World Password Day: Make Passwords the Strongest Link in Your Online Security
World Password Day isn’t the most popular day on the calendar, but it’s an important reminder that good password hygiene is essential to staying safe online. This World Password Day, we’d like to talk about improving your password hygiene, how you can help your friends and family improve theirs, and what the future of authentication […] more…Doxing in the corporate sector
Introduction Doxing refers to the collection of confidential information about a person without their consent for the purpose of inflicting harm on that person or to otherwise gain some benefit from gathering or disclosing such information. Normally, doxing involves a threat to specific people, such as media personalities or participants of online discussions. However, any […] more…Affected by a Data Breach? Here Are Security Steps You Should Take
Affected by a Data Breach? Here Are Security Steps You Should Take We share personal information with companies for multiple reasons: to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. While using a credit card is convenient, it actually gives away more […] more…Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
By Jessie Huang (Mobile Threats Analyst) We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones; the video below shows […] more…Online Dating #FromHome
Online Dating #FromHome Love finds a way. And that couldn’t be more true right now. Even with so many singles keeping life close to home, dating apps have seen a big spike in downloads and usage. According to dating app Bumble, the end of March saw an 84% increase in the number of its video […] more…IT threat evolution Q1 2020
Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted […] more…Hiding in plain sight: PhantomLance walks into a market
In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims’ money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back to December […] more…Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt
Buying a car can be quite a process and requires a lot of time, energy, and research. What most potential car buyers don’t expect is to have their data exposed for all to see. But according to Threatpost, this story rings true for many prospective buyers. Over 198 million records containing personal, loan, and financial […] more…Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach
If you’re a frequent moviegoer, there’s a chance you may have used or are still using movie ticket subscription service and mobile app MoviePass. The service is designed to let film fanatics attend a variety of movies for a convenient price, however, it has now made data convenient for cybercriminals to potentially get ahold of. […] more…APT trends report Q2 2019
For two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They aim to […] more…Large-scale SIM swap fraud
Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator’s ability to seamlessly port a telephone number […] more…How To Sidestep Popular Social Scams
Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you […] more…Kaspersky Security Bulletin 2018. Top security stories
Introduction The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of […] more…Kaspersky Security Bulletin: Threat Predictions for 2019
There’s nothing more difficult than predicting. So, instead of gazing into a crystal ball, the idea here is to make educated guesses based on what has happened recently and where we see a trend that might be exploited in the coming months. Asking the most intelligent people I know, and basing our scenario on APT […] more…IT threat evolution Q2 2018
Targeted attacks and malware campaigns Operation Parliament In April, we reported the workings of Operation Parliament, a cyber-espionage campaign aimed at high-profile legislative, executive and judicial organizations around the world – with its main focus in the MENA (Middle East and North Africa) region, especially Palestine. The attacks, which started early in 2017, target parliaments, […] more…The Exactis Data Breach: What Consumers Need to Know
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was […] more…More information
- Public Advisories Fail to Convey True Impact of ICS Flaws
- The Exactis Data Breach: What Consumers Need to Know
- Microsoft Internet Explorer CVE-2012-1875 Same ID Property Remote Code Execution Vulnerability
- Blockchain to ‘radically’ transform anti-fraud, anti-money-laundering efforts
- GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks
- Wall of Fame for the #sophospuzzle – see who solved it and how fast
- CISA’s OT Attack Response Team Understaffed: GAO
- Network service disruption: Penn State Behrend
- The Age of Mass Surveillance Will Not Last Forever
- New Wave of SocGholish cid=27x Injections