All posts

Malware propagation methods

Although malware most often infiltrates corporate infrastructure through e-mail, it’s not the only infection method.

The NullMixer dropper, in the guise of pirated software and cracks, delivers downloaders, stealers, bankers and spyware onto victims’ computers

NullMixer: multiple malware in one

We explain how the NullMixer dropper can download numerous Trojans onto a device.

Vulnerable updates in Cisco enterprise software

How even high-end solutions for business can have “childish” bugs in their update delivery systems.

A 15-year-old vulnerability in the tarfile module poses a threat to many programs.

The dangers of 15-year-old vulnerabilities

The developers of a run-of-the-mill Python module recently found out why old unpatched vulnerabilities can be dangerous.

Crypto, really. Part II: non-fungible tokens

In this second part of the series, we’re going to dive deep into Ethereum and its novelties: smart-contracts, DAOs and NFTs.

Might your ex-employees still have access to corporate data?

Are you sure your former colleagues don’t have access to corporate data or systems?

Trojan-stealer discovered in spam mailouts to businesses

Cybercriminals are sending to companies high-quality imitations of business letters with a spy trojan in the attachment.

A slew of apps containing the Harly Trojan subscriber have been found on Google Play, adding up to more than 4.8 million downloads

Harly: another Trojan subscriber on Google Play

We explain how the Harly Trojan subscriber targets Android users.

Global Transparency Initiative update: September 2022

Kaspersky Transparency Initiative update, September 2022

Introducing our new Transparency Center format and the opening of two more facilities in Europe.

Introducing: Kaspersky EDR Optimum

Kaspersky Endpoint Detection and Response Optimum – superior enterprise-cybersecurity, with no fluff.

Where did that game cheats video on your YouTube channel come from?

The RedLine Trojan stealer spreads under the guise of cheats for popular games and posts videos on victims’ YouTube channels with a link to itself in the description.

Microsoft patches 64 vulnerabilities, one being exploited

Patches for 64 vulnerabilities in Microsoft products released

It’s time to update! Microsoft patches 64 vulnerabilities in a variety of products and components — from Windows and Office to Defender and Azure.

A Genshin Impact driver weaponized as an attack tool

Weaponizing game code to attack a company

An unusual case of an attack executed by weaponizing legit video game code.

What are the dangers of browser extensions?

Browser extensions: more dangerous than you think

Using the most common families of malicious extensions as an example, we explain what can go wrong after installing a browser plug-in.

A Zoom vulnerability, and the war between the hackers and the developers

Takeaway from DEF CON 30: vulnerability in Zoom for macOS.

Key findings and tips from the GERT report

Hot off the press: a new study into “the nature of cyber incidents”

Highlights from “The nature of cyber incidents” report by the Kaspersky GERT team.

Three approaches to structuring and alert processing in a SOC

How to distribute SOC tasks to tackle both the cybersecurity skills shortage and burnout.

Is the social network Poparazzi a threat to privacy?

“To pop, or not to pop — that is the question”

How things are privacy-wise on the social network Poparazzi.

What a threat-intelligence platform is for

How to reduce the load on SIEM and make good use of threat-intelligence feeds

How a threat-intelligence platform helps SOC analysts.

Six ways to steal your password

We explain how attackers can steal your credentials and how you can prevent it.

Signal is secure, as proven by hackers

Users of the Signal messaging app got hit by a hacker attack. We analyze what happened and why the attack demonstrates that Signal is reliable.

Privacy & Kids