Collaborate Disseminate
In this report, we discuss the new multi-platform ransomware RedAlert (aka N13V) and Monster, as well as private 1-day exploits for the CVE-2022-24521 vulnerability. Continue reading Ransomware updates & 1-day exploits
Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Continue reading IT threat evolution in Q2 2022. Non-mobile statistics
ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. Continue reading IT threat evolution Q2 2022
Kaspersky ICS CERT experts detected a wave of targeted attacks in several East European countries, as well as Afghanistan. Of the six backdoors identified on infected systems, five have been used earlier in attacks attributed to APT TA428. Continue reading Targeted attack on industrial enterprises and public institutions
Kaspersky ICS CERT experts detected a wave of targeted attacks in several East European countries, as well as Afghanistan. Of the six backdoors identified on infected systems, five have been used earlier in attacks attributed to APT TA428. Continue reading Targeted attack on industrial enterprises and public institutions
In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. Continue reading The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact
What cybercriminals charge for the data of large companies on the dark web – a review of underground forum offers by category. Continue reading How much does access to corporate infrastructure cost?
We analyze data on vulnerabilities in routers, plus malware that attacks IoT devices: Mirai, NyaDrop, Gafgyt, and other. Continue reading Router security in 2021
At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Continue reading CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Continue reading CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction