8:0 a.m.41 views

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...

8.1AI score
Exploits0
Securelist
Securelist
added 2022/08/16 12:0 p.m.41 views

Two more malicious Python packages in the PyPI

On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index PyPI, the most popular Python repository among software developers. The malicious packages were intended to steal developers personal data and credentials. Following this research, we used our...

7.4AI score
Exploits0
Securelist
Securelist
added 2022/05/04 10:0 a.m.41 views

A new secret stash for “fileless” malware

In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time "in the wild" during the malicious campaign. It allows the "fileless" last stage Trojan to be hidden from plain sight in the file system. Such attention to the event logs in the campaign...

0.3AI score
Exploits0
Securelist
Securelist
added 2021/07/01 12:0 p.m.41 views

Do cybercriminals play cyber games in quarantine? A look one year later

Last year, we decided to take a look at how the pandemic influenced the gaming industry and what new threats gamers could be facing. What we found was that, with the transition to remote work and remote learning, the number of blocked attempts to visit malicious game-related websites or follow...

8AI score
Exploits0
Securelist
Securelist
added 2020/05/14 12:0 p.m.41 views

Cyberthreats on lockdown

Every year, our anti-malware research team releases a series of reports on various cyberthreats: financial malware, web attacks, exploits, etc. As we monitor the increase, or decrease, in the number of certain threats, we do not usually associate these changes with concurrent world events – unles...

7.3AI score
Exploits0
Securelist
Securelist
added 2019/09/25 10:0 a.m.41 views

Ransomware: two pieces of good news

"All your files have been encrypted." How many times has this suddenly popped up on your screen? We hope never, because it's one of the most common indicators that you've lost access to your files. And if there are no publicly available decryptors or you don't have any backup copies, you're in...

7.2AI score
Exploits0
Securelist
Securelist
added 2017/11/17 10:0 a.m.41 views

Kaspersky Lab – Beyond Black Friday Threat Report, November 2017

Introduction The festive holiday shopping season, which covers Thanksgiving, Black Friday and Cyber Monday in late November as well as Christmas in December, now accounts for a significant share of annual sales for retailers, particularly in the U.S., Europe and APAC. Those selling clothing,...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/08/24 8:37 a.m.41 views

New multi platform malware/adware spreading via Facebook Messenger

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzin...

7AI score
Exploits0
Securelist
Securelist
added 2025/04/29 10:0 a.m.40 views

Outlaw cybergang attacking targets worldwide

Introduction In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw also known as "Dota" is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its...

8.1AI score
Exploits0
Securelist
Securelist
added 2024/10/18 10:0 a.m.40 views

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

Last December, we discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group's activity suggests a connection to other groups currently targeting Russia. We have seen overlaps not only in indicators of compromise and tools, b...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/08/13 12:0 p.m.40 views

APT trends report Q2 2024

For over six years now, Kasperskys Global Research and Analysis Team GReAT has been sharing quarterly updates on advanced persistent threats APTs. These summaries draw on our threat intelligence research, offering a representative overview of what weve published and discussed in more detail in ou...

10CVSS8.2AI score0.85974EPSS
Exploits40
Securelist
Securelist
added 2023/12/06 10:0 a.m.40 views

New macOS Trojan-Proxy piggybacking on cracked software

Illegally distributed software historically has served as a way to sneak malware onto victims devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a "free lunch". They are an excellent target for cybercriminals who realize that an...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/10/27 6:0 a.m.40 views

A cascade of compromise: unveiling Lazarus’ new campaign

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. Whats remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendors systems continued to use the...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/09/21 10:0 a.m.40 views

Overview of IoT threats in 2023

IoT devices routers, cameras, NAS boxes, and smart home components multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks o...

6.4CVSS8.1AI score0.87908EPSS
Exploits0
Securelist
Securelist
added 2022/09/06 8:18 a.m.40 views

Good game, well played: an overview of gaming-related cyberthreats in 2022

The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Since then, the industry has never stopped growing. According to the analytical agency Newzoo, in 2022, the global gaming market will exce...

7AI score
Exploits0
Securelist
Securelist
added 2022/02/23 10:0 a.m.40 views

Financial cyberthreats in 2021

The year 2021 was eventful in terms of digital threats for organizations and individuals, and financial institutions were no exception. Throughout the past year, we have seen cybercriminals continue to actively target our users with tools and techniques that emerged due to the pandemic...

0.6AI score
Exploits0
Securelist
Securelist
added 2019/11/22 10:0 a.m.40 views

5G security and privacy for smart cities

The 5G telecommunications revolution is imminent. It is the next generation of cellular network, making use of the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serv...

0.2AI score
Exploits0
Securelist
Securelist
added 2018/12/06 10:0 a.m.40 views

DarkVishnya: Banks attacked through direct connection to local network

While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In...

0.4AI score
Exploits0
Securelist
Securelist
added 2018/08/01 10:0 a.m.40 views

Attacks on industrial enterprises using RMS and TeamViewer

Main facts Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. The phishing emails are disguised as legitimate commercial offers and a...

0.7AI score
Exploits0
Securelist
Securelist
added 2018/05/22 10:0 a.m.40 views

I know where your pet is

Kaspersky Lab's many years of cyberthreat research would suggest that any device with access to the Internet will inevitably be hacked. In recent years, we have seen hacked toys, kettles, cameras, and irons. It would seem that no gadget has escaped the attention of hackers, yet there is one last...

0.3AI score0.01093EPSS
Exploits0
Securelist
Securelist
added 2018/03/07 10:0 a.m.40 views

Mobile malware evolution 2017

The year in figures In 2017, Kaspersky Lab detected the following: 5,730,916 malicious installation packages 94,368 mobile banking Trojans 544,107 mobile ransomware Trojans Trends of the year Rooting malware: no surrender For the last few years, rooting malware has been the biggest threat to...

7.2AI score
Exploits0
Securelist
Securelist
added 2017/09/13 9:0 a.m.40 views

Connected Medicine and Its Diagnosis

Medical data is slowly but surely migrating from paper mediums to the digital infrastructure of medical institutions. Today, the data is "scattered" across databases, portals, medical equipment, etc. In some cases, the security of the network infrastructure of such organizations is neglected, and...

7AI score
Exploits0
Securelist
Securelist
added 2017/08/29 9:0 a.m.40 views

Jimmy Nukebot: from Neutrino with love

"You FOOL! This isn't even my final form!" In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as...

7.3AI score
Exploits0
Securelist
Securelist
added 2026/02/03 8:10 a.m.39 views

The Notepad++ supply chain attack — unnoticed execution chains and new IoCs

UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. Introduction On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++...

6.2AI score
Exploits0
Securelist
Securelist
added 2024/03/13 11:29 a.m.39 views

What’s in your notepad? Infected text editors target Chinese users

"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...

7AI score
Exploits0
Securelist
Securelist
added 2023/05/02 8:0 a.m.39 views

Managed Detection and Response in 2022

Kaspersky Managed Detection and Response MDR is a service for 24/7 monitoring and response to detected incidents based on technologies and expertise of Kaspersky Security Operations Center SOC team. MDR allows detecting threats at any stage of the attack – both before anything is compromised and...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/05/01 10:0 a.m.39 views

What does ChatGPT know about phishing?

Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect...

7AI score
Exploits0
Securelist
Securelist
added 2021/11/29 8:0 a.m.39 views

WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

Overview This February, during our hunting efforts for threat actors using VBS/VBA implants, we came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with functionality to collect system information and...

7.4AI score
Exploits0
Securelist
Securelist
added 2021/06/29 10:0 a.m.39 views

Remote dating: How do the apps safeguard our data?

The pandemic and the restrictions that came with it have led to an increase in the popularity of dating apps. For example, the total number of swipes on Tinder increased by 11% last year, with the daily number of swipes surpassing the 3 billion mark for the first time as early as March 2020. This...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/12/02 12:0 p.m.39 views

Education predictions 2021

Changes in the education system have been brewing for a long time, with digitalization as the main direction of this transformation. The breakthrough came this year as about 1.5 billion students were unable to attend school due to the COVID-19 pandemic. As a result, educational systems all over t...

0.8AI score
Exploits0
Securelist
Securelist
added 2020/10/21 10:0 a.m.39 views

Life of Maze ransomware

In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Dozens of organizations have fallen victim to this vile malware, including LG, Southwire, and the City of Pensacola. The history of this ransomware began in the...

6.6AI score
Exploits0
Securelist
Securelist
added 2020/09/30 3:15 p.m.39 views

SAS@Home is back this fall

The world during the pandemic prepares many surprises for us. Most of them are certainly unpleasant: health risks, inability to travel or meet old friends. One of these unpleasant surprises awaited us in the early spring, when the organizing team of the beloved SAS conference were forced to...

7.3AI score
Exploits0
Securelist
Securelist
added 2020/04/22 10:0 a.m.39 views

What does it take to become a good reverse engineer?

How much money and effort does it take to become a good reverse engineer? Do you even need to be one? There are no universally acceptable answers to these questions. Software reverse engineering RE is not a science but a skillset combined with specific knowledge and backed by a lot of experience...

1AI score
Exploits0
Securelist
Securelist
added 2018/10/10 10:0 a.m.39 views

MuddyWater expands operations

Summary MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US. We recently...

1.5AI score
Exploits0
Securelist
Securelist
added 2018/08/16 10:0 a.m.39 views

Security assessment of corporate information systems in 2017

Each year, Kaspersky Lab's Security Services department carries out dozens of cybersecurity assessment projects for companies worldwide. In this publication, we present a general summary and statistics for the cybersecurity assessments we have conducted of corporate information systems throughout...

3.9AI score
Exploits0
Securelist
Securelist
added 2018/07/17 10:0 a.m.39 views

The return of Fantomas, or how we deciphered Cryakl

In early February this year, Belgian police seized the C&C servers of the infamous Cryakl cryptor. Soon afterwards, they handed over the private keys to our experts, who used them to update the free RakhniDecryptor tool for recovering files encrypted by the malware. The ransomware, which for year...

0.4AI score
Exploits0
Securelist
Securelist
added 2018/06/27 10:5 a.m.39 views

Ransomware and malicious crypto miners in 2016-2018

Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom usually in Bitcoins or another widely used e-currency, if they want to regain access to...

6.8AI score
Exploits0
Total number of security vulnerabilities1025