SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. DroxiDat, a lean variant of SystemBC that acts as a system profiler and simple SOCKS5-capable bot, was detected at an electric utility company.

Malware 90

Malware Ransomware Encryption Energy and Utilities 90

eSecurity Planet

JANUARY 28, 2022

Video conferencing vendor Zoom has seen its fortunes soar amid the remote work boom of the last two years, and other cloud collaboration platforms like Microsoft Teams and Cisco Webex have seen demand skyrocket too. Also read: Remote Work Security: Priorities & Projects. Best Zero Trust Security Solutions for 2022.

Social Engineering 124

Social Engineering Engineering Phishing Accountability 124

eSecurity Planet

JUNE 8, 2023

Most organizations use email as a basic communication method. Unfortunately, text-based email protocols are extremely vulnerable to hacking and email has become the primary vector for cyber attacks. Critical features provide the base requirements of email security.

Firewall 65

Firewall DNS Authentication Malware 65

eSecurity Planet

NOVEMBER 18, 2021

Email is typically the channel through which ransomware and malware are unleashed upon the enterprise. Phishing scams use it to compromise networks. Executives are conned by fake emails into sending funds to the wrong places – or worse, giving up their privileged credentials. What is a Secure Email Gateway?

Phishing 120

Phishing Malware Engineering Ransomware 120

eSecurity Planet

NOVEMBER 18, 2022

However, every IT and cybersecurity team should designate specific people and processes to focus on detecting and managing vulnerabilities. Vulnerability detection teams need to monitor news feeds and vendor websites to act promptly because attackers move quickly. The first priority will be to collect the advertised vulnerabilities.

Firmware 142

Firmware Firewall Passwords Risk 142

SecureList

AUGUST 5, 2021

To add to the credibility of links in emails, scammers imitated mailings from popular cloud services. A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials.

Phishing 116

Phishing Banking Scams Computers and Electronics 116

eSecurity Planet

FEBRUARY 16, 2021

Rogue security software. Architect a premium network security model like SASE that encompasses SD-WAN , CASB , secure web gateways , ZTNA , FWaaS , and microsegmentation. Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage.

Malware 105

Malware Adware Spyware Antivirus 105

Security Affairs

FEBRUARY 16, 2021

In this article, we will into the details of the Javali trojan banker, introduced and tracked by the Kaspersky Team , and targeting Latin American countries, including Brazil and Mexico banking and financial organizations. If these conditions match, the windows overlay process starts launching fake windows to lure victims.

Antivirus 120

Antivirus Malware Banking Internet 120

eSecurity Planet

JUNE 20, 2023

After surveying trusted penetration testing sources and published pricing, the cost of a penetration test for the average organization is $18,300. and different types of penetration tests (black box, gray box, white box, social engineering, etc.). Both claims are incomplete unless one considers the fine print.

Penetration Testing 80

Penetration Testing Social Engineering Engineering eCommerce 80

SecureList

MAY 31, 2021

Lazarus made use of COVID-19 themes in its spear-phishing emails, embellishing them with personal information gathered using publicly available sources. After gaining an initial foothold, the attackers gathered credentials and moved laterally, seeking crucial assets in the victim’s environment.

Malware 93

Malware Adware Encryption Architecture 93

SecureList

DECEMBER 10, 2020

Organizations need to adapt to meet employee needs and ensure they stay productive, motivated and secure. Security issues: old, new and refreshed. However, in this report, we will focus mainly on what remote work means for businesses and employees from a security perspective.

Scams 56

Scams Passwords Phishing Internet 56

The Last Watchdog

JULY 14, 2022

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8

Phishing 277

Phishing Education Cybersecurity Threat Detection 277

SecureList

JULY 28, 2022

For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. An investigation into the malicious UEFI component, which we named CosmicStrand, showed that a variant of it was in fact previously described by another security vendor.

Malware 129

Malware Firmware Phishing Cryptocurrency 129

Spinone

SEPTEMBER 3, 2018

Along with securing digital transactions, blockchain technology integration within existing security protocols reduces numerous cybersecurity risks. Along with securing digital transactions, blockchain technology integration within existing security protocols reduces numerous cybersecurity risks.

Energy and Utilities 40

Energy and Utilities Technology Authentication Banking 40