Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2023/12/01 10:0 a.m.65 views

IT threat evolution in Q3 2023. Non-mobile statistics

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

9.3CVSS9.3AI score0.99999EPSS
Exploits527
Securelist
Securelist
added 2022/08/09 10:0 a.m.65 views

Andariel deploys DTrack and Maui ransomware

On July 7, 2022, the CISA published an alert, entitled, "North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target the Healthcare and Public Health Sector," related to a Stairwell report, "Maui Ransomware." Later, the Department of Justice announced that they had effectively clawed...

5CVSS1.4AI score0.99993EPSS
Exploits45
Securelist
Securelist
added 2018/07/24 9:0 a.m.65 views

DDoS attacks in Q2 2018

News overview Q2 2018 news includes: non-standard use of old vulnerabilities, new botnets, the cutthroat world of cryptocurrencies, a high-profile DDoS attack or not with a political subtext, the slashdot effect, some half-baked attempts at activism, and a handful arrests. But first things first...

0.6AI score
Exploits0
Securelist
Securelist
added 2018/04/19 10:0 a.m.65 views

Tens of thousands per Gram

Looking at Instagram one morning, I spotted several posts from some fairly well-known people in certain circles who had invested in an ICO held by Telegram. Interesting, I thought to myself. I fancy a piece of that. Only I was pretty sure that if Telegram was indeed holding an ICO, it would be a...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/01/17 10:0 a.m.64 views

Mercedes-Benz Head Unit security research report

Introduction This report covers the research of the Mercedes-Benz Head Unit, which was made by our team. Mercedes-Benz's latest Head Unit infotainment system is called Mercedes-Benz User Experience MBUX. We performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab...

7.8CVSS8.4AI score0.94921EPSS
Exploits152
Securelist
Securelist
added 2024/12/06 10:0 a.m.64 views

Exploits and vulnerabilities in Q3 2024

Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log...

10CVSS8.8AI score0.99945EPSS
Exploits333
Securelist
Securelist
added 2018/02/07 10:0 a.m.64 views

Gas is too expensive? Let’s make it cheap!

A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life ga...

10.4AI score0.07235EPSS
Exploits1
Securelist
Securelist
added 2020/04/06 7:0 a.m.63 views

YARA webinar follow up

If you read my previous blogpost Hunting APTs with YARA then you probably know about the webinar we conducted on March 31, 2020, showcasing some of our experience in developing and using YARA rules for malware hunting. In case you missed the webinar - or if you attended and want to re-watch it -...

9.3CVSS8.6AI score0.69709EPSS
Exploits1
Securelist
Securelist
added 2020/02/13 10:15 a.m.63 views

DDoS attacks in Q4 2019

News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service ARMS, part of the Apple Remote Desktop ARD...

7AI score
Exploits0
Securelist
Securelist
added 2020/02/10 2:0 p.m.63 views

KBOT: sometimes they come back

Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code...

7.4AI score
Exploits0
Securelist
Securelist
added 2018/05/24 6:0 p.m.63 views

VPNFilter EXIF to C2 mechanism analysed

On May 23 2018, our colleagues from Cisco Talos published their excellent analysis of VPNFilter, an IoT / router malware which exhibits some worrying characteristics. Some of the things which stand out about VPNFilter are: It has a redundant, multi-stage command and control mechanism which uses...

0.4AI score
Exploits0
Securelist
Securelist
added 2025/02/24 9:26 a.m.62 views

The GitVenom campaign: cryptocurrency theft using GitHub

In our modern world, it's difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. Very...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/12/21 10:0 a.m.62 views

Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)

This is part four of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this table of...

4.6CVSS7.6AI score0.48973EPSS
Exploits14
Securelist
Securelist
added 2020/04/23 10:0 a.m.62 views

A look at the ATM/PoS malware landscape from 2017-2019

From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape loo...

0.9AI score
Exploits0
Securelist
Securelist
added 2024/03/12 10:0 a.m.61 views

Top 10 web application vulnerabilities in 2021–2023

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project OWASP online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilitie...

8.2AI score
Exploits0
Securelist
Securelist
added 2023/12/21 10:0 a.m.61 views

Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

This is part five of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this table of...

4.6CVSS8AI score0.48973EPSS
Exploits12
Securelist
Securelist
added 2023/04/11 5:36 p.m.61 views

Nokoyawa ransomware attacks with Windows zero-day

Updated April 20, 2023 In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These...

4.6CVSS9.1AI score0.48973EPSS
Exploits14
Securelist
Securelist
added 2021/01/28 10:0 a.m.61 views

Privacy predictions for 2021

2020 saw an unprecedented increase in the importance and value of digital services and infrastructure. From the rise of remote working and the global shift in consumer habits to huge profits booked by internet entertainers, we are witnessing how overwhelmingly important the connected infrastructu...

7AI score
Exploits0
Securelist
Securelist
added 2020/11/30 10:0 a.m.61 views

Cyberthreats to financial organizations in 2021

It is hard to believe that a year has gone since our last article on financial attacks and our predictions for 2020. It has been a tough one, but first things first. Let us review the forecasts we made at the end of 2019 and see how accurate we were. Then we will go through the key events of 2020...

0.3AI score
Exploits0
Securelist
Securelist
added 2020/02/18 10:0 a.m.61 views

AZORult spreads as a fake ProtonVPN installer

AZORult has its history. However, a few days ago, we discovered what appears to be one of its most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows. Screenshot of a fake ProtonVPN website The campaign started at the end of November 20...

1.3AI score
Exploits0
Securelist
Securelist
added 2018/04/17 9:15 p.m.61 views

Leaking ads

When we use popular apps with good ratings from official app stores we assume they are safe. This is partially true – usually these apps have been developed with security in mind and have been reviewed by the app store's security team. However, we found that because of third-party SDKs many popul...

0.1AI score
Exploits0
Securelist
Securelist
added 2017/08/15 6:0 p.m.61 views

ShadowPad in corporate networks

ShadowPad, part 2: Technical Details PDF In July 2017, during an investigation, suspicious DNS requests were identified in a partner's network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Furth...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/09/03 11:0 a.m.60 views

A deep dive into the most interesting incident response cases of last year

In 2023, Kasperskys Global Emergency Response Team GERT participated in services around the world that allowed our experts to gain insight into various threats and techniques used by APT groups, common crimeware and, in some cases, internal adversaries. As we highlighted in our annual report, the...

9.1CVSS8.2AI score0.99999EPSS
Exploits63
Securelist
Securelist
added 2024/05/23 12:0 p.m.60 views

ShrinkLocker: Turning BitLocker into ransomware

Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating systems own...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/12/14 1:0 p.m.60 views

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

During an incident response performed by Kasperskys Global Emergency Response Team GERT and GReAT, we uncovered a novel multiplatform threat named "NKAbuse". The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and...

10CVSS7.7AI score0.99999EPSS
Exploits44
Securelist
Securelist
added 2021/07/14 10:0 a.m.60 views

LuminousMoth APT: Sweeping attacks for the chosen few

APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims identities or environment. Its no...

0.5AI score
Exploits0
Securelist
Securelist
added 2019/10/14 9:35 a.m.60 views

A glimpse into the present state of security in robotics

Download full report PDF The world of today continues its progress toward higher digitalization and mobility. From developments in the Internet of Things IoT through augmented reality to Industry 4.0, whichrely on stronger automation and use of robots, all of these bring more efficiency to...

0.9AI score
Exploits0
Securelist
Securelist
added 2018/08/29 10:0 a.m.60 views

BusyGasper – the unfriendly spy

In early 2018 our mobile intruder-detection technology was triggered by a suspicious Android sample that, as it turned out, belonged to an unknown spyware family. Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual...

0.5AI score
Exploits0
Securelist
Securelist
added 2024/09/05 8:0 a.m.59 views

Tropic Trooper spies on government entities in the Middle East

Executive summary Tropic Trooper also known as KeyBoy and Pirate Panda is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has...

9.1CVSS8.4AI score0.99999EPSS
Exploits31
Securelist
Securelist
added 2023/10/12 10:0 a.m.59 views

ToddyCat: Keep calm and check logs

ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools,...

7.5AI score
Exploits0
Securelist
Securelist
added 2020/10/08 10:0 a.m.59 views

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no...

6.8AI score
Exploits0
Securelist
Securelist
added 2020/07/06 10:0 a.m.59 views

Pig in a poke: smartphone adware

Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get ri...

0.3AI score
Exploits0
Securelist
Securelist
added 2019/11/05 10:0 a.m.59 views

DarkUniverse – the mysterious APT framework #27

In April 2017, ShadowBrokers published their well-known 'Lost in Translation' leak, which, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call...

7.1AI score
Exploits0
Securelist
Securelist
added 2018/10/29 10:0 a.m.59 views

Hackers attacking your memories: science fiction or future threat?

Authors: Kaspersky Lab and the Oxford University Functional Neurosurgery Group There is an episode in the dystopian near-future series Black Mirror about an implanted chip that allows users to record and replay everything they see and hear. A recent YouGov survey found that 29% of viewers would b...

1AI score
Exploits0
Securelist
Securelist
added 2018/08/13 12:21 p.m.59 views

KeyPass ransomware

In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. Others in the security community have also noticed that this ransomware began to actively spread in August: Notification from MalwareHunterTeam Distribution model According to our...

6.7AI score
Exploits0
Securelist
Securelist
added 2018/07/19 10:0 a.m.59 views

Online generators… of dashed expectations

Quite recently, we and hence our security solutions started to designate an entire class of sites — gift card generators — as fraudulent, despite their not stealing any money or personal data from visitors. Why? Let's try to unpick these sites and see how they work. How it works Ads for all kinds...

Exploits0
Securelist
Securelist
added 2017/11/06 10:0 a.m.59 views

DDoS attacks in Q3 2017

News Overview In the third quarter of 2017, the trends of the preceding quarters continued to develop further. The number of DDoS attacks in China, the United States, South Korea and Russia increased, which were reflected in the statistics we gathered for botnets. A sharp surge in the number more...

7.1AI score
Exploits0
Securelist
Securelist
added 2017/11/01 11:26 a.m.59 views

Silence – a new Trojan attacking financial organizations

More information about the Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: [email protected] In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected...

7.4AI score
Exploits0
Securelist
Securelist
added 2017/08/24 9:0 a.m.59 views

WAP-billing Trojan-Clickers on rise

During the preparation of the "IT threat evolution Q2 2017" report I found several common Trojans in the "Top 20 mobile malware programs" list that were stealing money from users using WAP-billing - a form of mobile payment that charges costs directly to the user's mobile phone bill so they don't...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/09/12 8:0 a.m.58 views

Free Download Manager backdoored – a possible supply chain attack on Linux machines

UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Over the last few years, Linux machines have become a more and more prominent target for all sorts of threat actors. According to our telemetry, 260,000 unique Linux samples appeared in the first...

7.2AI score
Exploits0
Securelist
Securelist
added 2022/11/14 8:0 a.m.58 views

Advanced threat predictions for 2023

It is fair to say that since last years predictions, the world has dramatically changed. While the geopolitical landscape has durably shifted, cyberattacks remain a constant threat and show no signs of receding – quite the contrary. No matter where they are, people around the world should be...

9.5AI score0.95478EPSS
Exploits7
Securelist
Securelist
added 2021/02/04 10:0 a.m.58 views

How kids coped with COVID-hit winter holidays

Due to the pandemic situation in late 2020, street festivities got canceled worldwide. For many families, get-togethers with grandparents over the Christmas period were also put on hold. As a result, children across the globe sought holiday fun and games from the comfort of home. And thanks to...

6.7AI score
Exploits0
Securelist
Securelist
added 2020/06/03 10:0 a.m.58 views

Kids on the Web in 2020

Technology is what is saving us from a complete change in the way of life in a world of a raging pandemic. It keeps the educational process going, relieves the shortage of human communication and helps us to live life as fully as possible given the isolation and social distancing. Many adults, an...

0.7AI score
Exploits0
Securelist
Securelist
added 2020/03/18 4:16 p.m.58 views

Hunting APTs with YARA

For the past few years, we have been spreading our knowledge and experience of using YARA, often called a pattern matching swiss knife for malware researchers and everyone else. Most of the time, this took the form of the Kaspersky training course titled, "Hunting APTs with YARA Like a GReAT...

9.3CVSS8.8AI score0.69709EPSS
Exploits1
Securelist
Securelist
added 2019/12/03 10:0 a.m.58 views

Cyberthreats to financial institutions 2020: Overview and predictions

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Corporate security prediction 2020 Key events 2019 Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovere...

7.3AI score
Exploits0
Securelist
Securelist
added 2019/10/03 10:0 a.m.58 views

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target's network channel and could replace legitimate installers with infected ones on the fly...

6.8AI score
Exploits0
Securelist
Securelist
added 2017/08/31 11:0 a.m.58 views

Dissecting the Chrome Extension Facebook malware

It's been a few days since Kaspersky Lab's blog post about the Multi Platform Facebook malware that was spread through Facebook Messenger. At the same time as Kaspersky Lab were analyzing this threat, a few researchers where doing the same, including Frans Rosén, Security Advisor at Detectify...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/07/13 7:55 p.m.58 views

No Free Pass for ExPetr

Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won't write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing. Others have pointed out it's plain and simple...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/11/10 8:0 a.m.57 views

Ducktail fashion week

Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. WithSecure and GridinSoft have covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies and brands projects and...

7AI score
Exploits0
Securelist
Securelist
added 2020/05/25 10:0 a.m.57 views

Aggressive in-app advertising in Android

Recently, we've been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we...

7.1AI score
Exploits0
Total number of security vulnerabilities1025