Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2022/01/13 9:0 a.m.1214 views

The BlueNoroff cryptocurrency hunt is still on

BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladeshs Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larg...

9.3CVSS8.3AI score0.99933EPSS
Exploits29
Securelist
Securelist
added 2021/12/22 10:0 a.m.20 views

Choosing Christmas gifts for kids: Squid Game and Huggy Wuggy are trending

As the holidays approach, many of us are trying to figure out what to buy our family and friends. We especially want to make this time of year festive for kids. If you want to delight children, you need to know what theyre interested in: what LEGO set theyre dreaming about, what superheroes theyd...

6.5AI score
Exploits0
Securelist
Securelist
added 2021/12/20 3:45 p.m.98 views

Answering Log4Shell-related questions

Important notice On December 18th, Log4j version 2.17.0 was released to address open vulnerabilities. It is highly recommended to update your systems as soon as possible. History of the Log4j library vulnerabilities CVE-2021-44228 initial vulnerability – partially fixed in 2.15.0 CVE-2021-45046...

9.3CVSS10AI score0.99999EPSS
Exploits356
Securelist
Securelist
added 2021/12/20 10:0 a.m.22 views

How and why do we attack our own Anti-Spam?

We often use machine-learning ML technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to attacks that aim to "fool" them into delivering erroneous results. This can lead to significant damage to both our company and our clients. Therefore, i...

0.1AI score
Exploits0
Securelist
Securelist
added 2021/12/16 10:0 a.m.17 views

PseudoManuscrypt: a mass-scale spyware attack campaign

In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT groups arsenal. In 2020, the group used Manuscrypt in attacks on defense enterprises in different countries. These attacks are described in th...

2.4AI score
Exploits0
Securelist
Securelist
added 2021/12/15 10:0 a.m.377 views

Kaspersky Managed Detection and Response: interesting cases

Kaspersky Managed Detection and Response MDR provides advanced protection against the growing number of threats that bypass automatic security barriers. Its capabilities are backed by a high-professional team of security analysts operating all over the world. Each suspicious security event is...

9.3CVSS0.5AI score0.99759EPSS
Exploits75
Securelist
Securelist
added 2021/12/15 10:0 a.m.24 views

Kaspersky Security Bulletin 2021. Statistics

All statistics in this report are from the global cloud service Kaspersky Security Network KSN, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...

2.1AI score
Exploits0
Securelist
Securelist
added 2021/12/14 10:0 a.m.428 views

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020. Analyzing the code, we determined that the previously unknown binary is an IIS module, aimed at stealing...

9CVSS0.9AI score0.99965EPSS
Exploits30
Securelist
Securelist
added 2021/12/13 2:10 p.m.1394 views

CVE-2021-44228 vulnerability in Apache Log4j library

Updated 2021-12-20 CVE-2021-44228 and CVE-2021-45046 summary A couple of weeks ago information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library CVSS severity level 10 out of 10. The threat, also named Log4Shell or LogJam, is a Remote...

9.3CVSS10AI score0.99999EPSS
Exploits354
Securelist
Securelist
added 2021/12/09 10:0 a.m.21 views

The life cycle of phishing pages

Introduction In this study, we analyzed how long phishing pages survive as well as the signs they show when they become inactive. In addition to the general data, we provided a number of options for classifying phishing pages according to formal criteria and analyzed the results for each of them...

6.7AI score
Exploits0
Securelist
Securelist
added 2021/12/07 10:0 a.m.18 views

The story of the year: ransomware in the headlines

In the past twelve months, the word "ransomware" has popped up in countless headlines worldwide across both print and digital publications: The Wall Street Journal, the BBC, the New York Times. It is no longer just being discussed by CISOs and security professionals, but politicians, school...

7.3AI score
Exploits0
Securelist
Securelist
added 2021/11/30 10:0 a.m.208 views

APT annual review 2021

In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters; you can find our quarterly overviews here, here and here. For this annual review, we have tried to focus on what we consider to be the most...

9.3CVSS8.8AI score0.81107EPSS
Exploits37
Securelist
Securelist
added 2021/11/29 10:0 a.m.24 views

ScarCruft surveilling North Korean defectors and human rights activists

The ScarCruft group also known as APT37 or Temp.Reaper is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others...

7.7AI score
Exploits0
Securelist
Securelist
added 2021/11/29 8:0 a.m.39 views

WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

Overview This February, during our hunting efforts for threat actors using VBS/VBA implants, we came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with functionality to collect system information and...

7.4AI score
Exploits0
Securelist
Securelist
added 2021/11/26 12:0 p.m.26 views

IT threat evolution in Q3 2021. Mobile statistics

IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersk...

6.9AI score
Exploits0
Securelist
Securelist
added 2021/11/26 12:0 p.m.236 views

IT threat evolution Q3 2021

IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this...

9.3CVSS8.7AI score0.99759EPSS
Exploits112
Securelist
Securelist
added 2021/11/26 12:0 p.m.197 views

IT threat evolution in Q3 2021. PC statistics

IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to...

10CVSS8.9AI score0.99999EPSS
Exploits240
Securelist
Securelist
added 2021/11/23 10:0 a.m.29 views

Threats to ICS and industrial enterprises in 2022

Continuing trends In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming yea...

7.3AI score
Exploits0
Securelist
Securelist
added 2021/11/23 10:0 a.m.21 views

The dangers of “connected” healthcare: predictions for 2022

For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic. Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in...

6.6AI score
Exploits0
Securelist
Securelist
added 2021/11/23 10:0 a.m.21 views

Privacy predictions 2022

We no longer rely on the Internet just for entertainment or chatting with friends. Global connectivity underpins the most basic functions of our society, such as logistics, government services and banking. Consumers connect to businesses via instant messengers and order food delivery instead of...

6.9AI score
Exploits0
Securelist
Securelist
added 2021/11/23 10:0 a.m.252 views

Cyberthreats to financial organizations in 2022

First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. Then we will go through the key events of 2021 relating to attacks on financial organizations. Finally, we will make some forecasts about financial attacks in 2022. Analysis of forecasts...

10CVSS10.5AI score0.99999EPSS
Exploits31
Securelist
Securelist
added 2021/11/22 10:0 a.m.15 views

Black Friday 2021: How to Have a Scam-Free Shopping Day

Fact 1: cybercriminals love to exploit big holidays for personal gain. Case in point: were already seeing scams targeting World Cup fans more than a year out from the event. Fact 2: the retail sector, particularly e-commerce, has always been popular with cybercriminals. In Q3 2021, online stores...

6.9AI score
Exploits0
Securelist
Securelist
added 2021/11/17 10:0 a.m.27 views

Advanced threat predictions for 2022

Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. Based on the collective knowledge and insights of our experts, w...

7.5AI score
Exploits0
Securelist
Securelist
added 2021/11/10 10:0 a.m.18 views

Streaming wars continue — what about cyberthreats?

Last year became a banner year for the online entertainment industry. Driven by the pandemic lockdown restrictions and imposed work-from-home policies, people got to spend more time at home looking for replacements for familiar sources of entertainment. While theatres and sports stadiums suffered...

7AI score
Exploits0
Securelist
Securelist
added 2021/11/08 10:0 a.m.26 views

DDoS attacks in Q3 2021

News overview Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victims IP address over TCP. To date,...

7.1AI score
Exploits0
Securelist
Securelist
added 2021/11/01 12:0 p.m.535 views

Spam and phishing in Q3 2021

Quarterly highlights Scamming championship: sports-related fraud This summer and early fall saw some major international sporting events. The delayed Euro 2020 soccer tournament was held in June and July, followed by the equally delayed Tokyo Olympics in August. Q3 2021 also featured several F1...

9.3CVSS0.1AI score0.99945EPSS
Exploits36
Securelist
Securelist
added 2021/10/28 2:20 p.m.15 views

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...

6.7AI score
Exploits0
Securelist
Securelist
added 2021/10/27 11:0 a.m.14 views

Extracting type information from Go binaries

During the 2021 edition of the SAS conference, I had the pleasure of delivering a workshop focused on reverse-engineering Go binaries. The goal of the workshop was to share basic knowledge that would allow analysts to immediately start looking into malware written in Go. A YouTube version of the...

7.1AI score
Exploits0
Securelist
Securelist
added 2021/10/26 10:0 a.m.121 views

APT trends report Q3 2021

For more than four years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

10CVSS0.6AI score0.99999EPSS
Exploits60
Securelist
Securelist
added 2021/10/20 12:0 p.m.90 views

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime worlds modus operandi. This report shares our insights into the Russian-speaking cybercrime worl...

0.4AI score
Exploits0
Securelist
Securelist
added 2021/10/19 10:0 a.m.38 views

Trickbot module descriptions

Trickbot aka TrickLoader or Trickster, is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially th...

7AI score
Exploits0
Securelist
Securelist
added 2021/10/18 11:0 a.m.13 views

Lyceum group reborn

This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group also known as Hexane, which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new...

7.2AI score
Exploits0
Securelist
Securelist
added 2021/10/12 5:7 p.m.1003 views

MysterySnail attacks with Windows zero-day

Executive Summary In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309,...

7.2CVSS8.2AI score0.73381EPSS
Exploits17
Securelist
Securelist
added 2021/10/12 4:0 p.m.20 views

SAS 2021: Learning to ChaCha with APT41

Straight from the sunny UK to the stage of SAS-at-Home 2021, John Southworth PwC will be giving some insights about the threat actor APT41, also known as Red Kelpie and Winnti. Starting with APT10 Red Apollo, the presentation will dance you through the malware used by APT41 – the Motnug loader an...

0.7AI score
Exploits0
Securelist
Securelist
added 2021/10/12 1:0 p.m.16 views

SAS 2021: Fireside chat with Chris Bing

How to build up a fascinating story from a hardcore APT report? Where to find details and how to work with information sources? Sitting by the virtual fireside, Brian Bartholomew Kaspersky GReAT and Christopher Bing Reuters will discuss how malware researchers and investigative journalists can he...

0.9AI score
Exploits0
Securelist
Securelist
added 2021/10/12 9:0 a.m.30 views

SAS 2021: Operation Software Concepts

During the Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security Japan will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack...

1.2AI score
Exploits0
Securelist
Securelist
added 2021/10/07 10:0 a.m.106 views

Ransomware in the CIS

Introduction These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. In 2020–2021, with the outbreak of the pandemic and the emergence of several major cybercriminal groups Maze, REvil, Conti, DarkSide, Avaddon, an entire criminal ecosystem took...

7.2AI score
Exploits0
Securelist
Securelist
added 2021/09/30 10:0 a.m.48 views

GhostEmperor: From ProxyLogon to kernel mode

Download GhostEmperors technical details PDF While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode...

1.3AI score
Exploits0
Securelist
Securelist
added 2021/09/29 2:45 p.m.22 views

DarkHalo after SolarWinds: the Tomiris connection

Background In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile natur...

7AI score
Exploits0
Securelist
Securelist
added 2021/09/28 2:45 p.m.106 views

FinSpy: unseen findings

FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011. Historically, its Windows implant was distributed through a single-stage installer. This version was detected and researched several times up to...

6.9AI score
Exploits0
Securelist
Securelist
added 2021/09/27 10:0 a.m.31 views

BloodyStealer and gaming assets for sale

Earlier this year, we covered the threats related to gaming, and looked at the changes from 2020 and the first half of 2021 in mobile and PC games as well as various phishing schemes that capitalize on video games. Many of the threats faced by gamers are associated with loss of personal data, and...

6.9AI score
Exploits0
Securelist
Securelist
added 2021/09/23 8:0 a.m.19 views

Wake me up till SAS summit ends

What do cyberthreats, Kubernetes and donuts have in common – except that all three end in "ts", that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021. To be more specific, there will be a workshop titled, "Prevent & Detect...

6.8AI score
Exploits0
Securelist
Securelist
added 2021/09/21 11:0 a.m.22 views

Detection evasion in CLR and tips on how to detect such attacks

In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks and ethical offensive exercises use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called...

7.9AI score
Exploits0
Securelist
Securelist
added 2021/09/16 3:30 p.m.978 views

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

Summary Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers...

6.8CVSS0.4AI score0.96843EPSS
Exploits38
Securelist
Securelist
added 2021/09/16 10:0 a.m.23 views

Summer 2021: Friday Night Funkin’, Måneskin and pop it

This summer, several events that were postponed from 2020 due to the pandemic took place. Some of them interested children, while others barely registered by them. It is worth noting that childrens hobbies typically do not change from winter to summer — the only difference is that they devote mor...

6.6AI score
Exploits0
Securelist
Securelist
added 2021/09/13 11:0 a.m.25 views

Incident response analyst report 2020

Download full report PDF The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need: incident response, digital forensics and malware analysis. Data in the...

1.4AI score
Exploits0
Securelist
Securelist
added 2021/09/09 10:0 a.m.29 views

Threat landscape for industrial automation systems in H1 2021

The H1 2021 ICS threat report at a glance Percentage of ICS computers attacked 1. During the first half of 2021 H1 2021, the percentage of attacked ICS computers was 8%, which was 0.4 percentage points p.p. higher than that for H2 2020. Percentage of ICS computers on which malicious objects were...

2AI score
Exploits0
Securelist
Securelist
added 2021/09/03 10:0 a.m.26 views

Applied YARA training Q&A

Introduction On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. If you didnt have the chance to watch the webinar live, you can see it as a recording on Brighttalk: Applied YARA training. During the webina...

7.2AI score
Exploits0
Securelist
Securelist
added 2021/09/02 10:0 a.m.27 views

QakBot technical analysis

Main description QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans...

Exploits0
Securelist
Securelist
added 2021/08/24 10:0 a.m.34 views

Triada Trojan in WhatsApp mod

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...

7.2AI score
Exploits0
Total number of security vulnerabilities1025