Tag: kaspersky
-
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries.”A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. “The malicious functionality of…
-
New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721
A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in…
-
Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
BO Team, also known as Black Owl, has been active since early 2024 and appears to operate independently, with its own arsenal of tools and tactics, researchers at Russian cybersecurity firm Kaspersky said. First seen on therecord.media Jump to article: therecord.media/pro-ukraine-hacker-group-black-owl-major-threat-russia
-
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
Tags: api, attack, container, crypto, cyber, cybersecurity, data-breach, docker, exploit, infrastructure, kaspersky, malicious, malwareA novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to transform compromised containers into “zombies” that mine cryptocurrency and infect new victims. The campaign, detected…
-
Hackers Target Industrial Automation Systems Using Over 11,600 Malware Variants
Tags: attack, automation, control, cyber, hacker, infrastructure, kaspersky, malware, technology, threatHackers are stepping up their attacks on Industrial Control Systems (ICS) in the first quarter of 2025, employing an arsenal of 11,679 different malware families. This is a worrying development for industrial cybersecurity. According to a Kaspersky security solutions Report, the persistence of cyber threats targeting operational technology (OT) infrastructures remains a critical issue. While…
-
Warum 2025 das bisher gefährlichste Jahr werden wird
Am 12. Mai fand der Anti-Ransomware-Tag statt, eine von INTERPOL und Kaspersky ins Leben gerufene globale Sensibilisierungsinitiative, die an eine der erfolgreichsten Cyber-Attacken der Geschichte erinnert: die WannaCry-Attacke im Jahr 2017. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/2025-das-gefaehrlichste-jahr
-
Ransomware Reloaded Warum 2025 das bisher gefährlichste Jahr werden wird
Am 12. Mai findet der Anti-Ransomware-Tag statt, eine von Interpol und Kaspersky ins Leben gerufene globale Sensibilisierungsinitiative, die an eine der erfolgreichsten Cyber-Attacken der Geschichte erinnert: die WannaCry-Attacke im Jahr 2017. Innerhalb weniger Stunden fegte die Ransomware-Kampagne über den Globus, legte Krankenhäuser in Großbritannien lahm, stoppte Produktionsstraßen und unterbrach wichtige Dienste auf fast allen Kontinenten.…
-
Ransomware Reloade Warum 2025 das bisher gefährlichste Jahr werden wird
Am 12. Mai findet der Anti-Ransomware-Tag statt, eine von Interpol und Kaspersky ins Leben gerufene globale Sensibilisierungsinitiative, die an eine der erfolgreichsten Cyber-Attacken der Geschichte erinnert: die WannaCry-Attacke im Jahr 2017. Innerhalb weniger Stunden fegte die Ransomware-Kampagne über den Globus, legte Krankenhäuser in Großbritannien lahm, stoppte Produktionsstraßen und unterbrach wichtige Dienste auf fast allen Kontinenten.…
-
Kaspersky Alerts on AI-Driven Slopsquatting as Emerging Supply Chain Threat
Tags: ai, cyber, cybersecurity, kaspersky, microsoft, programming, risk, software, supply-chain, threat, vulnerabilityCybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the widespread adoption of AI-generated code. As AI assistants increasingly participate in software development-with Microsoft CTO Kevin Scott predicting AI will write 95% of code within five years-a phenomenon called >>slopsquatting
-
Ransomware-as-a-Service (RaaS) Emerges as a Leading Framework for Cyberattacks
Tags: attack, cyber, cyberattack, data, detection, framework, international, kaspersky, network, ransomware, serviceRansomware-as-a-Service (RaaS) has solidified its position as the dominant framework driving ransomware attacks in 2024, according to the latest insights from Kaspersky ahead of International Anti-Ransomware Day on May 12. Kaspersky Security Network data reveals an 18% drop in ransomware detections from 5,715,892 in 2023 to 4,668,229 in 2024, yet the share of affected users…
-
Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware
The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by Kaspersky, reveal the group’s evolving tactics. Sophisticated Threat Targets Weak SSH Credentials The attackers target…
-
Cybercriminals Use GetShared to Sneak Malware Through Enterprise Shields
Cybercriminals are increasingly leveraging legitimate file-sharing platforms like GetShared to bypass enterprise email security systems. A recent case involving a former colleague, previously employed at Kaspersky, highlights this emerging threat. The individual received an authentic-looking email notification from GetShared, a genuine service for transferring large files, claiming that a file named >>DESIGN LOGO.rar
-
Kaspersky calls for cyber immunity amid growing cyber threats
The rise of professional cyber crime groups and state-sponsored actors targeting critical infrastructure requires a move towards inherently secure ‘cyber immune’ systems, says Kaspersky CEO Eugene Kaspersky First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623294/Kaspersky-calls-for-cyber-immunity-amid-growing-cyber-threats
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Erodiert die Security-Reputation der USA?
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
IronHusky APT Resurfaces with Evolved MysterySnail RAT
In a newly released report, Kaspersky’s Global Research and Analysis Team (GReAT) has revealed the resurgence of IronHusky, First seen on securityonline.info Jump to article: securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
Kaspersky Shares 12 Essential Tips for Messaging App Security and Privacy
In an era where instant messaging apps like WhatsApp, Telegram, Signal, iMessage, Viber, and WeChat dominate personal and professional communication, digital privacy and security have never been more critical. To help users keep their accounts secure and private, cybersecurity experts at Kaspersky have shared 12 simple yet effective tips for safe messaging practices. Here’s a…
-
Ransomware-Attacken stoßen in Windows-Lücke
Tags: access, backdoor, bug, cve, cvss, cyberattack, exploit, kaspersky, malware, microsoft, ransomware, update, vulnerability, windowsCyberkriminelle missbrauchen eine Sicherheitslücke in Windows, um eine Backdoor-Malware und Ransomware einzuschleusen.Sicherheitsforscher von Microsoft haben eine Schwachstelle im CLFS-Treiber (Common Log File System) von Windows entdeckt, die Angreifern Systemrechte verleiht. Sie wird als CVE-2025-29824 geführt, die mit einem CVSS-Wert von 7,8 über einen hohen Schweregrad verfügt.Laut einem Blogbeitrag der Forscher wurde die Lücke bereits für…
-
An APT group exploited ESET flaw to execute malware
At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow…
-
Chinese ToddyCat abuses ESET antivirus bug for malicious activities
A range of affected products: The flaw affects all of ESET offerings with the command line scanner which includes an array of products used by power users, IT admins, and enterprise environments.According to the advisory, the affected antivirus versions include ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, and ESET Security Ultimate 18.0.12.0…
-
CVE-2024-11859: ToddyCat Group Hides Malware in ESET’s Scanner to Bypass Security
Advanced Persistent Threat (APT) groups are constantly evolving their techniques to evade detection. Kaspersky Labs has recently uncovered a sophisticated method employed by the ToddyCat group: hiding their malicious activity within the context of legitimate security software. In early 2024, Kaspersky’s investigation into ToddyCat incidents revealed a suspicious file named >>version.dll
-
Analysen von Kaspersky – Cyberangreifer teilweise monatelang in Unternehmensnetzwerken
Tags: kasperskyFirst seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheitsvorfaelle-unternehmen-trends-analysen-kaspersky-a-77af7b25d4b3634443841e1eaf147cfe/
-
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Triada-Trojaner auf Android-Smartphone-Fälschungen entdeckt
Sicherheitsforscher von Kaspersky haben eine besonders raffinierte Variante des Triada-Trojaners auf nachgeahmten Android-Smartphones entdeckt. Mehr als 2.600 Nutzer weltweit, darunter auch in Deutschland, sind betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/triada-trojaner-android-smartphone