Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2018/10/29 10:0 a.m.59 views

Hackers attacking your memories: science fiction or future threat?

Authors: Kaspersky Lab and the Oxford University Functional Neurosurgery Group There is an episode in the dystopian near-future series Black Mirror about an implanted chip that allows users to record and replay everything they see and hear. A recent YouGov survey found that 29% of viewers would b...

1AI score
Exploits0
Securelist
Securelist
added 2018/10/24 10:0 a.m.89 views

Phishing for knowledge

When we talk about phishing, top of mind are fake banking sites, payment systems, as well as mail and other globally popular services. However, cybercriminals have their fingers in far more pies than that. Unobviously, perhaps, students and university faculties are also in the line of fire. The...

1.1AI score
Exploits0
Securelist
Securelist
added 2018/10/19 10:0 a.m.90 views

DarkPulsar FAQ

What's it all about? In March 2017, a group of hackers calling themselves "the Shadow Brokers" published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. The Fuzzbunch framework contains various types of plugins designed to analyze victims, exploit vulnerabilities,...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/10/19 10:0 a.m.80 views

DarkPulsar

In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. DanderSpritz consists entirely of plugins to gather intelligence, use exploits and examine already controlled machines. It is written in Java and provides a graphical window...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/10/15 10:0 a.m.68 views

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users and diplomatic entities. We named the actor DustSquad and have provided private intelligence reports to our customers on four of their campaigns involving custom Android and...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/10/11 7:30 a.m.44 views

Threats in the Netherlands

Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy also known as APT28 or Fancy Bear, among others. According to the MIVD, four suspects were caught red handed trying to...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/10/10 10:0 a.m.39 views

MuddyWater expands operations

Summary MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US. We recently...

1.5AI score
Exploits0
Securelist
Securelist
added 2018/10/10 7:0 a.m.1569 views

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. We reported this vulnerability to Microsoft on August 17, 2018. Microsoft confirmed the vulnerability and designated it...

7.2CVSS0.3AI score0.69833EPSS
Exploits13
Securelist
Securelist
added 2018/10/04 4:0 p.m.112 views

Shedding Skin – Turla’s Fresh Faces

Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an "ultra complex" snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT, whi...

7.2AI score
Exploits0
Securelist
Securelist
added 2018/10/01 10:0 a.m.384 views

Roaming Mantis, part III

In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. In the beginning, the criminals used DNS hijacking in vulnerable routers to spread malicious Android applications of Roaming Mantis aka MoqHao and XLoader, spoofing legitimat...

6.5AI score
Exploits0
Securelist
Securelist
added 2018/09/25 10:0 a.m.702 views

USB threats from malware to miners

Introduction In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content...

9.3CVSS1.2AI score0.91324EPSS
Exploits13
Securelist
Securelist
added 2018/09/20 10:0 a.m.45 views

Threats posed by using RATs in ICS

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools RAT for PCs installed on operational technology OT networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had use...

1.3AI score
Exploits0
Securelist
Securelist
added 2018/09/18 10:0 a.m.1332 views

New trends in the world of IoT threats

Cybercriminals' interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn't bode well for the years ahead. We decided to study what attack...

10CVSS9.9AI score0.99975EPSS
Exploits46
Securelist
Securelist
added 2018/09/10 10:0 a.m.44 views

LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company

What happened? Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally signed 32- and 64-bit network filtering driver NDISProxy. Interestingly, this driver is sign...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/09/06 10:0 a.m.35 views

Threat Landscape for Industrial Automation Systems in H1 2018

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industria...

7.5AI score
Exploits0
Securelist
Securelist
added 2018/09/03 10:0 a.m.52 views

We know what your kids did this summer

For many kids and teenagers, summer is all about ditching school books in favor of hobbies and fun. Every year we release a report on children's interests, as reflected in their online activity. This summer, we investigated what they prefer in their free time. The Parental Control module in...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/08/30 10:0 a.m.37 views

What are botnets downloading?

Spam mailshots with links to malware and bots downloading other malware are just a couple of botnet deployment scenarios. The choice of infectious payload is limited only by the imagination of the botnet operator or customer. It might be a ransomware, a banker, a miner, a backdoor, the list goes...

0.6AI score
Exploits0
Securelist
Securelist
added 2018/08/29 1:0 p.m.35 views

Loki Bot: On a hunt for corporate passwords

Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware's key objective is to steal passwords from browsers,...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/08/29 10:0 a.m.60 views

BusyGasper – the unfriendly spy

In early 2018 our mobile intruder-detection technology was triggered by a suspicious Android sample that, as it turned out, belonged to an unknown spyware family. Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/08/28 10:0 a.m.31 views

The rise of mobile banker Asacub

We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015, when the first versions of the malware were detected, analyzed, and found to be more adept at spying than stealing funds. The Trojan has evolved since then, aided by a large-scale distribution campaign by its...

7.6AI score
Exploits0
Securelist
Securelist
added 2018/08/23 8:0 a.m.115 views

Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

Overview Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cybersabotage, the attacker has been targeting banks and other financial companies around the globe. Over the last few months, Lazarus has successfully compromised several...

7AI score
Exploits0
Securelist
Securelist
added 2018/08/21 10:0 a.m.32 views

Dark Tequila Añejo

Dark Tequila is a complex malicious campaign targeting Mexican users, with the primary purpose of stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts and domain registrars. A multi-stage...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/08/16 10:0 a.m.39 views

Security assessment of corporate information systems in 2017

Each year, Kaspersky Lab's Security Services department carries out dozens of cybersecurity assessment projects for companies worldwide. In this publication, we present a general summary and statistics for the cybersecurity assessments we have conducted of corporate information systems throughout...

3.9AI score
Exploits0
Securelist
Securelist
added 2018/08/14 10:0 a.m.408 views

Spam and phishing in Q2 2018

Quarterly highlights GDPR as a phishing opportunity In the first quarter, we discussed spam designed to exploit GDPR General Data Protection Regulation, which came into effect on May 25, 2018. Back then spam traffic was limited to invitations to participate in workshops and other educational even...

9.3CVSS8.2AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2018/08/13 12:21 p.m.59 views

KeyPass ransomware

In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. Others in the security community have also noticed that this ransomware began to actively spread in August: Notification from MalwareHunterTeam Distribution model According to our...

6.7AI score
Exploits0
Securelist
Securelist
added 2018/08/06 10:0 a.m.672 views

IT threat evolution Q2 2018

Targeted attacks and malware campaigns Operation Parliament In April, we reported the workings of Operation Parliament, a cyber-espionage campaign aimed at high-profile legislative, executive and judicial organizations around the world – with its main focus in the MENA Middle East and North Afric...

7.6CVSS8.8AI score0.87814EPSS
Exploits9
Securelist
Securelist
added 2018/08/06 10:0 a.m.2963 views

IT threat evolution Q2 2018. Statistics

Q2 figures According to KSN: Kaspersky Lab solutions blocked 962,947,023 attacks launched from online resources located in 187 countries across the globe. 351,913,075 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by malware designed to steal money via...

9.3CVSS2.1AI score0.99945EPSS
Exploits97
Securelist
Securelist
added 2018/08/02 10:0 a.m.98 views

How do file partner programs work?

It's easy to notice if you've fallen victim to an advertising partner program: the system has new apps that you didn't install, ad pages spontaneously open in the browser, ads appear on sites where they never used to, and so on. If you notice these symptoms on your computer, and in the list of...

0.2AI score
Exploits0
Securelist
Securelist
added 2018/08/01 10:0 a.m.40 views

Attacks on industrial enterprises using RMS and TeamViewer

Main facts Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. The phishing emails are disguised as legitimate commercial offers and a...

0.7AI score
Exploits0
Securelist
Securelist
added 2018/07/26 10:0 a.m.786 views

A mining multitool

Recently, an interesting miner implementation appeared on Kaspersky Lab's radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers. This type of hidden consolidati...

9.3CVSS0.4AI score0.9923EPSS
Exploits73
Securelist
Securelist
added 2018/07/25 10:0 a.m.30 views

A study of car sharing apps

The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost...

Exploits0
Securelist
Securelist
added 2018/07/24 9:0 a.m.65 views

DDoS attacks in Q2 2018

News overview Q2 2018 news includes: non-standard use of old vulnerabilities, new botnets, the cutthroat world of cryptocurrencies, a high-profile DDoS attack or not with a political subtext, the slashdot effect, some half-baked attempts at activism, and a handful arrests. But first things first...

0.6AI score
Exploits0
Securelist
Securelist
added 2018/07/20 10:0 a.m.50 views

Calisto Trojan for macOS

An interesting aspect of studying a particular piece of malware is tracing its evolution and observing how the creators gradually add new monetization or entrenchment techniques. Also of interest are developmental prototypes that have had limited distribution or not even occurred in the wild. We...

Exploits0
Securelist
Securelist
added 2018/07/19 10:0 a.m.59 views

Online generators… of dashed expectations

Quite recently, we and hence our security solutions started to designate an entire class of sites — gift card generators — as fraudulent, despite their not stealing any money or personal data from visitors. Why? Let's try to unpick these sites and see how they work. How it works Ads for all kinds...

Exploits0
Securelist
Securelist
added 2018/07/17 10:0 a.m.39 views

The return of Fantomas, or how we deciphered Cryakl

In early February this year, Belgian police seized the C&C servers of the infamous Cryakl cryptor. Soon afterwards, they handed over the private keys to our experts, who used them to update the free RakhniDecryptor tool for recovering files encrypted by the malware. The ransomware, which for year...

0.4AI score
Exploits0
Securelist
Securelist
added 2018/07/12 6:0 p.m.53 views

Coinvault, the court case

Today, after almost 3 years of waiting, it was finally the day of the trial. In the Netherlands, where the whole case took place, the hearings are open to the public. Meaning anyone who is interested can visit. And it was quite busy. Because besides the suspects, their lawyers, the judges and the...

0.3AI score
Exploits0
Securelist
Securelist
added 2018/07/10 10:0 a.m.553 views

APT Trends Report Q2 2018

In the second quarter of 2017, Kaspersky Lab's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports, in an effort to make the public aware of the research we have been conducting. This report serves as the latest installment,...

10CVSS9.3AI score0.94354EPSS
Exploits34
Securelist
Securelist
added 2018/07/09 10:0 a.m.55 views

In cryptoland, trust can be costly

While the legal status of cryptocurrencies and laws to regulate them continue to be hammered out, scammers are busy exploiting the digital gold rush. Besides hacking cryptocurrency exchanges, exploiting smart-contract vulnerabilities, and deploying malicious miners, cybercriminals are also...

7AI score
Exploits0
Securelist
Securelist
added 2018/07/05 10:0 a.m.80 views

To crypt, or to mine – that is the question

Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. During that time the malware writers have changed: the way their Troja...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/07/03 1:0 p.m.233 views

Delving deep into VBScript

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially "corrupts" two memory objects and...

9.3CVSS8.9AI score0.94996EPSS
Exploits47
Securelist
Securelist
added 2018/06/27 10:5 a.m.39 views

Ransomware and malicious crypto miners in 2016-2018

Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom usually in Bitcoins or another widely used e-currency, if they want to regain access to...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/06/26 10:0 a.m.81 views

Pbot: evolving adware

The adware PBot PythonBot got its name because its core modules are written in Python. It was more than a year ago that we detected the first member of this family. Since then, we have encountered several modifications of the program, one of which went beyond adware by installing and running a...

0.9AI score
Exploits0
Securelist
Securelist
added 2018/06/20 10:0 a.m.42 views

Modern OSs for embedded systems

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems or, in other words, the internet of things. Our primary interest is how and to what degree these OSs can solve...

7.7AI score
Exploits0
Securelist
Securelist
added 2018/06/19 10:0 a.m.214 views

Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. Th...

7.6AI score
Exploits0
Securelist
Securelist
added 2018/06/13 10:0 a.m.93 views

LuckyMouse hits national data center to organize country-level waterholing campaign

What happened? In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/06/06 10:0 a.m.42 views

A MitM extension for Chrome

Browser extensions make our lives easier: they hide obtrusive advertising, translate text, help us choose in online stores, etc. There are also less desirable extensions, including those that bombard us with advertising or collect information about our activities. These pale into insignificance,...

6.9AI score
Exploits0
Securelist
Securelist
added 2018/06/04 11:11 a.m.17 views

FIFA public Wi-Fi guide: which host cities have the most secure networks?

We all know how easy it is for users to connect to open Wi-Fi networks in public places. Well, it is equally straightforward for criminals to position themselves near poorly protected access points – where they can intercept network traffic and compromise user data. A lack of essential traffic...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/06/01 9:0 a.m.27 views

Netkids

Children today are completely at home in the digital space. They use digital diaries and textbooks at school, communicate via instant messaging, play games on mobile devices not to mention PCs and consoles, and create mini masterpieces on tablets and laptops. This total immersion in the digital...

0.6AI score
Exploits0
Securelist
Securelist
added 2018/05/29 10:0 a.m.27 views

Trojan watch

We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we touched upon ways of intercepting authentication data using single-board microcomputers. This time, we turned out attention to wearable devices:...

6.6AI score
Exploits0
Securelist
Securelist
added 2018/05/28 10:0 a.m.44 views

2018 Fraud World Cup

There are only two weeks to go before the start of the massive soccer event — FIFA World Cup. This championship has already attracted the attention of millions worldwide, including a fair few cybercriminals. Long before kick-off, email accounts began bulging with soccer-related spam, and scammers...

7AI score
Exploits0
Total number of security vulnerabilities1025