Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2024/10/29 10:0 a.m.7 views

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/10/23 11:0 a.m.23 views

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Introduction Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our...

9.6CVSS7.7AI score0.15111EPSS
Exploits2
Securelist
Securelist
added 2024/10/22 6:0 p.m.21 views

Grandoreiro, the global trojan with grandiose goals

Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim's computer to bypass the security measures of banking institutions. It's been active since at least 2016 and is now one of...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/10/21 10:0 a.m.14 views

Stealer here, stealer there, stealers everywhere!

Introduction Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. Accordi...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/10/18 10:0 a.m.40 views

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

Last December, we discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group's activity suggests a connection to other groups currently targeting Russia. We have seen overlaps not only in indicators of compromise and tools, b...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/10/17 10:0 a.m.132 views

SAS CTF and the many ways to persist a kernel shellcode on Windows 7

On May 18, 2024, Kaspersky's Global Research & Analysis Team GReAT, with the help of its partners, held the qualifying stage of the SAS CTF, an international competition of cybersecurity experts held as part of the Security Analyst Summit conference. More than 800 teams from all over the world to...

7.8CVSS7.1AI score0.08661EPSS
Exploits2
Securelist
Securelist
added 2024/10/15 10:0 a.m.94 views

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been...

7.8CVSS8.4AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2024/10/14 7:0 a.m.11 views

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequence...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/10/07 10:0 a.m.27 views

Awaken Likho is awake: new techniques of an APT group

Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/10/04 8:0 a.m.15 views

Scam Information and Event Management

While trying to deliver malware on victims' devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims' devices without user consent; they'...

7.9AI score
Exploits0
Securelist
Securelist
added 2024/10/02 10:0 a.m.13 views

Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies,...

6.8AI score
Exploits0
Securelist
Securelist
added 2024/10/01 10:0 a.m.9 views

Key Group: another ransomware group using leaked builders

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group's activity was released in 2023 by BI.ZONE, a...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/09/26 8:0 a.m.7 views

Threat landscape for industrial automation systems, Q2 2024

Statistics across all threats In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached it...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/09/25 10:0 a.m.10 views

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures TTPs among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups...

8.1AI score
Exploits0
Securelist
Securelist
added 2024/09/24 10:0 a.m.13 views

Web tracking report: who monitored users’ online activities in 2023–2024 the most

Web tracking has become a pervasive aspect of our online experience. Whether we're browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwid...

6.6AI score
Exploits0
Securelist
Securelist
added 2024/09/23 10:0 a.m.29 views

How the Necro Trojan infiltrated Google Play, again

Introduction We sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don't have. Unfortunately, it's not uncommon for popular mods to...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/09/20 12:31 p.m.67 views

-=TWELVE=- is back

In the spring of 2024, posts with real people's personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that...

9.8CVSS10AI score0.99999EPSS
Exploits57
Securelist
Securelist
added 2024/09/18 10:0 a.m.16 views

Exotic SambaSpy is now dancing with Italian users

Introduction In May 2024, we detected a campaign exclusively targeting victims in Italy. We were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. For example, a certain type of malware might target users in France and Spain, with the phishin...

6.7AI score
Exploits0
Securelist
Securelist
added 2024/09/09 7:0 a.m.15 views

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/09/05 8:0 a.m.58 views

Tropic Trooper spies on government entities in the Middle East

Executive summary Tropic Trooper also known as KeyBoy and Pirate Panda is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has...

9.1CVSS8.4AI score0.99999EPSS
Exploits31
Securelist
Securelist
added 2024/09/04 10:0 a.m.49 views

Mallox ransomware: in-depth analysis and evolution

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, th...

8.8CVSS7AI score0.99022EPSS
Exploits15
Securelist
Securelist
added 2024/09/03 11:0 a.m.60 views

A deep dive into the most interesting incident response cases of last year

In 2023, Kasperskys Global Emergency Response Team GERT participated in services around the world that allowed our experts to gain insight into various threats and techniques used by APT groups, common crimeware and, in some cases, internal adversaries. As we highlighted in our annual report, the...

9.1CVSS8.2AI score0.99999EPSS
Exploits63
Securelist
Securelist
added 2024/09/03 8:0 a.m.29 views

IT threat evolution in Q2 2024. Non-mobile statistics

The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures In Q2 2024: Kaspersky solutions blocked over 664 million attacks from various internet sources. The web antivirus...

9.8CVSS7.7AI score0.99987EPSS
Exploits64
Securelist
Securelist
added 2024/09/03 8:0 a.m.9 views

IT threat evolution in Q2 2024. Mobile statistics

Quarterly figures According to Kaspersky Security Network, in Q2 2024: 7 million attacks using malware, adware or unwanted mobile software were blocked. The most common threat to mobile devices was RiskTool software – 41% of all detected threats. A total of 367,418 malicious installation packages...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/09/03 8:0 a.m.46 views

IT threat evolution Q2 2024

Targeted attacks XZ backdoor: a supply chain attack in the making On March 29, a message on the Openwall oss-security mailing list announced the discovery of a backdoor in XZ, a compression utility included in many popular Linux distributions. The backdoored library is used by the OpenSSH server...

10CVSS9.5AI score0.85974EPSS
Exploits42
Securelist
Securelist
added 2024/09/02 10:0 a.m.36 views

Head Mare: adventures of a unicorn in Russia and Belarus

Head Mare is a hacktivist group that first made itself known in 2023 on the social network X formerly Twitter1. In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops...

7.8CVSS8.4AI score0.97798EPSS
Exploits49
Securelist
Securelist
added 2024/08/27 10:0 a.m.12 views

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in t...

6.6AI score
Exploits0
Securelist
Securelist
added 2024/08/22 10:0 a.m.23 views

Memory corruption vulnerabilities in Suricata and FreeRDP

As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client KTC and Kaspersky IoT Secure Gateway KISG. As part of the pre-release...

9.8CVSS8.3AI score0.0375EPSS
Exploits1
Securelist
Securelist
added 2024/08/21 10:0 a.m.50 views

Exploits and vulnerabilities in Q2 2024

Q2 2024 was eventful in terms of new interesting vulnerabilities and exploitation techniques for applications and operating systems. Attacks through vulnerable drivers have become prevalent as a general means of privilege escalation in the operating system. Such attacks are notable in that the...

9.8CVSS9.1AI score0.99987EPSS
Exploits484
Securelist
Securelist
added 2024/08/20 12:0 p.m.26 views

Approach to mainframe penetration testing on z/OS

Information technology is developing at a rapid pace, with completely new areas emerging, such as DevOps and DevSecOps – and were striving to keep up. However, in some projects, you may encounter systems built on rather outdated principles. Such systems must be approached with care, since a singl...

10CVSS7.6AI score0.04397EPSS
Exploits1
Securelist
Securelist
added 2024/08/19 10:0 a.m.12 views

BlindEagle flying high in Latin America

BlindEagle, also known as "APT-C-36", is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/08/15 12:0 p.m.19 views

Tusk: unraveling a complex infostealer campaign

Summary Kaspersky Global Emergency Response Team GERT has identified a complex campaign, consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals. The sub-campaigns imitate legitimate projects, slightly modifying names and branding and using multiple social media...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/08/14 12:0 p.m.15 views

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/08/13 12:0 p.m.40 views

APT trends report Q2 2024

For over six years now, Kasperskys Global Research and Analysis Team GReAT has been sharing quarterly updates on advanced persistent threats APTs. These summaries draw on our threat intelligence research, offering a representative overview of what weve published and discussed in more detail in ou...

10CVSS8.2AI score0.85974EPSS
Exploits40
Securelist
Securelist
added 2024/08/12 10:0 a.m.13 views

Indirect prompt injection in the real world: how people manipulate neural networks

What is prompt injection? Large language models LLMs – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. For this reason, third-party applications that make use of them are also mushrooming, from systems for document...

7.9AI score
Exploits0
Securelist
Securelist
added 2024/08/05 9:40 a.m.37 views

LianSpy: new Android spyware targeting Russian users

In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs a...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/08/01 10:0 a.m.14 views

How “professional” ransomware variants boost cybercrime groups

Introduction Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a leaked ransomware variant. This requires no extraordinary...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/07/29 10:0 a.m.18 views

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

Introduction In May 2020, Bitdefender released a white paper containing a detailed analysis of Mandrake, a sophisticated Android cyber-espionage platform, which had been active in the wild for at least four years. In April 2024, we discovered a suspicious sample that appeared to be a new version ...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/07/11 10:0 a.m.14 views

When spear phishing met mass phishing

Introduction Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/07/09 1:0 p.m.19 views

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for...

6.6AI score
Exploits0
Securelist
Securelist
added 2024/07/08 7:0 a.m.32 views

CloudSorcerer – A new APT targeting Russian government entities

In May 2024, we discovered a new advanced persistent threat APT targeting Russian government entities that we dubbed CloudSorcerer. Its a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/06/25 10:0 a.m.14 views

Cybersecurity in the SMB space — a growing threat

Small and medium-sized businesses SMBs are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise. The...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/06/24 10:0 a.m.21 views

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident social engineering Part 3: XZ backdoor. Hook analysis In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned...

8.6AI score
Exploits0
Securelist
Securelist
added 2024/06/18 11:30 a.m.19 views

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/06/13 10:0 a.m.30 views

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems APCS. When integrating the modem, many product...

6.4CVSS8.2AI score0.00786EPSS
Exploits0
Securelist
Securelist
added 2024/06/11 8:0 a.m.181 views

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,...

10CVSS9AI score0.01324EPSS
Exploits0
Securelist
Securelist
added 2024/06/10 10:0 a.m.32 views

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication 2FA is a security feature we have come to expect as standard by 2024. Most of todays websites offer some form of it, and some of them wont even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types ...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/06/03 10:0 a.m.32 views

IT threat evolution in Q1 2024. Mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most commo...

7.9AI score
Exploits0
Securelist
Securelist
added 2024/06/03 10:0 a.m.38 views

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platfo...

7.8CVSS6AI score0.51517EPSS
Exploits3
Securelist
Securelist
added 2024/06/03 10:0 a.m.17 views

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

6.9AI score
Exploits0
Total number of security vulnerabilities1025