Business

1344 articles

Digital clutter as business cyberthreat

Three real-world examples to illustrate the dangers of digital clutter.

ShadowHammer: New details

It appears the ASUS incident was just one part of the large-scale operation.

Weaponized USB devices as an attack vector

Trojanized HID devices as well as surveilling or malicious cables are serious threats that can be used to compromise even air-gapped systems.

Startups and information security

What makes startups dependent on data protection for success?

CVE-2019-0859: A zero-day vulnerability in Windows

Our proactive security technologies uncovered an attempt to exploit another zero-day vulnerability in win32k.sys.

Microsoft Office and its vulnerabilities

The Microsoft Office threat landscape, and the technologies that help us catch related zero-day exploits, were the focus of this talk at the SAS 2019 conference.

The Gaza cybergang and its SneakyPastes campaign

A cybergang that specializes in cyberespionage, with its campaign mostly limited to the Middle East and countries in central Asia.

Another Taj Mahal (between Tokyo and Yokohama)

A new APT attack targets the diplomatic mission of an Asian country.

RSAC 2019: Why attackers need domain fronting

A story from RSAC 2019 on how domain fronting is used to disguise communications between an infected machine and a command server.

SMBs require protection flexibility

Our new version of Kaspersky Endpoint Security Cloud combines time-proven security technologies with the flexibility of a software-as-a-service model.

Abandoned plugins can cause a lot of headache.

Potential problems with third-party Web plugins

Do you use plugins on your website? Make sure they are updated regularly.

Bee-Hive-oristic engine for ATM protection

A new protective technology will keep your ATM safe on the physical level and guarantee you additional income in cash.

RSAC 2019: Grand Theft DNS

At RSAC 2019, a SANS Institute instructor talked about how DNS manipulations can be used to hijack a company’s IT infrastructure.

Special care should be taken when uploading code to GitHub

GitHub key leaks and how to prevent them

Hundreds of thousands of tokens and cryptographic keys have been discovered on GitHub. We explain why this is bad and how to avoid a leak.

Once you are safely inside an MSP’s network, you have unlimited opportunities for data theft or infection.

MSPs as a threat vector

Attackers display active interest in MSPs, exploiting vulnerabilities to infect their clients with cryptomalware.

RSA Conference 2019: Analysis of current vulnerabilities and an effective patch installation model.

RSAC 2019: Seeking the perfect patching strategy

Researchers at RSAC 2019 reported on the current vulnerability landscape and built a model that helps with effective patching strategy.

ShadowHammer: Malicious updates for ASUS laptops

Our technologies detected a threat that seems to be one of the biggest supply-chain attacks ever.

Who will restore encrypted corporate data? Nobody will

Do not expect data encrypted by ransomware to be restored easily. It is better to protect the data in the first place.

Now Mirai can infect enterprise devices such as high-capacity, enterprise-class wireless controllers, digital signage systems, and wireless presentation systems.

Mirai goes Enterprise

A new strain of Mirai is equipped with a much wider range of exploits, including some targeted at enterprise-class IoT devices.

Aluminum giant Hydro hit by ransomware

Aluminum giant Hydro hit by ransomware

Industrial Norwegian giant Hydro hit by ransomware — security incident analysis.

CVE-2019-0797: Zero-day exploits keep coming

Our proactive technologies detected yet another Windows exploit that was used in APT attacks.