News


  • Incident response analyst report 2020

    September 13, 2021

    The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or ...

  • Brazil debates creation of national strategy to tackle cybercrime

    September 13, 2021

    Amid growing concerns about increasing threats in the cybersecurity space, the Brazilian government and the banking sector are discussing the creation of a strategy to address crime in digital environments. The president at the Brazilian Federation of Banks (FEBRABAN), Isaac Sidney, and the Minister of Justice and Public Security, Anderson Torres, have started negotiations for the ...

  • Cybersecurity: Rising risk for airlines

    September 13, 2021

    After remaking their security procedures following the 9/11 attacks to stop airline hijackings, carriers are now faced with rising threats targeting computers and electronic equipment critical to their operations and safety. Since the tragedy 20 years ago on Saturday, airlines and airports have fortified cockpits, barred sharp objects in carry-on luggage and improved technology to ...

  • APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs

    September 13, 2021

    In 2019, Trend Micro researchers wrote a blog entry about a threat actor, likely based in Colombia, targeting entities in Colombia and other South American countries with spam emails. This threat actor is sometimes referred to as APT-C-36 or Blind Eagle. Since then, we have continued tracking this threat actor. In this blog entry, we ...

  • BlackMatter ransomware hits medical technology giant Olympus

    September 13, 2021

    Olympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries. The company’s camera, audio recorder, and binocular divisions ...

  • Windows MSHTML zero-day exploits shared on hacking forums

    September 12, 2021

    Threat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a ...

  • REvil ransomware is back in full attack mode and leaking data

    September 11, 2021

    The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. Since 2019, the REvil ransomware operation, aka Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files. While in ...

  • Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

    September 11, 2021

    Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. Vice Society, one of the newer ransomware groups, debuted in June and made a name for themselves by ...

  • Stolen Credentials Led to Data Theft at United Nations

    September 10, 2021

    A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to “further attacks” ...

  • SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

    September 10, 2021

    A new Android banking trojan named SOVA (“owl” in Russian) is under active development, researchers said, and it has big dreams even in its infancy stage. The malware is looking to incorporate distributed denial of service (DDoS), man in the middle (MiTM) and ransomware functionality into its arsenal – on top of existing banking overlay, ...

  • Ukrainian man extradited to the US to face botnet, data theft charges

    September 10, 2021

    A Ukrainian man was arrested in Poland and extradited to the US to face charges as an alleged botnet operator. The US Department of Justice (DoJ) said this week that Glib Oleksandr Ivanov-Tolpintsev was taken into custody in Korczowa, Poland, on October 3 last year. As the US and Poland have an extradition treaty, the 28-year-old was ...

  • Virginia National Guard confirms cyberattack hit Virginia Defense Force email accounts

    September 9, 2021

    Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs were impacted by a cyberattack in July, according to a spokesperson from the Virginia National Guard. A. A. Puryear, chief of public affairs for the Virginia National Guard, told ZDNet that the organization was notified in July about a possible cyber ...

  • Hackers leak passwords for 500,000 Fortinet VPN accounts

    September 8, 2021

    A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. This leak is a serious incident as the VPN ...

  • AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle

    September 8, 2021

    AT&T’s Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems – and which is turning target devices into cryptocurrency miners. Described by Alien Labs researcher Ofer Caspi as “one of the most active threat groups since 2020,” TeamTNT is known ...

  • Russia’s Yandex suffers biggest cyberattack yet

    September 8, 2021

    Russian Internet corporation Yandex revealed on Tuesday that the company’s servers experienced the biggest known denial-of-service (DDoS) attack in Russia’s online space last weekend. Cloudflare, an American web infrastructure firm and a partner of Yandex confirmed the record large scale of the cyberattack. The spokesperson for Russia’s tech giant mentioned that a part of the nation’s ...

  • How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users

    September 7, 2021

    When Mark Zuckerberg unveiled a new “privacy-focused vision” for Facebook in March 2019, he cited the company’s global messaging service, WhatsApp, as a model. Acknowledging that “we don’t currently have a strong reputation for building privacy protective services,” the Facebook CEO wrote that “I believe the future of communication will increasingly shift to private, encrypted ...

  • Ragnar Locker Gang Warns Victims Not to Call the FBI

    September 7, 2021

    All that the FBI/ransomware negotiators/investigators do is muck things up, so we’re going to publish your stuff if you call for help, the Ragnar Locker ransomware gang announced on its darknet data-leak site. In an announcement posted this week and seen by Bleeping Computer, the ransomware operators threatened to publish all the data of victimized organizations ...

  • Miscreants fling booby-trapped Office files at victims, no patch yet, says Microsoft

    September 7, 2021

    In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. The vulnerability, CVE-2021-40444, is described as a hole in MSHTML, Internet Explorer’s browser engine. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing ...

  • Netgear Smart Switches Open to Complete Takeover

    September 7, 2021

    Three severe Netgear vulnerabilities, codenamed Demon’s Cries, Draconian Fear and Seventh Inferno by the researcher that found them, affect 20 of the company’s managed smart switches and could allow an attacker to take them over. The bugs were patched on Friday with zero technical details made available, but the researcher has now released more details on ...

  • REvil ransomware group resurfaces after brief hiatus

    September 7, 2021

    The operators behind the REvil ransomware group have resurfaced after allegedly closing shop following the widespread attack on Kaseya that caused thousands of victims on July 4. Security researchers said all of the dark web sites for the prolific ransomware group — including the payment site, the group’s public site, the ‘helpdesk’ chat and their negotiation ...