Tag: kaspersky
-
Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware
by
in SecurityNewsThe Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by Kaspersky, reveal the group’s evolving tactics. Sophisticated Threat Targets Weak SSH Credentials The attackers target…
-
Cybercriminals Use GetShared to Sneak Malware Through Enterprise Shields
by
in SecurityNewsCybercriminals are increasingly leveraging legitimate file-sharing platforms like GetShared to bypass enterprise email security systems. A recent case involving a former colleague, previously employed at Kaspersky, highlights this emerging threat. The individual received an authentic-looking email notification from GetShared, a genuine service for transferring large files, claiming that a file named >>DESIGN LOGO.rar
-
Kaspersky calls for cyber immunity amid growing cyber threats
by
in SecurityNewsThe rise of professional cyber crime groups and state-sponsored actors targeting critical infrastructure requires a move towards inherently secure ‘cyber immune’ systems, says Kaspersky CEO Eugene Kaspersky First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623294/Kaspersky-calls-for-cyber-immunity-amid-growing-cyber-threats
-
Lazarus Group’s >>Operation SyncHole<< Targets South Korean Industries
Kaspersky Labs has recently revealed a major cyber-espionage campaign conducted by the Lazarus group, dubbed >>Operation SyncHole.
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
by
in SecurityNewsThe North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
by
in SecurityNewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
by
in SecurityNewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Erodiert die Security-Reputation der USA?
by
in SecurityNews
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
IronHusky APT Resurfaces with Evolved MysterySnail RAT
by
in SecurityNewsIn a newly released report, Kaspersky’s Global Research and Analysis Team (GReAT) has revealed the resurgence of IronHusky, First seen on securityonline.info Jump to article: securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
by
in SecurityNewsThis is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
Kaspersky Shares 12 Essential Tips for Messaging App Security and Privacy
by
in SecurityNewsIn an era where instant messaging apps like WhatsApp, Telegram, Signal, iMessage, Viber, and WeChat dominate personal and professional communication, digital privacy and security have never been more critical. To help users keep their accounts secure and private, cybersecurity experts at Kaspersky have shared 12 simple yet effective tips for safe messaging practices. Here’s a…
-
Ransomware-Attacken stoßen in Windows-Lücke
by
in SecurityNews
Tags: access, backdoor, bug, cve, cvss, cyberattack, exploit, kaspersky, malware, microsoft, ransomware, update, vulnerability, windowsCyberkriminelle missbrauchen eine Sicherheitslücke in Windows, um eine Backdoor-Malware und Ransomware einzuschleusen.Sicherheitsforscher von Microsoft haben eine Schwachstelle im CLFS-Treiber (Common Log File System) von Windows entdeckt, die Angreifern Systemrechte verleiht. Sie wird als CVE-2025-29824 geführt, die mit einem CVSS-Wert von 7,8 über einen hohen Schweregrad verfügt.Laut einem Blogbeitrag der Forscher wurde die Lücke bereits für…
-
An APT group exploited ESET flaw to execute malware
by
in SecurityNewsAt least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow…
-
Chinese ToddyCat abuses ESET antivirus bug for malicious activities
by
in SecurityNewsA range of affected products: The flaw affects all of ESET offerings with the command line scanner which includes an array of products used by power users, IT admins, and enterprise environments.According to the advisory, the affected antivirus versions include ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, and ESET Security Ultimate 18.0.12.0…
-
CVE-2024-11859: ToddyCat Group Hides Malware in ESET’s Scanner to Bypass Security
Advanced Persistent Threat (APT) groups are constantly evolving their techniques to evade detection. Kaspersky Labs has recently uncovered a sophisticated method employed by the ToddyCat group: hiding their malicious activity within the context of legitimate security software. In early 2024, Kaspersky’s investigation into ToddyCat incidents revealed a suspicious file named >>version.dll
-
Analysen von Kaspersky – Cyberangreifer teilweise monatelang in Unternehmensnetzwerken
by
in SecurityNews
Tags: kasperskyFirst seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheitsvorfaelle-unternehmen-trends-analysen-kaspersky-a-77af7b25d4b3634443841e1eaf147cfe/
-
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Triada-Trojaner auf Android-Smartphone-Fälschungen entdeckt
by
in SecurityNewsSicherheitsforscher von Kaspersky haben eine besonders raffinierte Variante des Triada-Trojaners auf nachgeahmten Android-Smartphones entdeckt. Mehr als 2.600 Nutzer weltweit, darunter auch in Deutschland, sind betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/triada-trojaner-android-smartphone
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
by
in SecurityNews“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
by
in SecurityNewsResearchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
by
in SecurityNewsIn mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…
-
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
by
in SecurityNewsKaspersky Labs has uncovered a sophisticated cyber-espionage campaign”, dubbed Operation ForumTroll”, leveraging a previously unknown Google Chrome zero-day exploit, now First seen on securityonline.info Jump to article: securityonline.info/cve-2025-2783-chrome-zero-day-exploited-in-state-sponsored-espionage-campaign/
-
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
by
in SecurityNews
Tags: attack, browser, chrome, cve, exploit, google, kaspersky, remote-code-execution, vulnerability, zero-dayThe vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
-
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal.”Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents,” the company said. “This suggests First seen…
-
2024: 35 Prozent der Angriffe dauerten länger als einen Monat
by
in SecurityNewsCyberangriffe stellen für Unternehmen in Deutschland weiterhin eine erhebliche Herausforderung dar. Laut dem Incident Response 2024 Report von Kaspersky waren im vergangenen Jahr 69 Prozent der deutschen Unternehmen von mindestens einem Cybersicherheitsvorfall betroffen, 31 Prozent erlebten sogar mehrere Angriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/angriffe-laenger-als-einen-monat
-
Incident Response 2024 Report: 35 Prozent der Cyber-Angriffe dauerten laut Kaspersky länger als einen Monat
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/incident-response-2024-report-35-prozent-cyber-angriff-dauer-kaspersky-ein-monat
-
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users.”What’s intriguing about this malware is how much it collects,” Kaspersky said in an analysis. “It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla,…