HackDig : Dig high-quality web security articles

Targeted attack on industrial enterprises and public institutions

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several countries. In the course of our research, we were able to identify over a dozen of attacked organizations. The attack targeted industrial plants, design bureaus and research institutes, government agenc
Publish At:2022-08-08 05:10 | Read:86 | Comments:0 | Tags:APT reports APT Backdoor Cyber espionage Data theft Malware

LofyLife: malicious npm packages steal Discord tokens and bank card data

On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. Description of the proc-title package (Tra
Publish At:2022-07-28 09:07 | Read:361 | Comments:0 | Tags:Incidents Data theft JavaScript Malware Descriptions Node.js

Raccoon Stealer returns with a new bag of tricks

The popular malware Raccoon stealer, which suspended operations after a developer allegedly died in the Ukraine invasion, has returned. Raccoon stealer is malware as a service, with the developers selling it to would-be users. The operation is a tightly-run ship, to the extent that customers have digital signatures tied to their executables. If files end
Publish At:2022-06-30 11:52 | Read:440 | Comments:0 | Tags:Cybercrime data theft exfiltration malware malware as a serv

“Chemical attack” email warnings deliver Jester Stealer malware

Jester Stealer, a malicious file capable of large amounts of data theft, is on the prowl again. The Ukrainian Computer Emergency Response Team (CERT-UA) has warned of a large distribution campaign abusing a “chemical attack” theme. Receiving an email like this in the invasion-affected regions of Ukraine is likely to cause huge alarm. From bog
Publish At:2022-05-10 09:00 | Read:1778 | Comments:0 | Tags:Web threats data theft excel jesterstealer macros malware ph

Extortion scheme impersonates government officials, law enforcement

The FBI issued a public warning this week about a fraud scheme wherein scammers impersonate government officials and law enforcement personnel. According to the PSA, the scammers spoof legitimate numbers and names and use fake credentials of well-known members of the government and law enforcement agencies. The scam starts off either as a call from the &#
Publish At:2022-03-10 12:47 | Read:834 | Comments:0 | Tags:Scams data theft Erick Kron extortion fbi FBI PSA fraud psa

Mobile malware evolution 2021

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2021, Kaspersky mobile products and technologies detected: 3,464,756 malicious installation packages 97,661 new mobile banking Trojans 17,372 new mobile ransomware Trojans Trends of the year In 2021,
Publish At:2022-02-21 11:16 | Read:1965 | Comments:0 | Tags:Malware reports Adware Apple iOS Data theft Google Android M

The Winter Olympics and Cybercrime: Caution Is Urged

Hosting the Olympics is always a source of national pride for any nation chosen to do so. Whether in winter or summer, the prestige of the world’s eyes being on an event that transcends political differences and has sport at the fore is a prize many countries and regions aspire to achieve.This all sounds fantastic and at one level is exactly what is happenin
Publish At:2022-02-15 09:58 | Read:1358 | Comments:0 | Tags:Cyber Security cybercrime data theft malware Olympic Games P

Telehealth: A New Frontier in Medicine—and Security

Telehealth today doesn’t just involve chatting with a doctor via a video-conferencing application. It’s become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have only appeared in the past couple of years. Howeve
Publish At:2022-02-01 06:07 | Read:3778 | Comments:0 | Tags:Publications Cybercrime Data leaks Data theft Medical threat

The BlueNoroff cryptocurrency hunt is still on

BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to t
Publish At:2022-01-13 06:07 | Read:2864 | Comments:0 | Tags:APT reports BlueNoroff Cryptocurrencies Data theft Financial

PseudoManuscrypt: a mass-scale spyware attack campaign

In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal. In 2020, the group used Manuscrypt in attacks on defense enterprises in different countries. These attacks are described in the report “Lazarus targets defense industry with Th
Publish At:2021-12-16 07:19 | Read:2476 | Comments:0 | Tags:Industrial threats Data theft Industrial control systems Laz

APT trends report Q3 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They
Publish At:2021-10-26 08:45 | Read:2575 | Comments:0 | Tags:APT reports APT Chinese-speaking cybercrime Cyber espionage

BloodyStealer and gaming assets for sale

Earlier this year, we covered the threats related to gaming, and looked at the changes from 2020 and the first half of 2021 in mobile and PC games as well as various phishing schemes that capitalize on video games. Many of the threats faced by gamers are associated with loss of personal data, and particularly, accounts with various gaming services. This tend
Publish At:2021-09-27 08:37 | Read:3324 | Comments:0 | Tags:Research Cybercrime Darknet Data theft Gaming malware Malwar

APT trends report Q2 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They
Publish At:2021-07-29 07:58 | Read:4290 | Comments:0 | Tags:APT reports APT Chinese-speaking cybercrime Data theft Malwa

How a Resident Evil image leaked in a ransomware attack ended up in the middle of $12m copyright claim

Back in November, gaming giant Capcom suffered a ransomware attack. In its press notification, it mentioned the various types of data potentially grabbed by their attackers. Things took an ominous turn when they refused to pay the ransom, and the group behind the attack said that was the wrong move. Capcom had the chance to “save data from leakage”; they did
Publish At:2021-06-10 14:35 | Read:1577 | Comments:0 | Tags:Ransomware art breach capcom data theft devil may cry drop l

Evolution of JSWorm ransomware

Introduction Over the past few years, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. From the massive outbreaks of 2017, such as WannaCry, NotPetya, and Bad Rabbit, a lot of ransomware actors have moved to the covert but highly profitable tactic of “big-game hunting”. News of ransomware caus
Publish At:2021-05-25 04:04 | Read:1622 | Comments:0 | Tags:Malware descriptions Data Encryption Data theft Malware Desc

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud