Tag: kaspersky

IronHusky APT Resurfaces with Evolved MysterySnail RAT

Apr 18, 2025 5:28 AM

Tags: apt, kaspersky, rat

In a newly released report, Kaspersky’s Global Research and Analysis Team (GReAT) has revealed the resurgence of IronHusky, First seen on securityonline.info Jump to article: securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2

Apr 16, 2025 6:28 PM

Tags: access, api, business, cloud, control, cryptography, data, defense, edr, encryption, exploit, framework, group, Hardware, kaspersky, malicious, malware, microsoft, mitre, monitoring, network, reverse-engineering, service, technology, threat, tool, update, windows

This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
Kaspersky Shares 12 Essential Tips for Messaging App Security and Privacy

Apr 14, 2025 9:33 AM

Tags: cyber, cybersecurity, kaspersky, privacy

In an era where instant messaging apps like WhatsApp, Telegram, Signal, iMessage, Viber, and WeChat dominate personal and professional communication, digital privacy and security have never been more critical. To help users keep their accounts secure and private, cybersecurity experts at Kaspersky have shared 12 simple yet effective tips for safe messaging practices. Here’s a…
Ransomware-Attacken stoßen in Windows-Lücke

Apr 10, 2025 3:06 PM

Tags: access, backdoor, bug, cve, cvss, cyberattack, exploit, kaspersky, malware, microsoft, ransomware, update, vulnerability, windows

Cyberkriminelle missbrauchen eine Sicherheitslücke in Windows, um eine Backdoor-Malware und Ransomware einzuschleusen.Sicherheitsforscher von Microsoft haben eine Schwachstelle im CLFS-Treiber (Common Log File System) von Windows entdeckt, die Angreifern Systemrechte verleiht. Sie wird als CVE-2025-29824 geführt, die mit einem CVSS-Wert von 7,8 über einen hohen Schweregrad verfügt.Laut einem Blogbeitrag der Forscher wurde die Lücke bereits für…
An APT group exploited ESET flaw to execute malware

Apr 10, 2025 2:06 PM

Tags: apt, exploit, flaw, group, kaspersky, malware, software, vulnerability

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow…
Chinese ToddyCat abuses ESET antivirus bug for malicious activities

Apr 8, 2025 2:42 PM

Tags: advisory, antivirus, business, china, endpoint, flaw, Internet, kaspersky, malicious, tool, windows

A range of affected products: The flaw affects all of ESET offerings with the command line scanner which includes an array of products used by power users, IT admins, and enterprise environments.According to the advisory, the affected antivirus versions include ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, and ESET Security Ultimate 18.0.12.0…
CVE-2024-11859: ToddyCat Group Hides Malware in ESET’s Scanner to Bypass Security

Apr 8, 2025 5:45 AM

Tags: cve, group, kaspersky, malicious, malware, threat

Advanced Persistent Threat (APT) groups are constantly evolving their techniques to evade detection. Kaspersky Labs has recently uncovered a sophisticated method employed by the ToddyCat group: hiding their malicious activity within the context of legitimate security software. In early 2024, Kaspersky’s investigation into ToddyCat incidents revealed a suspicious file named >>version.dll
Analysen von Kaspersky – Cyberangreifer teilweise monatelang in Unternehmensnetzwerken

Apr 4, 2025 2:42 PM

Tags: kaspersky

First seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheitsvorfaelle-unternehmen-trends-analysen-kaspersky-a-77af7b25d4b3634443841e1eaf147cfe/
New Trinda Malware Targets Android Devices by Replacing Phone Numbers During Calls

Apr 3, 2025 3:42 PM

Tags: android, cyber, firmware, kaspersky, malware, phone, risk, unauthorized

Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware targeting Android devices. This variant has been found pre-installed in the firmware of counterfeit smartphones mimicking popular models, often sold at discounted prices through unauthorized online stores. The malware poses significant risks to users, with more than 2,600 cases reported globally,…
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices

Apr 3, 2025 10:42 AM

Tags: android, infection, kaspersky, malware, phone, russia

Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
New Triada Trojan comes preinstalled on Android devices

Apr 3, 2025 7:42 AM

Tags: android, data, infection, kaspersky, malware, russia, theft

A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
Triada-Trojaner auf Android-Smartphone-Fälschungen entdeckt

Apr 2, 2025 12:55 PM

Tags: android, germany, kaspersky

Sicherheitsforscher von Kaspersky haben eine besonders raffinierte Variante des Triada-Trojaners auf nachgeahmten Android-Smartphones entdeckt. Mehr als 2.600 Nutzer weltweit, darunter auch in Deutschland, sind betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/triada-trojaner-android-smartphone
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit

Mar 27, 2025 3:34 PM

Tags: attack, browser, chrome, espionage, exploit, google, kaspersky, russia, zero-day

“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
Google Hastily Patches Chrome Zero-Day Exploited by APT

Mar 26, 2025 8:35 PM

Tags: apt, attack, browser, chrome, cyber, espionage, exploit, google, kaspersky, phishing, vulnerability, zero-day

Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections

Mar 26, 2025 1:13 PM

Tags: apt, attack, browser, chrome, cyber, email, exploit, google, hacker, kaspersky, malicious, phishing, zero-day

In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign

Mar 26, 2025 12:14 AM

Tags: browser, chrome, cve, cyber, espionage, exploit, google, kaspersky, zero-day

Kaspersky Labs has uncovered a sophisticated cyber-espionage campaign”, dubbed Operation ForumTroll”, leveraging a previously unknown Google Chrome zero-day exploit, now First seen on securityonline.info Jump to article: securityonline.info/cve-2025-2783-chrome-zero-day-exploited-in-state-sponsored-espionage-campaign/
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky

Mar 26, 2025 12:14 AM

Tags: attack, browser, chrome, cve, exploit, google, kaspersky, remote-code-execution, vulnerability, zero-day

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
Privacy Roundup: Week 12 of Year 2025

Mar 24, 2025 6:13 PM

Tags: access, antivirus, apple, attack, breach, cctv, credentials, crypto, cybersecurity, data, detection, exploit, firmware, google, government, group, iran, kaspersky, korea, leak, linux, malicious, malware, mfa, microsoft, mobile, network, north-korea, password, phishing, privacy, programming, regulation, router, russia, scam, service, software, spyware, startup, technology, threat, tool, unauthorized, virus, vpn, vulnerability, wifi, windows

This is a news item roundup of privacy or privacy-related news items for 16 MAR 2025 – 22 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

Mar 21, 2025 1:13 PM

Tags: attack, control, kaspersky, russia, threat, tool

Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal.”Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents,” the company said. “This suggests First seen…
2024: 35 Prozent der Angriffe dauerten länger als einen Monat

Mar 21, 2025 12:13 PM

Tags: cyberattack, germany, incident response, kaspersky

Cyberangriffe stellen für Unternehmen in Deutschland weiterhin eine erhebliche Herausforderung dar. Laut dem Incident Response 2024 Report von Kaspersky waren im vergangenen Jahr 69 Prozent der deutschen Unternehmen von mindestens einem Cybersicherheitsvorfall betroffen, 31 Prozent erlebten sogar mehrere Angriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/angriffe-laenger-als-einen-monat
Incident Response 2024 Report: 35 Prozent der Cyber-Angriffe dauerten laut Kaspersky länger als einen Monat

Mar 21, 2025 8:13 AM

Tags: cyber, cyberattack, incident response, kaspersky

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/incident-response-2024-report-35-prozent-cyber-angriff-dauer-kaspersky-ein-monat
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

Mar 20, 2025 5:13 PM

Tags: kaspersky, malware, network, russia, vpn

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users.”What’s intriguing about this malware is how much it collects,” Kaspersky said in an analysis. “It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla,…
31 Prozent der Cyberangriffe erfolgen über kompromittierte Accounts

Mar 14, 2025 1:52 PM

Tags: cyberattack, kaspersky

Cyberkriminelle setzen verstärkt auf gestohlene, aber gültige Account-Daten, um ihre Angriffe zu starten. Eine aktuelle Analyse von Kaspersky zeigt, dass im vergangenen Jahr in 31 Prozent der Sicherheitsvorfälle legitime Accounts den ersten Angriffspunkt darstellten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cyberangriff-kompromittierte-account
SideWinder APT targets maritime and nuclear sectors with enhanced toolset

Mar 11, 2025 1:54 PM

Tags: apt, group, kaspersky, middle-east

The APT group SideWinder targets maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. Kaspersky researchers warn that the APT group SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) is targeting maritime, logistics, nuclear, telecom, and IT sectors across South Asia, Southeast Asia, the Middle East, and Africa. SideWinder(also…
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Mar 11, 2025 9:54 AM

Tags: apt, attack, group, kaspersky, middle-east, threat

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear…
APT-Gruppe Sidewinder zielt auf Atomkraftwerke ab

Mar 10, 2025 3:54 PM

Tags: apt, kaspersky, threat

Laut aktuellen Analysen von Kaspersky hat die berüchtigte Advanced-Persistent-Threat (APT) -Gruppe ihre Angriffsstrategien angepasst und ihre geografischen Ziele ausgeweitet. Im Rahmen der jüngsten Spionagekampagne richtet sich Sidewinder nun auch gegen Atomkraftwerke und Energieeinrichtungen. Betroffene Unternehmen finden sich überwiegend in Afrika und Südostasien, aber auch in Teilen Europas, darunter Österreich. Sidewinder ist seit mindestens 2012 […]…
SideWinder greift jetzt auch Atomkraftwerke an

Mar 10, 2025 1:54 PM

Tags: kaspersky, threat

Die berüchtigte Advanced Persistent Threat (APT)-Gruppe SideWinder hat ihre Angriffstaktiken verfeinert und ihre geografische Reichweite erheblich ausgeweitet. Laut aktuellen Analysen von Kaspersky nimmt die Gruppe nun gezielt Atomkraftwerke und Energieeinrichtungen ins Visier. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/sidewinder-atomkraftwerke
Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Mar 10, 2025 12:53 PM

Tags: crypto, Internet, kaspersky, malware, russia, tool, windows

Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. Kaspersky researchers discovered a mass malware campaign spreading SilentCryptoMiner by disguising it as a tool to bypass internet restrictions. While investigating the increased use of Windows Packet Divert (WPD) tools by crooks to distribute malware under this pretense, the researchers spotted the…
SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools

Mar 10, 2025 5:53 AM

Tags: crypto, cybercrime, cybersecurity, Internet, kaspersky, malware, russia, tool, vpn, windows

A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services.Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware…
Banking-Trojaner auf Android-Smartphones explodieren um 196 %

Mar 4, 2025 6:34 PM

Tags: android, banking, kaspersky, network

Kaspersky Security Network weist auf einen deutlichen Anstieg von Banking-Trojanern um 196 % im Jahr 2024 auf Android-Smartphones hin. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/online-betrug/banking-trojaner-auf-android-smartphones-explodieren-um-196-311126.html