From securelist.com
Crimeware and financial predictions for 2025
3 3
Kaspersky's GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025.
#cti #crimeware #cybercrime #cyberthreatintelligence #infosec #cybersecurity
on Thu, 10AM
From securelist.com
Internet-exposed GNSS receivers pose threat globally in 2024
0 3
Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks.
on Wed, 10AM
From securelist.com
Kaspersky discovers new Ymir ransomware used together with RustyStealer
0 5
Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims.
on Mon, 11AM
From securelist.com
QSC: new modular framework in CloudComputating campaigns
0 3
Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns.
on Fri, 3PM
From securelist.com
SteelFox Trojan imitates popular products to drop stealer and miner malware
0 0
Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.
on Nov 6
From securelist.com
How phishing pages admit to being LLM-made
0 0
Scammers use large language models (LLMs) to create phishing pages and leave artifacts in texts and tags, like the phrase "As an AI language model…".
on Oct 31
From securelist.com
Compromise assessment in cybersecurity: real-world cases
0 0
Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.
on Oct 29
From securelist.com
Malicious CAPTCHA delivers Lumma and Amadey Trojans
0 0
Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets.
on Oct 29
From securelist.com
Lazarus APT steals cryptocurrency and user data via a decoy MOBA game
0 0
Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.
on Oct 23
From securelist.com
Grandoreiro banking trojan: overview of recent versions and new tricks
0 0
In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions.
on Oct 22
From securelist.com
Stealers on the rise: Kral, AMOS, Vidar and ACR
0 0
Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer.
on Oct 21
From securelist.com
Cyberthreats in the Middle East H1 2024
0 0
The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on.
on Oct 20
From securelist.com
SideWinder APT’s post-exploitation framework analysis
0 0
Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.
on Oct 20
From securelist.com
Analyzing the familiar tools used by the Crypt Ghouls hacktivists
0 0
A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc.
on Oct 18
From securelist.com
Kernel shellcode persistence technique in APT attacks and SAS CTF challenge
0 0
In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7.
on Oct 17
From securelist.com
How machine learning helps us hunt threats
0 0
How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data.
on Oct 10
From securelist.com
Analyzing the Awaken Likho APT group implant: new tools and techniques
0 0
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
on Oct 7
From securelist.com
SIEM agent being used in SilentCryptoMiner attacks
0 0
Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims' devices for persistence.
on Oct 4
From securelist.com
Key Group uses leaked builders of ransomware and wipers
0 0
Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram.
on Oct 1
From securelist.com
The Dropping Elephant – aggressive cyber-espionage in the Asian region
0 0
A threat actor, likely operating from India, was undertaking aggressive cyber-espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs.
on Sep 26
From securelist.com
Threat landscape for industrial automation systems, Q2 2024
0 0
In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types.
on Sep 26
From securelist.com
Analysis of the BlackJack group: techniques, tools, and similarities with Twelve
0 0
An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group.
on Sep 25
From securelist.com
A review of prevalent web tracking services in 2023–2024, region by region
0 0
Kaspersky experts review Do Not Track (DNT) statistics for the most widely used web tracking services in 2023 and 2024 operated by companies like Google, Microsoft, etc.
on Sep 24
From securelist.com
Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods
0 0
Kaspersky experts have discovered a new version of the Necro Trojan, which has infected tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods.
on Sep 23
From securelist.com
A new version of the Loki backdoor for the Mythic framework attacks Russian companies
0 0
Kaspersky experts have discovered a new version of the Loki agent for the open-source Mythic framework, which uses DLLs to attack Russian companies.
on Sep 21
From securelist.com
Twelve: from initial compromise to ransomware and wipers
0 0
Analysis of Twelve's activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers.
on Sep 20
From securelist.com
Evolution of Mallox: from private ransomware to RaaS
0 0
In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc.
on Sep 19
From securelist.com
SambaSpy – a new RAT targeting Italian users
0 0
Kaspersky researchers detected a campaign exclusively targeting Italian users by delivering a new RAT dubbed SambaSpy
on Sep 18
From securelist.com
New malicious web shell from the Tropic Trooper group is found in the Middle East
0 3
Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East.
on Sep 5
From securelist.com
Most interesting IR cases in 2023: insider threats and more
0 3
Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more.
on Sep 3
From securelist.com
Statistics on PC malware for Q2 2024
0 2
This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices.
on Sep 3
From securelist.com
Android malware and unwanted software statistics for Q2 2024
0 3
The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware.
on Sep 3
From securelist.com
Malware report for Q2 2024 — a quarterly review
0 3
In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.
on Sep 3
From securelist.com
Head Mare hacktivists: attacks on companies in Russia and Belarus
0 6
Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore.
on Sep 3
From securelist.com
HZ Rat backdoor for macOS harvests data from WeChat and DingTalk
0 0
Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers
on Aug 27
From securelist.com
Kaspersky found multiple memory corruptions in Suricata and FreeRDP
0 0
While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer.
on Aug 23
From securelist.com
Tusk campaign uses infostealers and clippers for financial gain
0 2
Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data.
on Aug 15
From securelist.com
EastWind campaign distributes CloudSorcerer and two APT tools
0 0
Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools.
on Aug 14
From securelist.com
Kaspersky report on APT trends in Q2 2024
0 2
The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, cyber-espionage tool StealerBot, and hacktivist activity.
on Aug 13
From securelist.com
What is indirect prompt injection and how is it used
0 2
We studied data from the internet and Kaspersky internal sources to find out how and why people use indirect prompt injection.
on Aug 12
From securelist.com
LianSpy: Android spyware leveraging Yandex Disk as C2
0 0
Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2.
on Aug 7
From securelist.com
Ransomware variants available online give rise to new cybercrime groups
0 0
Kaspersky researchers investigated three ransomware groups that tapped newly built malware samples based on Babuk, Lockbit, Chaos and others, while lacking professional resources.
on Aug 1
From securelist.com
New Mandrake Android spyware version discovered on Google Play
0 0
Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play
on Jul 29
From securelist.com
Spear phishing techniques in mass phishing: a new trend
0 0
Kaspersky experts have discovered a new scheme that combines elements of spear and mass phishing
on Jul 11
From securelist.com
What MITRE ATT&CK techniques to detect first?
0 0
How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help.
on Jul 9
From securelist.com
CloudSorcerer APT uses cloud services and GitHub as C2
0 0
Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.
on Jul 8
From securelist.com
How quickly can attackers guess your password?
0 0
Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.
on Jul 2
From securelist.com
0 0
Explaining how scammers use phishing and OTP bots to gain access to accounts protected with 2FA.
on Jun 26
From securelist.com
How quickly can attackers guess your password?
0 0
Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.
on Jun 26
From securelist.com
New cyberthreat research for SMB in 2024
0 0
Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam.
on Jun 25