Scientific research of hardware vulnerabilities often paints captivating espionage scenarios, and a recent study by researchers from universities in the United States and China is no exception. They found a way to steal data from surveillance cameras by analyzing their stray electromagnetic emissions — aptly naming the attack EM Eye. Reconstructing information from stray emissions Let’s imagine a scenario: a secret room in a hotel with restricted access is hosting confidential negotiations, with the identities of the folks in attendance in this room also deemed sensitive information. There’s a ..read more

Every day, millions of ordinary internet users grant usage of their computers, smartphones, or home routers to complete strangers — whether knowingly or not. They install proxyware — a proxy server that accepts internet requests from these strangers and forwards them via the internet to the target server. Access to such proxyware is typically provided by specialized companies, which we’ll refer to as residential proxy providers (RPPs) in this article. While some businesses utilize RPP services for legitimate purposes, more often their presence on work computers indicates illicit activity. RPPs ..read more

We’ve decided to revise our portfolio and make it as seamless and customer-friendly as possible. This post explains what exactly we’re changing and why. The evolution of protection As the threat landscape constantly changes — so do corporate security needs in response. Just a decade ago, the only tool required to protect a company against most cyberattacks was an endpoint protection platform (EPP). Since then, attackers’ methods have grown ever more sophisticated — to the point where simply scanning workstations and servers is no longer sufficient to detect malicious activity. Modern cyberatta ..read more

Over the past 18 months or so, we seem to have lost the ability to trust our eyes. Photoshop fakes are nothing new, of course, but the advent of generative artificial intelligence (AI) has taken fakery to a whole new level. Perhaps the first viral AI fake was the 2023 image of the Pope in a white designer puffer jacket, but since then the number of high-quality eye deceivers has skyrocketed into the many thousands. And as AI develops further, we can expect more and more convincing fake videos in the very near future. One of the first deepfakes to go viral worldwide: the Pope sporting a trendy ..read more

Peeking into someone’s personal diaries or notebooks has always been seen as an invasion of privacy. And since to-do lists and diaries went digital, it’s not just nosy friends you have to worry about — tech companies are in on the action too. They used to pry into your documents to target you with ads, but now there’s a new game in town: using your data to train AI. Just in the past few weeks, we learned that Reddit, Tumblr, and even DocuSign are using or selling texts generated by their users to train large language models. And in light of recent years’ large-scale ransomware incidents, hacki ..read more

Episode 341 of the Transatlantic Cable podcast kicks off with news that a data broker leak has revealed sensitive data about people who visited the infamous island. From there, the team discuss news that the UN peace keepers are being told to shore up their cyber-defences, after warnings that nation-state attackers are actively looking to target them. To wrap up the team discuss look at a story which is itself baffling: one of the world’s most wanted men is leaving restaurant reviews on Google, and has done for the last 5 years. The second story is around Elon Musk’s Nuralink project, with the ..read more

The esports industry is booming: prize pools for top tournaments have long surpassed $10 million, with peak online viewership exceeding one million. This naturally attracts hackers, who typically either steal game source-code or target individual gamers. Recently, cyberattacks have gone beyond the pale: hackers disrupted a major Apex Legends tournament. This post explores why gamers need cybersecurity, and how they can get it. What happened During the final match of the North American leg of the Apex Legends Global Series (ALGS) tournament between the Dark Zero and Luminosity teams, a cheat co ..read more

We could bang on forever about the advantages of our protection: its speed, cutting-edge tech stack, and incredible threat neutralization. But it’s better to just let independent tests speak for themselves. Throughout 2023, Kaspersky participated in (precisely!) 100 independent tests and reviews, with its products being awarded 93 firsts and 94 top-3 finishes — achieving its highest annual result ever. Our protection is unmatched according to independent researchers, and no other security vendor comes even close to such an abundance of awards. (Our protection for home users received the highes ..read more

Unknown actors have implanted malicious code into versions 5.6.0 and 5.6.1 of the open source compression tools set XZ Utils. To make matters worse, trojanized utilities have managed to find their way into several popular builds of Linux released this March, so this incident could be regarded as a supply-chain attack. This vulnerability has been assigned CVE-2024-3094. What makes this malicious implant so dangerous? Initially, various researchers claimed that this backdoor allowed attackers to bypass sshd (the OpenSSH server process) authentication, and remotely gain unauthorized access to the ..read more

In mid-March, researchers from several U.S. universities published a paper demonstrating a hardware vulnerability in Apple’s “M” series CPUs. These CPUs, based on the ARM architecture and designed by Apple, power most of its newer laptops and desktops, as well as some iPad models. The issue could potentially be exploited to break encryption algorithms. The attack that uses this vulnerability was dubbed “GoFetch”. The combination of a juicy topic and a big-name manufacturer like Apple led to this highly technical paper being picked up by a wide range of media outlets — both technical and not so ..read more