GReAT – Page 5 – WindowsTechs.com

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Posted on October 13, 2022 by GReAT

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. Continue reading Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)→

Uncommon infection and malware propagation methods

Posted on October 5, 2022 by GReAT

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. Continue reading Uncommon infection and malware propagation methods→

DeftTorero: tactics, techniques and procedures of intrusions revealed

Posted on October 3, 2022 by GReAT

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries. Continue reading DeftTorero: tactics, techniques and procedures of intrusions revealed→

Prilex: the pricey prickle credit card complex

Posted on September 28, 2022 by GReAT

Prilex is a Brazilian threat actor focusing on ATM and PoS attacks. In this report, we provide an overview of its PoS malware. Continue reading Prilex: the pricey prickle credit card complex→

Ransomware updates & 1-day exploits

Posted on August 24, 2022 by GReAT

In this report, we discuss the new multi-platform ransomware RedAlert (aka N13V) and Monster, as well as private 1-day exploits for the CVE-2022-24521 vulnerability. Continue reading Ransomware updates & 1-day exploits→

APT trends report Q2 2022

Posted on July 28, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022. Continue reading APT trends report Q2 2022→

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Posted on July 25, 2022 by GReAT

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. Continue reading CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit→

WinDealer dealing on the side

Posted on June 2, 2022 by GReAT

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. Continue reading WinDealer dealing on the side→

The Verizon 2022 DBIR

Posted on May 25, 2022 by GReAT

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. Continue reading The Verizon 2022 DBIR→

Evaluation of cyber activities and the threat landscape in Ukraine

Posted on May 17, 2022 by GReAT

With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute to broader ongoing cyber-stability discussions of threat-related insights. Continue reading Evaluation of cyber activities and the threat landscape in Ukraine→