DinodasRAT Linux implant targeting entities worldwide
Securelist
by Anderson Leite, Lisandro Ubiedo
2w ago
DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a target’s computer. A Windows version of this RAT was used in attacks against government entities in Guyana, and documented by ESET researchers as Operation Jacana. In early October 2023, after the ESET publication, we discovered a new Linux version of DinodasRAT. Sample artifacts suggest that this version (V10 according to the attackers’ versioning system) may have started operating in 2022, al ..read more
Visit website
Android malware, Android malware and more Android malware
Securelist
by GReAT
3w ago
Introduction Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case. Among the mobile platforms, Android remains the most popular target operating system for cybercriminals. Last month, we wrote a total of four private crimeware reports on Android malware, three of which are summarized below. To learn more about our crimeware reporting service, you can contact us at ..read more
Visit website
Threat landscape for industrial automation systems. H2 2023
Securelist
by Kaspersky ICS CERT
3w ago
Global statistics across all threats In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year Selected industries In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only industry to see a slight (0.5 pp) increase in the second half of the year. Percentage of ICS computers on which malicious object ..read more
Visit website
A patched Windows attack surface is still exploitable
Securelist
by Elsayed Elrefaei, Ashraf Refaat, Kaspersky GERT
1M ago
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of this attack surface, according to a 2015 blog, is the ability of a normal user account to replace the original C:\ drive with a fake one by placing a symlink for the system drives in the device map for each login session. This fake drive will be followed by the kernel during impersonation instead ..read more
Visit website
What’s in your notepad? Infected text editors target Chinese users
Securelist
by Sergey Puzan
1M ago
“Malvertising” is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts discussed a malvertising campaign that spread the RedLine stealer via Google Ads. Using typosquatting and other techniques, the attackers tried to make their resources look as similar as possible to the official websites of popular programs. This time, a similar threat has affected users of one of the mos ..read more
Visit website
The State of Stalkerware in 2023–2024
Securelist
by Kaspersky
1M ago
The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on smartphone devices, enabling a perpetrator to monitor an individual’s private life without their knowledge. Stalkerware requires physical access to be installed, but our report also looks at a range of remote technology that can be used for nefarious purposes. Once installed, stalkerware makes it possib ..read more
Visit website
Top 10 web application vulnerabilities in 2021–2023
Securelist
by Oxana Andreeva, Kaspersky Security Services
1M ago
To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilities was different. Being curious, we decided to find out just how big the difference was. That’s why we set up our own rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. Profile of participants and ..read more
Visit website
Spam and phishing in 2023
Securelist
by Tatyana Kulikova, Olga Svistunova, Andrey Kovtun, Irina Shimko, Roman Dedenok
1M ago
The year in figures 45.60% of all email sent worldwide and 46.59% of all email sent in the Runet (the Russian web segment) was spam 31.45% of all spam email was sent from Russia Kaspersky Mail Anti-Virus blocked 135,980,457 malicious email attachments Our Anti-Phishing system thwarted 709,590,011 attempts to follow phishing links SafeMessaging feature in Kaspersky mobile solutions prevented more than 62,000 redirects via phishing links from Telegram Phishing and scams in 2023 Hunting gamers In 2023, as before, cybercriminals disguised their attacks on gamers as lucrative offers by the gamin ..read more
Visit website
Network tunneling with… QEMU?
Securelist
by Grigory Sablin, Alexander Rodchenko, Kirill Magaskin
1M ago
Cyberattackers tend to give preference to legitimate tools when taking various attack steps, as these help them evade detection systems while keeping malware development costs down to a minimum. Network scanning, capturing a process memory dump, exfiltrating data, running files remotely, and even encrypting drives — all these can be done with trusted software. To gain a foothold inside a compromised infrastructure and develop the attack, adversaries can use previously installed malware or connect to the network along with employees through the company’s RDP servers or corporate VPN (to do thi ..read more
Visit website
An educational robot security research
Securelist
by Nikolay Frolov
1M ago
In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing more and more models that can also be called “smart.” For instance, educational robots that connect to the internet and support video calls. Our colleagues kindly provided us with a robot like that for research purposes, as they wanted to ensure that the toy their children played with was sufficiently protected against cyberthreats ..read more
Visit website

Follow Securelist on FeedSpot

Continue with Google
Continue with Apple
OR