Analysis: New Remcos RAT Arrives Via Phishing Email
By Aliakbar Zahravi (Malware Researcher) In July, we came across a phishing email purporting to be a new order notification, which contains a malicious attachment that leads to the remote access tool Remcos RAT (detected by Trend Micro as BKDR_SOCMER.SM). This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques […] more…Clop Ransomware
This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we will focus on the main […] more…Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of blockchain.[i] It appears nearly every industry is investing in, adopting, or implementing blockchain. Someone has probably told you that blockchain can completely transform […] more…On the IoT road: perks, benefits and security of moving smartly
Kaspersky has repeatedly investigated security issues related to IoT technologies (for instance, here, or here). Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that there are number of issues—look here or here. This year, we […] more…‘Twas the night before
Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that we defend customers, and research malware and intrusions, regardless of their source. […] more…How McAfee’s Paternity Leave Helped My New Family
By: Guillaume, EMEA Retail Marketing Manager, Slough, U.K. Becoming a parent is a daunting experience for anyone. The sheer amount of responsibilities can feel overwhelming and all consuming. For my husband and I, we spent an emotional and tiring 18 months working through the adoption process before becoming parents to two fully formed little humans […] more…Expanding Our Vision to Expand the Cybersecurity Workforce
I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity […] more…MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
By Daniel Lunghi and Jaromir Horejsi We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as […] more…CVE-2019-0725: An Analysis of Its Exploitability
by: John Simpson (Vulnerability Researcher) May’s Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the “wormable” Windows Terminal Services vulnerability (CVE-2019-0708). However, there’s another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) […] more…CVE-2019-11815: A Cautionary Tale About CVSS Scores
by John Simpson Vulnerabilities in the Linux kernel are not uncommon. There are roughly 26 million lines of code, with 3,385,121 lines added and 2,512,040 lines removed in 2018 alone. The sheer complexity of that much code means that vulnerabilities are bound to exist. However, what is not at all common is the existence of […] more…IT threat evolution Q1 2019. Statistics
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries across the globe. 113,640,221 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted […] more…Don’t Let Airbnb Scams Stop Your Summer Travel Plans
With summertime just around the corner, many people are planning vacations to enjoy some much-needed R&R or quality time with family and friends. Airbnb offers users a great alternative to a traditional hotel experience when they are looking to book their summer getaways. However, it appears that cybercriminals have used the popularity of the platform […] more…How to Get the Best Layered and Integrated Endpoint Protection
Security teams have historically been challenged by the choice of separate next-gen endpoint security technologies or a more integrated solution with a unified management console that can automate key capabilities. At this point it’s not really a choice at all – the threat landscape requires you to have both. The best layered and integrated defenses […] more…Protect Your Digital Life: Why Strong Passwords Matter
Over the years, our lives have become more and more digital. Think about it: 20 years ago, no one was using banking apps and social media had just barely begun coming to fruition. Now, many of us are reliant on mobile banking to pay our bills and we check our favorite social media platforms multiple […] more…What is Digital Twin Solution?
FieldTwin is a product that is able to create, as well as maintain, a digital twin across the entire life-cycle of a field. This means it can keep an exact digital copy of an oil and gas company’s physical assets. What is the benefit of this? Well, this allows producers to optimize asset performance and […] more…Large-scale SIM swap fraud
Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator’s ability to seamlessly port a telephone number […] more…More information
- Lenovo patches serious flaw in pre-installed support tool
- Does security awareness training even work?
- HPE Patches Critical Vulnerability in StoreOnce
- Stupid users, or stupid infosec?
- Use the Facebook privacy controls you have
- Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack
- Apple’s iMessage service experiencing another disruption
- Is your bank on SpyEye’s Top 40 list?
- Apple Exec Scott Forstall Fired Over Refusal To Sign Maps Apology
- Application Security Startup ArmorCode Emerges From Stealth