Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing...
Selecting the right MSSP: Guidelines for making an objective decision
Managed Security Service Providers (MSSPs) have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market,...
Financial cyberthreats in 2022
Financial gain remains the key driver of cybercriminal activity. In the past year, we’ve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware...
Copy-paste heist or clipboard-injector attacks on cryptousers
It is often the case that something new is just a reincarnation of something old. We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting...
How scammers employ IPFS for email phishing
The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some...
Understanding metrics to measure SOC effectiveness
The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs...
Developing an incident response playbook
An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is...
Bad magic: new APT found in the area of Russo-Ukrainian conflict
Since the start of the Russo-Ukrainian conflict, Kaspersky researchers and the international community at large have identified a significant number of cyberattacks executed in a political and geopolitical context. We previously...
Business on the dark web: deals and regulatory mechanisms
Download the full version of the report (PDF)
Hundreds of deals are struck on the dark web every day: cybercriminals buy and sell data, provide illegal services to one another, hire other...
Malvertising through search engines
In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys...
- Advertisement -
APLICATIONS
Alleged Zoom Zero-Days for Windows, MacOS for Sale, Report
Alleged Windows flaw allows for remote code execution and is being flogged for $500,000.
Source: Threadpost
