Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2018/04/04 10:0 a.m.39 views

Pocket cryptofarms

In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/03/10 10:0 a.m.38 views

SideWinder targets the maritime and nuclear sectors with an updated toolset

Last year, we published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In it, we described activities that had mostly happened in the first half of the year. We tried to draw...

7.8CVSS7.8AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2024/06/03 10:0 a.m.38 views

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platfo...

7.8CVSS6AI score0.51517EPSS
Exploits3
Securelist
Securelist
added 2024/02/08 10:0 a.m.38 views

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, we encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. What caught our...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/10/24 10:0 a.m.38 views

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

Introduction As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones. In this...

7AI score
Exploits0
Securelist
Securelist
added 2023/03/08 10:0 a.m.38 views

The state of stalkerware in 2022

The state of stalkerware in 2022 PDF Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be discretel...

6.4AI score
Exploits0
Securelist
Securelist
added 2022/05/06 10:0 a.m.38 views

Mobile subscription Trojans and their little tricks

Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a users name and scammers take a cut from the money billed...

0.4AI score
Exploits0
Securelist
Securelist
added 2021/10/19 10:0 a.m.38 views

Trickbot module descriptions

Trickbot aka TrickLoader or Trickster, is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially th...

7AI score
Exploits0
Securelist
Securelist
added 2020/11/24 10:0 a.m.38 views

Lookalike domains and how to outfox them

Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to...

7AI score
Exploits0
Securelist
Securelist
added 2020/08/20 10:0 a.m.38 views

Transparent Tribe: Evolution analysis,part 1

Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have...

0.3AI score
Exploits0
Securelist
Securelist
added 2018/11/26 10:0 a.m.38 views

Cyberthreats to financial institutions 2019: overview and predictions

Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cryptocurrency threat predictions for 2019 Introduction – key events in 2018 The past year has been extremely eventful in terms of the digital threats faced by financial institutions:...

0.7AI score
Exploits0
Securelist
Securelist
added 2018/11/15 10:0 a.m.38 views

Black Friday alert

Banking Trojans traditionally target users of online financial services; looking for financial data to steal or building botnets out of hacked devices for future attacks. However, over time, several of these banking Trojans have enhanced their functionality, launching new variants and extending...

0.3AI score
Exploits0
Securelist
Securelist
added 2024/12/20 10:0 a.m.37 views

BellaCPP: Discovering a new BellaCiao variant written in C++

Introduction BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor...

7AI score
Exploits0
Securelist
Securelist
added 2024/08/05 9:40 a.m.37 views

LianSpy: new Android spyware targeting Russian users

In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs a...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/04/18 10:0 a.m.37 views

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Introduction In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it "DuneQuixote"; and our investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions –...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/01/22 8:0 a.m.37 views

Cracked software beats gold: new macOS backdoor stealing cryptowallets

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/12/01 10:0 a.m.37 views

IT threat evolution in Q3 2023. Mobile statistics

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/10/23 11:0 a.m.37 views

The outstanding stealth of Operation Triangulation

Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/03/29 10:0 a.m.37 views

Financial cyberthreats in 2022

Financial gain remains the key driver of cybercriminal activity. In the past year, weve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats ...

7.1AI score
Exploits0
Securelist
Securelist
added 2022/08/16 8:0 a.m.37 views

Threat in your browser: what dangers innocent-looking extensions hold for users

Whether you want to block ads, keep a to-do list or check your spelling, browser extensions allow you to do all of the above and more, improving convenience, productivity and efficiency for free, which is why they are so popular. Chrome, Safari, Mozilla — these and many other major Web browsers —...

6.6AI score
Exploits0
Securelist
Securelist
added 2020/12/02 12:0 p.m.37 views

ICS threat predictions for 2021

We present our vision of what challenges industrial cybersecurity will soon be or already is facing, and what to expect from cybercriminals in 2021. Random infections 1. Infections will tend to be less random or have non-random follow-ups, as cybercriminals have spent the past several years...

1AI score
Exploits0
Securelist
Securelist
added 2019/11/22 9:4 a.m.37 views

Black Friday Alert 2019: Net Shopping Bag of Threats

Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts. In the rush to get a big discount or, even more panic-inducing, a...

7.3AI score
Exploits0
Securelist
Securelist
added 2018/08/30 10:0 a.m.37 views

What are botnets downloading?

Spam mailshots with links to malware and bots downloading other malware are just a couple of botnet deployment scenarios. The choice of infectious payload is limited only by the imagination of the botnet operator or customer. It might be a ransomware, a banker, a miner, a backdoor, the list goes...

0.6AI score
Exploits0
Securelist
Securelist
added 2017/11/15 10:2 a.m.38 views

Threat Predictions for Cryptocurrencies in 2018

The landscape in 2017 Today, cryptocurrency is no longer only for computer geeks and IT pros. It's starting to affect people's daily life more than they realize. At the same time, it is fast becoming an attractive target for cybercriminals. Some cyberthreats have been inherited from e-payments,...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/09/02 10:0 a.m.36 views

Head Mare: adventures of a unicorn in Russia and Belarus

Head Mare is a hacktivist group that first made itself known in 2023 on the social network X formerly Twitter1. In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops...

7.8CVSS8.4AI score0.97798EPSS
Exploits49
Securelist
Securelist
added 2024/03/13 8:0 a.m.36 views

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 PDF The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/11/06 10:0 a.m.36 views

Gaming-related cyberthreats in 2023: Minecrafters targeted the most

Introduction and trends The gaming industry continues growing. The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 percent more than last year. Globally, gaming revenue amounts to an estimated US$242.39 billion, with almost hal...

6.4AI score
Exploits0
Securelist
Securelist
added 2023/02/15 10:0 a.m.36 views

IoC detection experiments with ChatGPT

ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such a...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/01/31 8:0 a.m.36 views

Prilex modification now targeting contactless credit card transactions

Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks. Prilex goes beyond these, and it...

6.3AI score
Exploits0
Securelist
Securelist
added 2022/08/03 8:0 a.m.36 views

DDoS attacks in Q2 2022

News overview Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. ALtahrea Team, a group targeting NATO and its partners, attacked public transportation websites in Israel and the United Kingdom. Israel s...

0.4AI score
Exploits0
Securelist
Securelist
added 2022/04/07 10:0 a.m.36 views

A Bad Luck BlackCat

In early December 2021, a new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, a new generation Ransomware-as-a-Service RaaS group. Shortly afterwards, they dialed up their activity, infecting numerous corporate victims around t...

0.2AI score
Exploits0
Securelist
Securelist
added 2020/07/28 10:0 a.m.36 views

Lazarus on the hunt for big game

We may only be six months in, but theres little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/12/03 10:0 a.m.36 views

Cybersecurity of connected healthcare 2020: Overview and predictions

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 5G technology predictions 2020 Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions More than two years after the infamous Wannacry ransomware crippled medical facilities and...

0.8AI score
Exploits0
Securelist
Securelist
added 2019/12/03 10:0 a.m.36 views

5G technology predictions 2020

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions It is estimated that data will reach 175 zettabytes...

7.6AI score
Exploits0
Securelist
Securelist
added 2019/07/01 9:0 a.m.36 views

How we hacked our colleague’s smart home

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology compa...

8.9AI score
Exploits0
Securelist
Securelist
added 2018/04/12 7:0 a.m.36 views

Operation Parliament, who is doing what?

Summary Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative,...

1.4AI score
Exploits0
Securelist
Securelist
added 2025/07/17 8:0 a.m.35 views

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

In a recent incident response IR case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our...

9CVSS8.7AI score0.99965EPSS
Exploits30
Securelist
Securelist
added 2024/05/09 10:0 a.m.35 views

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/05/08 10:0 a.m.35 views

State of ransomware in 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely – ...

8.5AI score
Exploits0
Securelist
Securelist
added 2024/04/24 10:10 a.m.35 views

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/12/11 10:0 a.m.35 views

Story of the year: the impact of AI on cybersecurity

In the whirlwind of technological advancements and societal transformations, the term "AI" has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/11/20 10:0 a.m.35 views

The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season

As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearl...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/06/21 10:0 a.m.35 views

Dissecting TriangleDB, a Triangulation spyware implant

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a...

7AI score
Exploits0
Securelist
Securelist
added 2023/03/23 8:0 a.m.35 views

Developing an incident response playbook

An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/03/09 10:0 a.m.35 views

Malvertising through search engines

In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious...

7.4AI score
Exploits0
Securelist
Securelist
added 2022/12/27 8:0 a.m.35 views

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

7.4AI score
Exploits0
Securelist
Securelist
added 2022/11/02 8:0 a.m.35 views

Server-side attacks, C&C in public clouds and other MDR cases we observed

Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response MDR team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you t...

Exploits0
Securelist
Securelist
added 2018/09/06 10:0 a.m.35 views

Threat Landscape for Industrial Automation Systems in H1 2018

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industria...

7.5AI score
Exploits0
Securelist
Securelist
added 2018/08/29 1:0 p.m.35 views

Loki Bot: On a hunt for corporate passwords

Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware's key objective is to steal passwords from browsers,...

0.1AI score
Exploits0
Securelist
Securelist
added 2023/10/13 12:0 p.m.34 views

ChatGPT at work: how chatbots help employees, but threaten business

Workhorse Only a few months ago, ChatGPT and other chatbots based on large language models LLMs were still a novelty. Users enjoyed using them to compose poems and lyrics in the style of famous artists which left Nick Cave, for example, decidedly unimpressed, researchers debated blowing up data...

6.8AI score
Exploits0
Total number of security vulnerabilities1025