DDoS attacks in Q2 2022

by Alexander Gutnikov, Oleg Kupreev, Yaroslav Shmelev
3 Aug 2022 at 8:00am
Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in Q1. Also, we saw the continuation of a trend that began in spring: an increase in superlong attacks.

LofyLife: malicious npm packages steal Discord tokens and bank card data

by Igor Kuznetsov, Leonid Bezvershenko
28 Jul 2022 at 12:00pm
This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign ?LofyLife?.

APT trends report Q2 2022

by GReAT
28 Jul 2022 at 10:00am
This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

by GReAT
25 Jul 2022 at 10:00am
In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.

Luna and Black Basta ? new ransomware for Windows, Linux and ESXi

by Marc Rivero, Jornt van der Wiel, Dmitry Galov, Sergey Lozhkin
20 Jul 2022 at 8:00am
This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.

Text-based fraud: from 419 scams to vishing

by Roman Dedenok
11 Jul 2022 at 8:00am
Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics.

Dynamic analysis of firmware components in IoT devices

by Sergey Anufrienko
6 Jul 2022 at 10:00am
We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task.

The SessionManager IIS backdoor

by Pierre Delcher
30 Jun 2022 at 8:00am
In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

The hateful eight: Kaspersky?s guide to modern ransomware groups? TTPs

by Nikita Nazarov, Vasily Davydov, Natalya Shornikova, Vladislav Burtsev, Danila Nasonov
23 Jun 2022 at 10:00am
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.

APT ToddyCat

by Giampaolo Dedola
21 Jun 2022 at 10:00am
ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ?Samurai backdoor? and ?Ninja Trojan?.

powered by dotcombinat


TOP Referrer

TOP Downloads

Mac OSX Widget



spam shirt

Partner Sites