Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2019/10/14 9:35 a.m.60 views

A glimpse into the present state of security in robotics

Download full report PDF The world of today continues its progress toward higher digitalization and mobility. From developments in the Internet of Things IoT through augmented reality to Industry 4.0, whichrely on stronger automation and use of robots, all of these bring more efficiency to...

0.9AI score
Exploits0
Securelist
Securelist
added 2019/10/08 10:0 a.m.114 views

Managed Detection and Response analytics report, H1 2019

Download full report PDF Introduction This report contains the results of the Managed Detection and Response MDR service brand name - Kaspersky Managed Protection. The MDR service provides managed threat hunting and initial incident response. Threat hunting is the practice of iteratively searchin...

7.4AI score
Exploits0
Securelist
Securelist
added 2019/10/03 10:0 a.m.58 views

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target's network channel and could replace legitimate installers with infected ones on the fly...

6.8AI score
Exploits0
Securelist
Securelist
added 2019/10/02 2:0 p.m.86 views

HQWar: the higher it flies, the harder it drops

Mobile dropper Trojans are one of today's most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers' main task is to deliver payload while...

7.3AI score
Exploits0
Securelist
Securelist
added 2019/10/02 10:0 a.m.95 views

The State of Stalkerware in 2019

Introduction and methodology Six months ago, we created a special alert that notifies users about commercial spyware stalkerware products installed on their phones. This report examines the use of stalkerware and the number of users affected by this software in the first eight months of 2019...

6.6AI score
Exploits0
Securelist
Securelist
added 2019/09/25 10:0 a.m.41 views

Ransomware: two pieces of good news

"All your files have been encrypted." How many times has this suddenly popped up on your screen? We hope never, because it's one of the most common indicators that you've lost access to your files. And if there are no publicly available decryptors or you don't have any backup copies, you're in...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/09/23 10:0 a.m.82 views

Hello! My name is Dtrack

Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim's ATMs, where it could read and...

7.5AI score
Exploits0
Securelist
Securelist
added 2019/09/19 6:45 a.m.83 views

Threat landscape for smart buildings

The Kaspersky Industrial Cybersecurity Conference 2019 takes place this week in Sochi, the seventh such conference dedicated to the problems of industrial cybersecurity. Among other things, the conference will address the security of automation systems in buildings — industrial versions of the no...

0.9AI score
Exploits0
Securelist
Securelist
added 2019/09/17 10:0 a.m.122 views

Assessing the impact of protection from web miners

Brief summary: We present the results of evaluating the positive economic and environmental impact of blocking web miners with Kaspersky products. The total power saving can be calculated with known accuracy using the formula w·N, where w is the average value of the increase in power consumption ...

7AI score
Exploits0
Securelist
Securelist
added 2019/09/11 10:0 a.m.107 views

Threats to macOS users

Introduction The belief that there are no threats for the macOS operating system or at least no serious threats has been bandied about for decades. The owners of MacBooks and iMacs are only rivaled by Linux users in terms of the level of confidence in their own security, and we must admit that th...

0.7AI score
Exploits0
Securelist
Securelist
added 2019/09/09 10:0 a.m.98 views

This is what our summer’s like

For the second summer straight, we cover the children's interests during the period when they have enough leisure to give themselves full time to their hobbies. Modern children are active users of the internet, so most of their interests find reflection in their online activities, which are the...

6.8AI score
Exploits0
Securelist
Securelist
added 2019/08/29 2:0 p.m.555 views

Fully equipped Spying Android RAT from Brazil: BRATA

"BRATA" is a new Android remote access tool malware family. We used this code name based on its description - "Brazilian RAT Android". It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. I...

7.5CVSS0.39166EPSS
Exploits0
Securelist
Securelist
added 2019/08/29 10:0 a.m.138 views

Incident Response report 2018

Download full report PDF Introduction This report covers our team's incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers. The report includes statistics ...

1.1AI score
Exploits0
Securelist
Securelist
added 2019/08/28 10:0 a.m.255 views

Spam and phishing in Q2 2019

Quarterly highlights Spam through Google services In the second quarter of 2019, scammers were making active use of cloud-based data storage services such as Google Drive and Google Storage to hide their illegal content. The reasoning behind this is simple: a link from a legitimate domain is seen...

9.3CVSS8.2AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2019/08/27 1:30 p.m.76 views

An advertising dropper in Google Play

Recently, the popular CamScanner – Phone PDF creator app caught our attention. According to Google Play, it has been installed more than 100 million times. The developers position it as a solution for scanning and managing digitized documents, but negative user reviews that have been left over th...

7.1AI score
Exploits0
Securelist
Securelist
added 2019/08/22 10:0 a.m.119 views

Agent 1433: remote attack on Microsoft SQL Server

All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been...

2.3AI score
Exploits0
Securelist
Securelist
added 2019/08/19 10:0 a.m.1061 views

IT threat evolution Q2 2019

Targeted attacks and malware campaigns More about ShadowHammer In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added...

7.2CVSS1.4AI score0.73721EPSS
Exploits20
Securelist
Securelist
added 2019/08/19 10:0 a.m.363 views

IT threat evolution Q2 2019. Statistics

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across t...

10CVSS0.5AI score0.99999EPSS
Exploits244
Securelist
Securelist
added 2019/08/12 10:0 a.m.369 views

Recent Cloud Atlas activity

Also known as Inception, Cloud Atlas is an actor that has a long history of cyber-espionage operations targeting industries and governmental entities. We first reported Cloud Atlas in 2014 and we've been following its activities ever since. From the beginning of 2019 until July, we have been able...

9.3CVSS0.7AI score0.99945EPSS
Exploits36
Securelist
Securelist
added 2019/08/05 10:0 a.m.53 views

DDoS attacks in Q2 2019

News overview The second quarter of 2019 turned out to be richer than the first in terms of high-profile DDoS attacks. True, most of the campaigns that attracted media attention appeared to be politically, rather than commercially, motivated — and that despite the fact that some security experts...

7.1AI score
Exploits0
Securelist
Securelist
added 2019/08/01 10:0 a.m.812 views

APT trends report Q2 2019

For two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in...

10CVSS0.1AI score0.99999EPSS
Exploits206
Securelist
Securelist
added 2019/07/31 3:0 p.m.81 views

Financial threats in H1 2019

Introduction and methodology Financial cyberthreats are malicious programs that attack users of online banking services, electronic money, cryptocurrency and other similar services, as well as threats aimed at gaining access to financial organizations and their infrastructure. Kaspersky experts...

0.5AI score
Exploits0
Securelist
Securelist
added 2019/07/23 10:0 a.m.129 views

How to steal a million (of your data)

Any user data — from passwords for entertainment services to electronic copies of documents — is highly prized by intruders. The reason is simply that almost any information can be monetized. For instance, stolen data can be used to transfer funds to cybercriminal accounts, order goods or service...

0.2AI score
Exploits0
Securelist
Securelist
added 2019/07/22 10:0 a.m.130 views

On the IoT road: perks, benefits and security of moving smartly

Kaspersky has repeatedly investigated security issues related to IoT technologies for instance, here, or here. Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that...

7.1AI score
Exploits0
Securelist
Securelist
added 2019/07/15 10:0 a.m.158 views

Turla renews its arsenal with Topinambour

Turla, also known as Venomous Bear, Waterbug, and Uroboros, is a Russian speaking threat actor known since 2014, but with roots that go back to 2004 and earlier. It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle Eas...

7.9AI score
Exploits0
Securelist
Securelist
added 2019/07/10 10:0 a.m.116 views

New FinSpy iOS and Android implants revealed ITW

Updated: 23.07.2019 After publication of this article, we received a letter from a representative of Gamma Group International Ltd. stating that they disposed of all interests in FinFisher FinSpy in 2013. This article has been corrected in accordance with this new information. According to...

Exploits0
Securelist
Securelist
added 2019/07/04 3:48 p.m.116 views

‘Twas the night before

Recently, the United States Cyber Command USCYBERCOM Malware Alert @CNMFVirusAlert highlighted several VirusTotal uploads of theirs - and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it's important to restate y...

0.1AI score
Exploits0
Securelist
Securelist
added 2019/07/03 10:0 a.m.363 views

Sodin ransomware exploits Windows vulnerability and processor architecture

When Sodin also known as Sodinokibi and REvil appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. In a detailed analysis, we discovered that it also exploits the...

7.2CVSS0.3AI score0.69833EPSS
Exploits9
Securelist
Securelist
added 2019/07/01 9:0 a.m.36 views

How we hacked our colleague’s smart home

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology compa...

8.9AI score
Exploits0
Securelist
Securelist
added 2019/06/27 12:9 p.m.117 views

Criminals, ATMs and a cup of coffee

In spring 2019, we discovered a new ATM malware sample written in Java that was uploaded to a multiscanner service from Mexico and later from Colombia. After a brief analysis, it became clear that the malware, which we call ATMJaDi, can cash out ATMs. However, it doesn't use the standard XFS, JXF...

7.5AI score
Exploits0
Securelist
Securelist
added 2019/06/26 10:0 a.m.206 views

ViceLeaker Operation: mobile espionage targeting Middle East

In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. Kaspersky spyware sensors caught the signal of an attack from the device of one of the victims; and a hash of the APK involved Android application was tagged in our sample feed for...

0.2AI score
Exploits0
Securelist
Securelist
added 2019/06/25 10:0 a.m.128 views

Riltok mobile Trojan: A banker with global reach

Riltok is one of numerous families of mobile banking Trojans with standard for such malware functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European "market." The bulk of its victims more tha...

Exploits0
Securelist
Securelist
added 2019/06/20 10:1 a.m.138 views

Not-so-dear subscribers

Many people have had a run-in with subscriptions to mobile content providers. They appear out of the blue, and get discovered only when account funds run dry. It might seem that the obvious solution is not to visit dubious sites and not to install apps from third-party sources. But, alas, these...

6.9AI score
Exploits0
Securelist
Securelist
added 2019/06/18 10:0 a.m.165 views

Plurox: Modular backdoor

In February this year, a curious backdoor passed across our virtual desk. The analysis showed the malware to have a few quite unpleasant features. It can spread itself over a local network via an exploit, provide access to the attacked network, and install miners and other malicious software on...

7.1AI score
Exploits0
Securelist
Securelist
added 2019/06/12 10:0 a.m.121 views

What kids get up to online

Today's children navigate the Internet better than adults. They are not afraid to try out new technology, and are quick to grasp new trends and sometimes invent their own. New social networks, mobile games, music, and gadgets are all part and parcel of their daily lives. But just because they fee...

6.8AI score
Exploits0
Securelist
Securelist
added 2019/06/05 11:7 a.m.91 views

Platinum is back

In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The acto...

0.3AI score
Exploits0
Securelist
Securelist
added 2019/06/03 2:0 p.m.104 views

Zebrocy’s Multilanguage Malware Salad

Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/05/23 10:0 a.m.2632 views

IT threat evolution Q1 2019. Statistics

These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries...

9.3CVSS0.99945EPSS
Exploits116
Securelist
Securelist
added 2019/05/23 10:0 a.m.3223 views

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...

7.2CVSS7.8AI score0.96274EPSS
Exploits13
Securelist
Securelist
added 2019/05/21 10:0 a.m.151 views

DDoS attacks in Q1 2019

News overview The start of the year saw the appearance of various new tools in the arsenal of DDoS-attack masterminds. In early February, for instance, the new botnet Cayosin, assembled from elements of Qbot, Mirai, and other publicly available malware, swam into view. Cybersecurity experts were...

7.6AI score
Exploits0
Securelist
Securelist
added 2019/05/15 10:0 a.m.873 views

Spam and phishing in Q1 2019

Quarterly highlights Valentine's Day As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating...

9.3CVSS0.2AI score0.99945EPSS
Exploits36
Securelist
Securelist
added 2019/05/13 10:0 a.m.293 views

ScarCruft continues to evolve, introduces Bluetooth harvester

Executive summary After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. Th...

7.2CVSS8AI score0.73721EPSS
Exploits18
Securelist
Securelist
added 2019/05/08 8:23 p.m.97 views

The 2019 DBIR is out

Once again, we are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive from our efforts to protect all of...

0.9AI score
Exploits0
Securelist
Securelist
added 2019/05/08 10:0 a.m.298 views

FIN7.5: the infamous cybercrime rig “FIN7” continues its activities

On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly,...

9.3CVSS0.4AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2019/04/30 10:0 a.m.87 views

APT trends report Q1 2019

For just under two years, the Global Research and Analysis Team GReAT at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published an...

7.2CVSS0.4AI score0.83524EPSS
Exploits82
Securelist
Securelist
added 2019/04/29 8:0 a.m.57 views

I know what you did last summer, MuddyWater blending in the crowd

Introduction MuddyWater is an APT with a focus on governmental and telco targets in the Middle East Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon and also a few other countries in nearby regions Azerbaijan, Pakistan and Afghanistan. MuddyWater first surfaced in 2017 and has been active...

7.9AI score
Exploits0
Securelist
Securelist
added 2019/04/23 10:0 a.m.87 views

Operation ShadowHammer: a high-profile supply chain attack

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, whic...

0.3AI score
Exploits0
Securelist
Securelist
added 2019/04/15 10:0 a.m.2876 views

New zero-day vulnerability CVE-2019-0859 in win32k.sys

In March 2019, our automatic Exploit Prevention EP systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. It was the fifth consecutive exploited Local Privilege...

7.2CVSS0.1AI score0.69833EPSS
Exploits11
Securelist
Securelist
added 2019/04/11 10:0 a.m.104 views

Large-scale SIM swap fraud

Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator's...

0.2AI score
Exploits0
Securelist
Securelist
added 2019/04/10 4:30 a.m.129 views

Gaza Cybergang Group1, operation SneakyPastes

Gaza Cybergangs is a politically motivated Arabic-language cyberthreat actor, actively targeting the MENA Middle East North Africa region, especially the Palestinian Territories. The confusion surrounding Gaza Cybergang's activities, separation of roles and campaigns has been prevalent in the cyb...

0.2AI score
Exploits0
Total number of security vulnerabilities1025