Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2023/06/07 8:0 a.m.18 views

IT threat evolution Q1 2023. Mobile statistics

IT threat evolution Q1 2023 IT threat evolution Q1 2023. Non-mobile statistics IT threat evolution Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to...

7AI score
Exploits0
Securelist
Securelist
added 2023/06/07 8:0 a.m.221 views

IT threat evolution in Q1 2023. Non-mobile statistics

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

9.3CVSS9.6AI score0.99999EPSS
Exploits457
Securelist
Securelist
added 2023/06/05 10:0 a.m.29 views

Satacom delivers browser extension that steals cryptocurrency

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/06/02 12:16 p.m.19 views

In search of the Triangulation: triangle_check utility

In our initial blogpost about "Operation Triangulation", we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we...

7AI score
Exploits0
Securelist
Securelist
added 2023/06/01 12:36 p.m.28 views

Operation Triangulation: iOS devices targeted with previously unknown malware

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform KUMA, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS device...

7AI score
Exploits0
Securelist
Securelist
added 2023/05/23 8:0 a.m.41 views

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...

8.1AI score
Exploits0
Securelist
Securelist
added 2023/05/19 10:30 a.m.44 views

CloudWizard APT: the bad magic story goes on

In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of our report about...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/05/17 10:0 a.m.30 views

Minas – on the way to complexity

Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of a system process. We decided to dig deeper and...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/05/16 8:0 a.m.14 views

The nature of cyberincidents in 2022

Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. In our annual incident response report, we share information about the attacks that we investigated during the reporting period. Data...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/05/11 8:0 a.m.44 views

New ransomware trends in 2023

Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M...

7.6AI score0.0025EPSS
Exploits0
Securelist
Securelist
added 2023/05/04 10:0 a.m.19 views

Not quite an Easter egg: a new family of Trojan subscribers on Google Play

Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/05/02 8:0 a.m.39 views

Managed Detection and Response in 2022

Kaspersky Managed Detection and Response MDR is a service for 24/7 monitoring and response to detected incidents based on technologies and expertise of Kaspersky Security Operations Center SOC team. MDR allows detecting threats at any stage of the attack – both before anything is compromised and...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/05/01 10:0 a.m.38 views

What does ChatGPT know about phishing?

Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect...

7AI score
Exploits0
Securelist
Securelist
added 2023/04/27 10:0 a.m.45 views

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publishe...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/04/24 8:0 a.m.233 views

Tomiris called, they want their Turla malware back

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States CIS. Our initial report described links between a Tomiris Golang implant and SUNSHUTTLE which has been...

7.5CVSS9.1AI score0.99999EPSS
Exploits63
Securelist
Securelist
added 2023/04/17 10:0 a.m.27 views

QBot banker delivered through business correspondence

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family aka QakBot, QuackBot, and Pinkslipbot. The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/04/13 8:0 a.m.29 views

Uncommon infection methods—part 2

Introduction Although ransomware is still a hot topic on which we will keep on publishing, we also investigate and publish about other threats. Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, we provide excerpts from the rece...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/04/12 8:0 a.m.26 views

Following the Lazarus group by tracking DeathNote campaign

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, well focus on an active cluster that we dubbed DeathNote because the malware responsible for...

8.1AI score
Exploits0
Securelist
Securelist
added 2023/04/11 5:36 p.m.61 views

Nokoyawa ransomware attacks with Windows zero-day

Updated April 20, 2023 In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These...

4.6CVSS9.1AI score0.48973EPSS
Exploits14
Securelist
Securelist
added 2023/04/10 8:0 a.m.25 views

Overview of Google Play threats sold on the dark web

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/04/05 10:0 a.m.45 views

The Telegram phishing market

Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging apps handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is...

6.6AI score
Exploits0
Securelist
Securelist
added 2023/04/03 12:10 p.m.42 views

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack

On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/03/30 10:0 a.m.23 views

Selecting the right MSSP: Guidelines for making an objective decision

Managed Security Service Providers MSSPs have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market, it can be difficult for organizations to determine which provider will fit ...

6.5AI score
Exploits0
Securelist
Securelist
added 2023/03/29 10:0 a.m.37 views

Financial cyberthreats in 2022

Financial gain remains the key driver of cybercriminal activity. In the past year, weve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats ...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/03/28 10:0 a.m.30 views

Copy-paste heist or clipboard-injector attacks on cryptousers

It is often the case that something new is just a reincarnation of something old. We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although we have written about a similar malware attack in 2017 in one of our blogpost...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/03/27 8:0 a.m.22 views

How scammers employ IPFS for email phishing

The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, whe...

6.3AI score
Exploits0
Securelist
Securelist
added 2023/03/24 8:0 a.m.19 views

Understanding metrics to measure SOC effectiveness

The security operations center SOC plays a critical role in protecting an organizations assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/03/23 8:0 a.m.35 views

Developing an incident response playbook

An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/03/21 8:0 a.m.42 views

Bad magic: new APT found in the area of Russo-Ukrainian conflict

Since the start of the Russo-Ukrainian conflict, Kaspersky researchers and the international community at large have identified a significant number of cyberattacks executed in a political and geopolitical context. We previously published an overview of cyber activities and the threat landscape...

7AI score
Exploits0
Securelist
Securelist
added 2023/03/15 10:0 a.m.19 views

Business on the dark web: deals and regulatory mechanisms

Download the full version of the report PDF Hundreds of deals are struck on the dark web every day: cybercriminals buy and sell data, provide illegal services to one another, hire other individuals to work as "employees" with their groups, and so on. Large sums of money are often on the table. To...

0.6AI score
Exploits0
Securelist
Securelist
added 2023/03/09 10:0 a.m.35 views

Malvertising through search engines

In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/03/08 10:0 a.m.38 views

The state of stalkerware in 2022

The state of stalkerware in 2022 PDF Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be discretel...

6.4AI score
Exploits0
Securelist
Securelist
added 2023/03/06 10:0 a.m.16 views

Threat landscape for industrial automation systems for H2 2022

Year 2022 in numbers Parameter | H1 2022 | H2 2022 | 2022 ---|---|---|--- Percentage of attacked ICS computers globally | 31.8% | 34.3% | 40.6% Main threat sources Internet | 16.5% | 19.9% | 24.0% Email clients | 7.0% | 6.4% | 7.9% Removable devices | 3.5% | 3.8% | 5.2% Network folders | 0.6% |...

0.5AI score
Exploits0
Securelist
Securelist
added 2023/02/27 10:5 a.m.55 views

The mobile malware threat landscape in 2022

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new mobi...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/02/16 8:0 a.m.318 views

Spam and phishing in 2022

Figures of the year In 2022: 48.63% of all emails around the world and 52.78% of all emails in the Russian segment of the internet were spam As much as 29.82% of all spam emails originated in Russia Kaspersky Mail Anti-Virus blocked 166,187,118 malicious email attachments Our Anti-Phishing system...

9.3CVSS7.9AI score0.99945EPSS
Exploits36
Securelist
Securelist
added 2023/02/15 10:0 a.m.36 views

IoC detection experiments with ChatGPT

ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such a...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/02/10 10:0 a.m.18 views

Good, Perfect, Best: how the analyst can enhance penetration testing results

Penetration testing is something that many of those who know what a pentest is see as a search for weak spots and well-known vulnerabilities in clients infrastructure, and a bunch of copied-and-pasted recommendations on how to deal with the security holes thus discovered. In truth, it is not so...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/02/07 8:0 a.m.19 views

Web beacons on websites and in e-mail

There is a vast number of trackers, which gather information about users activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming...

Exploits0
Securelist
Securelist
added 2023/01/31 8:0 a.m.36 views

Prilex modification now targeting contactless credit card transactions

Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks. Prilex goes beyond these, and it...

6.3AI score
Exploits0
Securelist
Securelist
added 2023/01/30 10:0 a.m.22 views

Come to the dark side: hunting IT professionals on the dark web

The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/01/23 10:0 a.m.22 views

What your SOC will be facing in 2023

As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers SOCs is becoming paramount. This years Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first par...

0.3AI score
Exploits0
Securelist
Securelist
added 2023/01/19 10:0 a.m.86 views

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

Roaming Mantis a.k.a Shaoye is well-known as a long-term cyberattack campaign that uses malicious Android package APK files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has be...

0.3AI score
Exploits0
Securelist
Securelist
added 2023/01/18 8:0 a.m.17 views

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Kaspersky detects an average of 400,000 malicious files every day. These add up to 144 million annually. The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. The media routinely report incidents and leaks of...

Exploits0
Securelist
Securelist
added 2023/01/09 10:38 a.m.14 views

How much security is enough?

According to a prominent Soviet science fiction writer, beauty is a fine line, a razors edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching th...

6.9AI score
Exploits0
Securelist
Securelist
added 2022/12/27 8:0 a.m.35 views

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

7.4AI score
Exploits0
Securelist
Securelist
added 2022/12/22 8:0 a.m.28 views

Ransomware and wiper signed with stolen certificates

Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the countrys computer systems. On September 10,...

1.1AI score
Exploits0
Securelist
Securelist
added 2022/12/19 4:15 p.m.1016 views

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Summary At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a...

10CVSS1.1AI score0.99999EPSS
Exploits34
Securelist
Securelist
added 2022/12/14 10:0 a.m.32 views

Reassessing cyberwarfare. Lessons learned in 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/12/09 1:0 p.m.45 views

How to train your Ghidra

Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding...

7.1AI score
Exploits0
Securelist
Securelist
added 2022/12/08 10:0 a.m.33 views

DeathStalker targets legal entities with new Janicab variant

Just to clarify, the above subheading isnt a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers DDRs. While hunting for less common Deathstalker intrusions that use the Janicab malware family, we identified a new Janicab variant...

0.1AI score
Exploits0
Total number of security vulnerabilities1025