Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2022/08/09 10:0 a.m.65 views

Andariel deploys DTrack and Maui ransomware

On July 7, 2022, the CISA published an alert, entitled, "North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target the Healthcare and Public Health Sector," related to a Stairwell report, "Maui Ransomware." Later, the Department of Justice announced that they had effectively clawed...

5CVSS1.4AI score0.99993EPSS
Exploits45
Securelist
Securelist
added 2022/08/08 8:0 a.m.899 views

Targeted attack on industrial enterprises and public institutions

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several countries. In the course of our research, we were able to identify over a dozen of attacked organizations. The attack targeted industrial...

9.3CVSS8.7AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2022/08/03 8:0 a.m.36 views

DDoS attacks in Q2 2022

News overview Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. ALtahrea Team, a group targeting NATO and its partners, attacked public transportation websites in Israel and the United Kingdom. Israel s...

0.4AI score
Exploits0
Securelist
Securelist
added 2022/07/28 12:0 p.m.29 views

LofyLife: malicious npm packages steal Discord tokens and bank card data

On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager npm repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/07/28 10:0 a.m.48 views

APT trends report Q2 2022

For five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/07/25 10:0 a.m.33 views

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Introduction Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely cras...

0.8AI score
Exploits0
Securelist
Securelist
added 2022/07/20 8:0 a.m.30 views

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at what we covered last month, we will see that ransomware surprise, surprise! definitely stands out. In this blog post, we provide several excerpts from last months reports...

Exploits0
Securelist
Securelist
added 2022/07/11 8:0 a.m.30 views

Text-based fraud: from 419 scams to vishing

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But there is a specific class of attacks that is technically stuck somewhere in the late 90s/early 00s, in the era of CRT monitors and sluggish internet: we are...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/07/06 10:0 a.m.28 views

Dynamic analysis of firmware components in IoT devices

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object ...

6.7AI score
Exploits0
Securelist
Securelist
added 2022/06/30 8:0 a.m.67 views

The SessionManager IIS backdoor

Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didnt come back empty-handed… In 2021, we noticed a trend among several threat actors for deploying a backdoo...

0.7AI score
Exploits0
Securelist
Securelist
added 2022/06/23 10:0 a.m.19 views

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group,...

0.2AI score
Exploits0
Securelist
Securelist
added 2022/06/21 10:0 a.m.73 views

APT ToddyCat

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/06/20 10:0 a.m.22 views

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Introduction When reports of a cyberattack appear in the headlines, questions abound regarding who launched it and why. Even if an attacker has what are to it perfectly rational reasons for conducting such an attack, these reasons are often known only to them. The rest of the world, including the...

Exploits0
Securelist
Securelist
added 2022/06/15 10:0 a.m.28 views

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion using ransomware and carding. However, there is demand on the dark web not only for data obtained through an...

Exploits0
Securelist
Securelist
added 2022/06/08 10:0 a.m.22 views

Router security in 2021

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Routers are forever being hacked and infected, and used to infiltrate local networks. Keeping this gate locked so that no one can stroll right through is no easy task. It is not always clear...

0.2AI score
Exploits0
Securelist
Securelist
added 2022/06/06 8:0 a.m.1633 views

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

At the end of May, researchers from the naosec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool MSDT that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the...

9.3CVSS7.9AI score0.99933EPSS
Exploits118
Securelist
Securelist
added 2022/06/02 10:0 a.m.29 views

WinDealer dealing on the side

Introduction LuoYu is a lesser-known threat actor that has been active since 2008. It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and...

0.2AI score
Exploits0
Securelist
Securelist
added 2022/05/27 8:0 a.m.30 views

IT threat evolution in Q1 2022. Mobile statistics

IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7.4AI score
Exploits0
Securelist
Securelist
added 2022/05/27 8:0 a.m.26 views

IT threat evolution Q1 2022

IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics Targeted attacks MoonBounce: the dark side of UEFI firmware Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware...

6.8AI score
Exploits0
Securelist
Securelist
added 2022/05/27 8:0 a.m.670 views

IT threat evolution in Q1 2022. Non-mobile statistics

IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

9.3CVSS1AI score0.99945EPSS
Exploits350
Securelist
Securelist
added 2022/05/26 11:0 a.m.17 views

Managed detection and response in 2021

Kaspersky Managed Detection and Response MDR helps organizations to complement existing detection capabilities or to expand limited in-house resources to protect their infrastructure from the growing number and complexity of threats in real time. We collect telemetry from clients networks and...

2.6AI score
Exploits0
Securelist
Securelist
added 2022/05/25 3:57 p.m.17 views

The Verizon 2022 DBIR

The Verizon 2022 Data Breach Investigations Report is out. We are proud to collaborate as a supporting contributor to this years data efforts once again and to have contributed for the past 8 years. The report provides interesting analysis of a full amount of global incident data. Several things...

0.6AI score
Exploits0
Securelist
Securelist
added 2022/05/25 10:0 a.m.27 views

What’s wrong with automotive mobile apps?

Introduction The recent story about the 19-year-old hacker who took control of several dozen Tesla cars has become something of a sensation. We already know that there was an issue with a third-party app that enabled access to data from Teslas. This made it possible for the security researcher to...

0.9AI score
Exploits0
Securelist
Securelist
added 2022/05/23 10:0 a.m.26 views

ISaPWN – research on the security of ISaGRAF Runtime

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team RA PSIRT of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment. According to public sources of information, ISaGRAF Runtime is used as an automation framework in multiple...

2.2AI score
Exploits0
Securelist
Securelist
added 2022/05/17 2:0 p.m.29 views

Evaluation of cyber activities and the threat landscape in Ukraine

Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in the cyber domain did not match their predictions1. Since the beginning of the fighting, new cyberattacks taking place in Ukraine have been identified every week, whic...

7AI score
Exploits0
Securelist
Securelist
added 2022/05/16 8:0 a.m.21 views

HTML attachments in phishing e-mails

The use of embedded HTML documents in phishing e-mails is a standard technique employed by cybercriminals. It does away with the need to put links in the e-mail body, which antispam engines and e-mail antiviruses usually detect with ease. HTML offers more possibilities than e-mail for camouflagin...

7AI score
Exploits0
Securelist
Securelist
added 2022/05/11 12:0 p.m.51 views

New ransomware trends in 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop...

7.3AI score
Exploits0
Securelist
Securelist
added 2022/05/06 10:0 a.m.38 views

Mobile subscription Trojans and their little tricks

Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a users name and scammers take a cut from the money billed...

0.4AI score
Exploits0
Securelist
Securelist
added 2022/05/04 10:0 a.m.41 views

A new secret stash for “fileless” malware

In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time "in the wild" during the malicious campaign. It allows the "fileless" last stage Trojan to be hidden from plain sight in the file system. Such attention to the event logs in the campaign...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/04/27 10:0 a.m.3100 views

APT trends report Q1 2022

For five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and...

9.3CVSS8.1AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2022/04/25 10:0 a.m.21 views

DDoS attacks in Q1 2022

News overview The DDoS landscape in Q1 2022 was shaped by the ongoing conflict between Russia and Ukraine: a significant part of all DDoS-related news concerned these countries. In mid-January, the website of Kyiv Mayor Vitali Klitschko was hit by a DDoS attack, and the websites of a number of...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/04/18 10:0 a.m.25 views

How to recover files encrypted by Yanluowang

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this...

0.9AI score
Exploits0
Securelist
Securelist
added 2022/04/13 10:0 a.m.117 views

Emotet modules and recent attacks

Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations, started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of...

0.8AI score
Exploits0
Securelist
Securelist
added 2022/04/12 9:0 a.m.45 views

The State of Stalkerware in 2021

The state of stalkerware in 2021 PDF Main findings of 2021 Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this...

1.1AI score
Exploits0
Securelist
Securelist
added 2022/04/07 10:0 a.m.36 views

A Bad Luck BlackCat

In early December 2021, a new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, a new generation Ransomware-as-a-Service RaaS group. Shortly afterwards, they dialed up their activity, infecting numerous corporate victims around t...

0.2AI score
Exploits0
Securelist
Securelist
added 2022/04/04 3:30 p.m.594 views

Spring4Shell (CVE-2022-22965): details and mitigations

Last week researchers found the critical vulnerability CVE-2022-22965 in Spring – the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring frameworks popularity. By analog...

9.3CVSS0.7AI score0.99999EPSS
Exploits480
Securelist
Securelist
added 2022/03/31 12:0 p.m.45 views

Lazarus Trojanized DeFi app for delivering malware

For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token NFT and decentralized finance DeFi businesses continues to swell, the Lazarus...

7.4AI score
Exploits0
Securelist
Securelist
added 2022/03/24 10:0 a.m.12 views

Phishing-kit market: what’s inside “off-the-shelf” phishing packages

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Attackers tend to copy design elements from the real website, which is why users can find it hard to distinguish the fake pages from the official ones. Even...

7.1AI score
Exploits0
Securelist
Securelist
added 2022/03/14 2:11 p.m.206 views

CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel

Last week, security researcher Max Kellermann discovered a high severity vulnerability in the Linux kernel, which was assigned the designation CVE-2022-0847. It affects the Linux kernels from 5.8 through any version before 5.16.11, 5.15.25 and 5.10.102, and can be used for local privilege...

7.2CVSS0.4AI score0.89063EPSS
Exploits100
Securelist
Securelist
added 2022/03/14 10:0 a.m.17 views

Webinar on cyberattacks in Ukraine – summary and Q&A

About the webinar On March 10, 2022 Kasperskys Global Research and Analysis Team GReAT shared their insights into the current and past cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide the Indicators of Compromise IoCs that can help...

0.4AI score
Exploits0
Securelist
Securelist
added 2022/03/03 10:0 a.m.27 views

Threat landscape for industrial automation systems, H2 2021

2021 is the second year we have spent living and working in the pandemic. By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable,...

1AI score
Exploits0
Securelist
Securelist
added 2022/03/01 1:30 p.m.13 views

Elections GoRansom – a smoke screen for the HermeticWiper attack

Executive summary On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security...

6.9AI score
Exploits0
Securelist
Securelist
added 2022/02/23 10:0 a.m.40 views

Financial cyberthreats in 2021

The year 2021 was eventful in terms of digital threats for organizations and individuals, and financial institutions were no exception. Throughout the past year, we have seen cybercriminals continue to actively target our users with tools and techniques that emerged due to the pandemic...

0.6AI score
Exploits0
Securelist
Securelist
added 2022/02/21 2:0 p.m.51 views

Mobile malware evolution 2021

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2021, Kaspersky mobile products and technologies detected: 3,464,756 malicious installation packages 97,661 new mobile banking Trojans...

7.3AI score
Exploits0
Securelist
Securelist
added 2022/02/10 10:0 a.m.370 views

DDoS attacks in Q4 2021

News roundup Q4 2021 saw the appearance of several new DDoS botnets. A zombie network, named Abcbot by researchers, first hit the radar in July, but at the time it was little more than a simple scanner attacking Linux systems by brute-forcing weak passwords and exploiting known vulnerabilities. I...

10CVSS10AI score0.99999EPSS
Exploits406
Securelist
Securelist
added 2022/02/09 10:0 a.m.2579 views

Spam and phishing in 2021

Figures of the year In 2021: 45.56% of e-mails were spam 24.77% of spam was sent from Russia with another 14.12% from Germany Our Mail Anti-Virus blocked 148 173 261 malicious attachments sent in e-mails The most common malware family found in attachments were Agensla Trojans Our Anti-Phishing...

9.3CVSS0.99945EPSS
Exploits36
Securelist
Securelist
added 2022/02/07 10:0 a.m.13 views

Roaming Mantis reaches Europe

Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones Roaming Mantis dabbles i...

7.3AI score
Exploits0
Securelist
Securelist
added 2022/02/01 10:0 a.m.33 views

Telehealth: a new frontier in medicine—and security

Telehealth today doesnt just involve chatting with a doctor via a video-conferencing application. Its become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/01/20 10:0 a.m.52 views

MoonBounce: the dark side of UEFI firmware

What happened? At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmwares image...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/01/19 10:0 a.m.55 views

Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks

Main facts Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Operators of these campaigns hunt for corporate credentials, aiming to commit financial fraud or to sell them to other malicious actors. Spearphishing emails with malicious attachments sent...

7.1AI score
Exploits0
Total number of security vulnerabilities1025