Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2024/05/28 10:0 a.m.44 views

Trusted relationship attacks: trust, but verify

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/05/27 1:0 p.m.25 views

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, weve seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

6.4AI score
Exploits0
Securelist
Securelist
added 2024/05/27 10:0 a.m.27 views

Threat landscape for industrial automation systems, Q1 2024

Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of IC...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/05/23 12:0 p.m.60 views

ShrinkLocker: Turning BitLocker into ransomware

Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating systems own...

6.8AI score
Exploits0
Securelist
Securelist
added 2024/05/23 9:0 a.m.28 views

A journey into forgotten Null Session and MS-RPC interfaces

A journey into forgotten Null Session and MS-RPC interfaces PDF It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. Most often, attackers leveraged null sessio...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/05/22 10:0 a.m.23 views

Stealers, stealers and more stealers

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers see here, here and here, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid a new...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/05/14 5:14 p.m.44 views

QakBot attacks with Windows zero-day (CVE-2024-30051)

In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a...

7.8CVSS8.4AI score0.11977EPSS
Exploits2
Securelist
Securelist
added 2024/05/14 11:0 a.m.12 views

Incident response analyst report 2023

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Our annual Incident Response Report presents...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/05/09 10:0 a.m.35 views

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/05/08 10:0 a.m.35 views

State of ransomware in 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely – ...

8.5AI score
Exploits0
Securelist
Securelist
added 2024/05/07 10:0 a.m.96 views

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical componen...

7.5CVSS8.9AI score0.99938EPSS
Exploits154
Securelist
Securelist
added 2024/05/06 10:0 a.m.30 views

Financial cyberthreats in 2023

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/04/30 9:0 a.m.13 views

Managed Detection and Response in 2023

Managed Detection and Response in 2023 PDF Alongside other security solutions, we provide Kaspersky Managed Detection and Response MDR to organizations worldwide, delivering expert monitoring and incident response 24/7. The task involves collecting telemetry for analysis by both machine-learning ...

7AI score
Exploits0
Securelist
Securelist
added 2024/04/24 10:10 a.m.35 views

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/04/22 10:0 a.m.44 views

ToddyCat is making holes in your infrastructure

We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files LoFiSe and PcExter. This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts th...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/04/18 10:0 a.m.37 views

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Introduction In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it "DuneQuixote"; and our investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions –...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/04/17 10:0 a.m.23 views

SoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/04/15 10:0 a.m.27 views

Using the LockBit builder to generate targeted ransomware

The previous Kaspersky research focused on a detailed analysis of the LockBit 3.0 builder leaked in 2022. Since then, attackers have been able to generate customized versions of the threat according to their needs. This opens up numerous possibilities for malicious actors to make their attacks mo...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/04/12 8:0 a.m.67 views

XZ backdoor story – Initial analysis

On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux...

7.5CVSS9.3AI score0.85974EPSS
Exploits40
Securelist
Securelist
added 2024/03/28 1:0 p.m.17 views

DinodasRAT Linux implant targeting entities worldwide

DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a targets computer. A Windows version of this RAT was used in attacks against government entities in...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/03/20 11:0 a.m.27 views

Android malware, Android malware and more Android malware

Introduction Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023s most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/03/19 10:0 a.m.24 views

Threat landscape for industrial automation systems. H2 2023

Global statistics across all threats In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year Selected industries In H2 2023, building...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/03/14 10:0 a.m.72 views

A patched Windows attack surface is still exploitable

On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege EoP, which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of th...

7.2CVSS7.3AI score0.43058EPSS
Exploits5
Securelist
Securelist
added 2024/03/13 11:29 a.m.39 views

What’s in your notepad? Infected text editors target Chinese users

"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...

7AI score
Exploits0
Securelist
Securelist
added 2024/03/13 8:0 a.m.36 views

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 PDF The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

6.8AI score
Exploits0
Securelist
Securelist
added 2024/03/12 10:0 a.m.61 views

Top 10 web application vulnerabilities in 2021–2023

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project OWASP online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilitie...

8.2AI score
Exploits0
Securelist
Securelist
added 2024/03/07 10:0 a.m.76 views

Spam and phishing in 2023

The year in figures 45.60% of all email sent worldwide and 46.59% of all email sent in the Runet the Russian web segment was spam 31.45% of all spam email was sent from Russia Kaspersky Mail Anti-Virus blocked 135,980,457 malicious email attachments Our Anti-Phishing system thwarted 709,590,011...

9.3CVSS7.3AI score0.99945EPSS
Exploits36
Securelist
Securelist
added 2024/03/05 8:0 a.m.46 views

Network tunneling with… QEMU?

Cyberattackers tend to give preference to legitimate tools when taking various attack steps, as these help them evade detection systems while keeping malware development costs down to a minimum. Network scanning, capturing a process memory dump, exfiltrating data, running files remotely, and even...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/02/27 3:0 p.m.31 views

An educational robot security research

In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing more and more models that can al...

8.1AI score
Exploits0
Securelist
Securelist
added 2024/02/26 8:0 a.m.27 views

The mobile malware threat landscape in 2023

The figures above are based on detection statistics received from Kaspersky users who consented to sharing usage data with Kaspersky Security Network. The data for years preceding 2023 may differ from that published previously, as the calculation methodology was refined, and the data was...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/02/08 10:0 a.m.38 views

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, we encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. What caught our...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/01/31 10:0 a.m.25 views

ICS and OT threat predictions for 2024

We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscap...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/01/25 10:0 a.m.17 views

Privacy predictions for 2024

In our previous privacy predictions piece, we outlined trends for 2023. As expected, there was a notable increase in the adoption of digital IDs to replace paper documents. For example, California expanded a pilot program for digital drivers licenses, and Russia introduced laws enabling...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/01/22 8:0 a.m.37 views

Cracked software beats gold: new macOS backdoor stealing cryptowallets

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/01/17 10:0 a.m.20 views

Dark web threats and dark market predictions for 2024

An overview of last years predictions 1. Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may includ...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/01/16 10:0 a.m.16 views

A lightweight method to detect potential iOS malware

Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden mechanisms of iOS malware...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/12/27 2:0 p.m.89 views

Operation Triangulation: The last (hardware) mystery

Today, on December 27, 2023, we Boris Larin, Leonid Bezvershenko, and Georgy Kucherin delivered a presentation, titled, "Operation Triangulation: What You Get When Attack iPhones of Researchers", at the 37th Chaos Communication Congress 37C3, held at Congress Center Hamburg. The presentation...

6.8CVSS7.9AI score0.51517EPSS
Exploits3
Securelist
Securelist
added 2023/12/21 10:0 a.m.61 views

Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

This is part five of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this table of...

4.6CVSS8AI score0.48973EPSS
Exploits12
Securelist
Securelist
added 2023/12/21 10:0 a.m.62 views

Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)

This is part four of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this table of...

4.6CVSS7.6AI score0.48973EPSS
Exploits14
Securelist
Securelist
added 2023/12/21 10:0 a.m.66 views

Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)

This is the third part of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this tab...

4.6CVSS8.1AI score0.48973EPSS
Exploits14
Securelist
Securelist
added 2023/12/21 10:0 a.m.68 views

Windows CLFS and five exploits used by ransomware operators

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows...

7.2CVSS7.5AI score0.48973EPSS
Exploits14
Securelist
Securelist
added 2023/12/21 10:0 a.m.46 views

Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521)

This is the second part of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous part first if you havent already. You can skip to the other parts using this tab...

7.2CVSS8AI score0.81107EPSS
Exploits14
Securelist
Securelist
added 2023/12/21 10:0 a.m.71 views

Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)

This is part six of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can go to other parts using this table of...

4.6CVSS8.4AI score0.48973EPSS
Exploits12
Securelist
Securelist
added 2023/12/14 1:0 p.m.60 views

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

During an incident response performed by Kasperskys Global Emergency Response Team GERT and GReAT, we uncovered a novel multiplatform threat named "NKAbuse". The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and...

10CVSS7.7AI score0.99999EPSS
Exploits44
Securelist
Securelist
added 2023/12/13 10:0 a.m.12 views

FakeSG campaign, Akira ransomware and AMOS macOS stealer

Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platfo...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/12/12 10:0 a.m.19 views

What to do if your company was mentioned on Darknet?

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile, MailChimp and OpenAI in 2023. But are we really conscious of the tru...

7AI score
Exploits0
Securelist
Securelist
added 2023/12/11 10:0 a.m.34 views

Story of the year: the impact of AI on cybersecurity

In the whirlwind of technological advancements and societal transformations, the term "AI" has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/12/06 10:0 a.m.40 views

New macOS Trojan-Proxy piggybacking on cracked software

Illegally distributed software historically has served as a way to sneak malware onto victims devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a "free lunch". They are an excellent target for cybercriminals who realize that an...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/12/05 10:0 a.m.28 views

BlueNoroff: new Trojan attacking macOS users

We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/12/04 11:0 a.m.18 views

Kaspersky Security Bulletin 2023. Statistics

All statistics in this report come from the Kaspersky Security Network KSN global cloud service, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...

7.1AI score
Exploits0
Total number of security vulnerabilities1025