Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2024/07/09 1:0 p.m.19 views

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for...

6.6AI score
Exploits0
Securelist
Securelist
added 2024/06/18 11:30 a.m.19 views

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

6.9AI score
Exploits0
Securelist
Securelist
added 2023/12/12 10:0 a.m.19 views

What to do if your company was mentioned on Darknet?

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile, MailChimp and OpenAI in 2023. But are we really conscious of the tru...

7AI score
Exploits0
Securelist
Securelist
added 2023/10/16 4:0 p.m.19 views

A hack in hand is worth two in the bush

The ongoing conflict between Israel and Hamas has also extended into the digital domain. The involvement of hackers highlights the evolving nature of warfare in the 21st century, where traditional military operations are complemented by sophisticated cyber tactics, and where the boundaries betwee...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/06/02 12:16 p.m.19 views

In search of the Triangulation: triangle_check utility

In our initial blogpost about "Operation Triangulation", we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we...

7AI score
Exploits0
Securelist
Securelist
added 2023/05/04 10:0 a.m.19 views

Not quite an Easter egg: a new family of Trojan subscribers on Google Play

Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/03/24 8:0 a.m.19 views

Understanding metrics to measure SOC effectiveness

The security operations center SOC plays a critical role in protecting an organizations assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/03/15 10:0 a.m.19 views

Business on the dark web: deals and regulatory mechanisms

Download the full version of the report PDF Hundreds of deals are struck on the dark web every day: cybercriminals buy and sell data, provide illegal services to one another, hire other individuals to work as "employees" with their groups, and so on. Large sums of money are often on the table. To...

0.6AI score
Exploits0
Securelist
Securelist
added 2023/02/07 8:0 a.m.19 views

Web beacons on websites and in e-mail

There is a vast number of trackers, which gather information about users activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming...

Exploits0
Securelist
Securelist
added 2022/11/09 8:0 a.m.19 views

Cybersecurity threats: what awaits us in 2023?

Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. Those predictions...

6.9AI score
Exploits0
Securelist
Securelist
added 2022/10/05 9:0 a.m.19 views

Uncommon infection and malware propagation methods

Introduction We are often asked how targets are infected with malware. Our answer is nearly always the same: spear phishing. There will be exceptions, naturally, as we will encounter RCE vulnerabilities every now and then, or if the attacker is already on the network, they will use tools like...

0.8AI score
Exploits0
Securelist
Securelist
added 2022/06/23 10:0 a.m.19 views

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group,...

0.2AI score
Exploits0
Securelist
Securelist
added 2017/06/20 9:1 a.m.19 views

Ztorg: from rooting to SMS

I've been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. Then, in the second half of May 2017 I found one that wasn't...

7.8AI score
Exploits0
Securelist
Securelist
added 2026/06/16 9:0 a.m.18 views

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are...

5.5AI score
Exploits0
Securelist
Securelist
added 2025/06/06 10:0 a.m.18 views

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote...

6.5CVSS8.5AI score0.86489EPSS
Exploits0
Securelist
Securelist
added 2025/02/21 10:0 a.m.18 views

Angry Likho: Old beasts in a new forest

Angry Likho referred to as Sticky Werewolf by some vendors is an APT group we've been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we've analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho's attacks tend to be...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/12/27 10:0 a.m.18 views

Threat landscape for industrial automation systems in Q3 2024

Statistics across all threats In the third quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp to 22% when compared to the previous quarter. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024 Compared...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/07/29 10:0 a.m.18 views

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

Introduction In May 2020, Bitdefender released a white paper containing a detailed analysis of Mandrake, a sophisticated Android cyber-espionage platform, which had been active in the wild for at least four years. In April 2024, we discovered a suspicious sample that appeared to be a new version ...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/12/04 11:0 a.m.18 views

Kaspersky Security Bulletin 2023. Statistics

All statistics in this report come from the Kaspersky Security Network KSN global cloud service, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/09/13 9:0 a.m.18 views

Threat landscape for industrial automation systems. Statistics for H1 2023

Global threat statistics In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. Percentage of ICS computers on which malicious objects were blocked, by half year That said, he percentage of attacked ICS...

7AI score
Exploits0
Securelist
Securelist
added 2023/08/14 10:0 a.m.18 views

Phishing with hacked sites

Phishers want their fake pages to cost minimum effort but generate as much income as possible, so they eagerly use various tools and techniques to evade detection, and save time and money. Examples include automation with phishing kits or Telegram bots. Another tactic, popular with scammers big a...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/06/07 8:0 a.m.18 views

IT threat evolution Q1 2023. Mobile statistics

IT threat evolution Q1 2023 IT threat evolution Q1 2023. Non-mobile statistics IT threat evolution Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to...

7AI score
Exploits0
Securelist
Securelist
added 2023/02/10 10:0 a.m.18 views

Good, Perfect, Best: how the analyst can enhance penetration testing results

Penetration testing is something that many of those who know what a pentest is see as a search for weak spots and well-known vulnerabilities in clients infrastructure, and a bunch of copied-and-pasted recommendations on how to deal with the security holes thus discovered. In truth, it is not so...

7.5AI score
Exploits0
Securelist
Securelist
added 2022/11/18 8:5 a.m.18 views

IT threat evolution in Q3 2022. Mobile statistics

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

0.5AI score
Exploits0
Securelist
Securelist
added 2021/12/07 10:0 a.m.18 views

The story of the year: ransomware in the headlines

In the past twelve months, the word "ransomware" has popped up in countless headlines worldwide across both print and digital publications: The Wall Street Journal, the BBC, the New York Times. It is no longer just being discussed by CISOs and security professionals, but politicians, school...

7.3AI score
Exploits0
Securelist
Securelist
added 2021/11/10 10:0 a.m.18 views

Streaming wars continue — what about cyberthreats?

Last year became a banner year for the online entertainment industry. Driven by the pandemic lockdown restrictions and imposed work-from-home policies, people got to spend more time at home looking for replacements for familiar sources of entertainment. While theatres and sports stadiums suffered...

7AI score
Exploits0
Securelist
Securelist
added 2020/08/26 10:0 a.m.18 views

Transparent Tribe: Evolution analysis, part 2

Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian...

7.3AI score
Exploits0
Securelist
Securelist
added 2017/09/28 12:0 p.m.18 views

Threat Landscape for Industrial Automation Systems in H1 2017

Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team Kaspersky Lab ICS CERT publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017. All statistical data used in this report was collected using the Kaspersk...

6.8AI score
Exploits0
Securelist
Securelist
added 2026/05/20 9:2 a.m.17 views

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102, an ExifToo...

8.8CVSS7.2AI score0.03411EPSS
Exploits2
Securelist
Securelist
added 2026/05/18 12:0 p.m.17 views

IT threat evolution in Q1 2026. Mobile statistics

IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except...

5.8AI score
Exploits0
Securelist
Securelist
added 2025/03/12 8:0 a.m.17 views

Incident response analyst report 2024

Kaspersky provides rapid and fully informed incident response services to organizations, ensuring impact analysis and effective remediation. Our annual report shares anonymized data about the investigations carried out by the Kaspersky Global Emergency Response Team GERT, as well as statistics an...

9.8CVSS7.5AI score0.97591EPSS
Exploits4
Securelist
Securelist
added 2024/12/02 10:0 a.m.17 views

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as "Запрос цены и предложения от Индивидуального...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/06/03 10:0 a.m.17 views

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/03/28 1:0 p.m.17 views

DinodasRAT Linux implant targeting entities worldwide

DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a targets computer. A Windows version of this RAT was used in attacks against government entities in...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/01/25 10:0 a.m.17 views

Privacy predictions for 2024

In our previous privacy predictions piece, we outlined trends for 2023. As expected, there was a notable increase in the adoption of digital IDs to replace paper documents. For example, California expanded a pilot program for digital drivers licenses, and Russia introduced laws enabling...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/01/18 8:0 a.m.17 views

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Kaspersky detects an average of 400,000 malicious files every day. These add up to 144 million annually. The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. The media routinely report incidents and leaks of...

Exploits0
Securelist
Securelist
added 2022/11/22 8:0 a.m.17 views

Policy trends: where are we today on regulation in cyberspace?

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This year so far has been very challenging: increased tensions in international relations have had a huge impact on both cyberspa...

0.4AI score
Exploits0
Securelist
Securelist
added 2022/09/19 2:0 p.m.17 views

External attack surface and ongoing cybercriminal activity in APAC region

To prevent a cyberattack, it is vital to know what the attack surface for your organization is. To be prepared to repel the attacks of cybercriminals, businesses around the world collect threat intelligence themselves or subscribe for threat intelligence services. Continuous threat research enabl...

2.2AI score
Exploits0
Securelist
Securelist
added 2022/05/26 11:0 a.m.17 views

Managed detection and response in 2021

Kaspersky Managed Detection and Response MDR helps organizations to complement existing detection capabilities or to expand limited in-house resources to protect their infrastructure from the growing number and complexity of threats in real time. We collect telemetry from clients networks and...

2.6AI score
Exploits0
Securelist
Securelist
added 2022/05/25 3:57 p.m.17 views

The Verizon 2022 DBIR

The Verizon 2022 Data Breach Investigations Report is out. We are proud to collaborate as a supporting contributor to this years data efforts once again and to have contributed for the past 8 years. The report provides interesting analysis of a full amount of global incident data. Several things...

0.6AI score
Exploits0
Securelist
Securelist
added 2022/03/14 10:0 a.m.17 views

Webinar on cyberattacks in Ukraine – summary and Q&A

About the webinar On March 10, 2022 Kasperskys Global Research and Analysis Team GReAT shared their insights into the current and past cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide the Indicators of Compromise IoCs that can help...

0.4AI score
Exploits0
Securelist
Securelist
added 2021/12/16 10:0 a.m.17 views

PseudoManuscrypt: a mass-scale spyware attack campaign

In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT groups arsenal. In 2020, the group used Manuscrypt in attacks on defense enterprises in different countries. These attacks are described in th...

2.4AI score
Exploits0
Securelist
Securelist
added 2018/06/04 11:11 a.m.17 views

FIFA public Wi-Fi guide: which host cities have the most secure networks?

We all know how easy it is for users to connect to open Wi-Fi networks in public places. Well, it is equally straightforward for criminals to position themselves near poorly protected access points – where they can intercept network traffic and compromise user data. A lack of essential traffic...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/05/03 10:0 a.m.17 views

Who’s who in the Zoo

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/02/14 10:0 a.m.17 views

Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World

Introduction Of all the forms of attack against financial institutions around the world, the one that brings traditional crime and cybercrime together the most is the malicious ecosystem that exists around ATM malware. Criminals from different backgrounds work together with a single goal in mind:...

7.5AI score
Exploits0
Securelist
Securelist
added 2026/05/18 12:0 p.m.16 views

IT threat evolution in Q1 2026. Non-mobile statistics

IT threat evolution in Q1 2026. Non-mobile statistics IT threat evolution in Q1 2026. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

10CVSS6.5AI score0.27551EPSS
Exploits4
Securelist
Securelist
added 2026/04/15 12:30 p.m.16 views

Threat landscape for industrial automation systems in Q4 2025

Statistics across all threats The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4 2025, it was 19.7%. Over the past three years, the percentage has decreased by 1.36 times, and by 1.25 times since Q4 2023. Percentage of IC...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/02/17 9:0 a.m.16 views

Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. The malware was deployed to the system partitions and hooked into Zygote – the parent process for all Android apps – to infect...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/12/25 10:0 a.m.16 views

Threat landscape for industrial automation systems in Q3 2025

Statistics across all threats In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4 pp to 20.1%. This is the lowest level for the observed period. Percentage of ICS computers on which malicious objects were blocked, Q3 2022–...

9.3CVSS6.3AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2025/12/23 8:0 a.m.16 views

From cheats to exploits: Webrat spreading via GitHub

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net:...

9.8CVSS9.3AI score0.51507EPSS
Exploits7
Total number of security vulnerabilities1025